Internet of

Dr. R. A. ROSELINE M.Sc., M.Phil., Ph.D.,

Associate Professor and Head,

Post Graduate Department of Computer Applications,

Things 18 MCA 5 Government Arts College (Autonomous),

Coimbatore – 641 018.

4E
FACULTY UNIT – I INTRODUCTION

Year Subject Title Semester Subject Code

2018-2019 ELECTIVE III: V 18 MCA 5 4 E

Onwards INTERNET OF THINGS

Objective: On Successful Completion of the Course the students should have understood IOT Protocols,
Web of Things, Network Dynamics applications.

UNIT I:
Introduction: Definitions and Functional Requirements – Motivation – Architecture. The Toolkit
Approach for End-user Participation in the Internet of Things. Web 3.0: View of IOT – Ubiquitous
IOT Applications – Four Pillars of IOT – DNA of IOT – Middleware for IOT: Overview –
Communication Middleware for IOT – IOT Information Security.
(Book 1 | Chapter 1 & 4; Book 2 | Chapter 1 to 5)

UNIT II:
IOT Protocol Standardization Efforts: M2M and WSN Protocols – SCADA and RFID Protocols –
Issues with IOT Standardization – Unified Data Standards. Protocols IEEE 802.15.4 – BACnet
Protocol – ModBus – KNX – Zigbee Architecture: Network Layer – APS layer – Security.
(Book 2 | Chapter 6; Book 3 | Chapter 1, 3, 5, 6, 7)

UNIT III:
Web of Things: Web of Things versus Internet of Things – Two Pillars of the Web. Architecture
Standardization for WOT: Platform Middleware for WOT – Unified Multitier WOT Architecture –
WOT Portals and Business Intelligence. Cloud Computing: Grid/SOA and Cloud Computing – Cloud
Middleware – Cloud Standards – Cloud Providers and Systems. The Cloud of Things: Mobile Cloud
Computing – The Cloud of Things Architecture.
(Book 2 | Chapter 6.1, 7 to 9)

UNIT IV:
Integrated Billing Solutions in the Internet of Things – Business Models for the Internet of Things.
Network Dynamics: Population Models: Information Cascades – Network Effects. Network
Dynamics: Structural Models: Cascading Behavior in Networks – The Small-World Phenomenon.
(Book 1 | Chapter 9 & 10; Book 4 | Chapter 16, 17, 19, 20)
 UNIT V:
The Role of the Internet of Things for Increased Autonomy and Agility in Collaborative
Production Environments – Resource Management in the Internet of Things: Clustering,
Synchronization and Software Agents. Smart Grid – Electrical Vehicle Charging.
(Book 1 | Chapter 7 & 8; Book 3 | Chapter 15, 16)

TEXT BOOKS:
1. Dieter Uckelmann; Mark Harrison; Florian Michahelles, “Architecting the Internet of Things”,
Springer 2011. 2. Honbo Zhou,”The Internet of Things in the Cloud: A Middleware Perspective”, CRC
Press 2012. 3. Olivier Hersent, Omar Elloumi and David Boswarthick, “The Internet of Things:
Applications to the Smart Grid and Building Automation”, Wiley 2012.
4. David Easley and Jon Kleinberg, “Networks, Crowds, and Markets: Reasoning About a Highly
Connected World”, Cambridge University Press, 2010.
INTRODUCTION TO IOT
IoT comprises things that have unique identities and are connected to internet. By 2020 there will
be a total of 50 billion devices /things connected to internet. IoT is not limited to just connecting things
to the internet but also allow things to communicate and exchange data.
DEFINITION:

• The Internet of Things, also called The Internet of Objects, refers to a wireless network between
objects, usually the network will be wireless and self-configuring, such as household appliances.
Internet of Things (IoT) is the networking of physical objects that contain electronics
embedded within their architecture in order to communicate and sense interactions
amongst each other or with respect to the external environment. In the upcoming years,
IoT-based technology will offer advanced levels of services and practically change the
way people lead their daily lives. Advancements in medicine, power, gene therapies,
agriculture, smart cities, and smart homes are just a very few of the categorical
examples where IoT is strongly established. 
Over 9 billion ‘Things’ (physical objects) are currently connected to the Internet, as of
now. In the near future, this number is expected to rise to a whopping 20 billion. 
There are four main components used in IoT: 
1. Low-power embedded systems: Less battery consumption, high performance are
the inverse factors that play a significant role during the design of electronic
systems. 
 
2. Cloud computing: Data collected through IoT devices is massive and this data has
to be stored on a reliable storage server. This is where cloud computing comes into
play. The data is processed and learned, giving more room for us to discover where
things like electrical faults/errors are within the system. 
 
3. Availability of big data: We know that IoT relies heavily on sensors, especially in
real-time. As these electronic devices spread throughout every field, their usage is
going to trigger a massive flux of big data. 
 
4. Networking connection: In order to communicate, internet connectivity is a must
where each physical object is represented by an IP address. However, there are only
a limited number of addresses available according to the IP naming. Due to the
 growing number of devices, this naming system will not be feasible anymore.
Therefore, researchers are looking for another alternative naming system to
represent each physical object.
There are two ways of building IoT: 
1. Form a separate internetwork including only physical objects. 
 
2. Make the Internet ever more expansive, but this requires hard-core technologies
such as rigorous cloud computing and rapid big data storage (expensive).
In the near future, IoT will become broader and more complex in terms of scope. It will
change the world in terms of 
 
“anytime, anyplace, anything in connectivity.”
 
IoT Enablers:
 RFIDs: uses radio waves in order to electronically track the tags attached to each
physical object.
 Sensors: devices that are able to detect changes in an environment (ex: motion
detectors).
 Nanotechnology: as the name suggests, these are extremely small devices with
dimensions usually less than a hundred nanometers.
 Smart networks: (ex: mesh topology). 
 
Characteristics of IoT: 
 Massively scalable and efficient
 IP-based addressing will no longer be suitable in the upcoming future.
 An abundance of physical objects is present that do not use IP, so IoT is made
possible.
 Devices typically consume less power. When not in use, they should be automatically
programmed to sleep.
 A device that is connected to another device right now may not be connected in
another instant of time.
 Intermittent connectivity – IoT devices aren’t always connected. In order to save
bandwidth and battery consumption, devices will be powered off periodically when
not in use. Otherwise, connections might turn unreliable and thus prove to be
inefficient.
As a quick note, IoT incorporates trillions of sensors, billions of smart systems, and
millions of applications. 
Application Domains: IoT is currently found in four different popular domains: 
1) Manufacturing/Industrial business - 40.2%
2) Healthcare - 30.3%
3) Security - 7.7%
4) Retail - 8.3%
Modern Applications: 
1. Smart Grids and energy saving
2. Smart cities
3. Smart homes
4. Healthcare
5. Earthquake detection
6. Radiation detection/hazardous gas detection
7. Smartphone detection
8. Water flow monitoring
9. Traffic monitoring
10. Wearables

CHARACTERISTICS:
1) Dynamic & Self Adapting: IoT devices and systems may have the capability to dynamically adapt
with the changing contexts and take actions based on their operating conditions, users’ context or
sensed environment. E.g.: the surveillance system is adapting itself based on context and changing
conditions.
2) Self-Configuring: allowing a large number of devices to work together to provide certain
functionality. 3) Inter Operable Communication Protocols: support a number of interoperable
communication protocols ans can communicate with other devices and also with infrastructure.
4) Unique Identity: Each IoT device has a unique identity and a unique identifier (IP address). 5)
Integrated into Information Network: that allow them to communicate and exchange data with other
devices and systems.
IOT FUNCTIONAL REQUIREMENTS:
Functional requirements define the products and features that the IoT system must deliver. There
are seven categories of requirements to consider when developing any IoT initiative for private or public
institutions. 1. Feature requirements: What are the high-level expectations of the solution? This is the
general goal of the initiative.
2. Business requirements: This is a description of the new or improved capabilities the user must be
able to do as a result of the new system.
3. Nonfunctional requirements: This defines the service level expectations of the system such as
availability, reliability, scalability, security, backup, and disaster recovery.
4. Functional requirements: This is a description of the functions that the user requires from the system.
It should contain a process model, data entities, user stories, and use cases.
5. System design requirements: This defines the interaction of the IoT system with other systems.
6. IoT data management requirements: This describes how the data will be ingested and analyzed. The
following four areas need to be defined:
● Ingestion: how the data will be collected and integrated into one data source
● Analytics: defines the predictive analytics models and data analysis requirements
● Communications: who needs to be informed when an alarm is identified
● Persistence: defines how long the data needs to be retained
7. Reports and dashboards: This defines the reports and dashboards that users need to rapidly analyze
 and respond to data collected.
MOTIVATION OF IOT:
IoT systems allow users to achieve deeper automation, analysis, and integration within a system.
They improve the reach of these areas and their accuracy. IoT utilizes existing and emerging technology
for sensing, networking, and robotics.
IoT exploits recent advances in software, falling hardware prices, and modern attitudes towards
technology. Its new and advanced elements bring major changes in the delivery of products, goods, and
services; and the social, economic, and political impact of those changes.
IOT − KEY FEATURES
The most important features of IoT include artificial intelligence, connectivity, sensors, active
engagement, and small device use. A brief review of these features is given below;
● AI − IoT essentially makes virtually anything “smart”, meaning it enhances every aspect of life with
the power of data collection, artificial intelligence algorithms, and networks. This can mean
something as simple as enhancing your refrigerator and cabinets to detect when milk and your
favorite cereal run low, and to then place an order with your preferred grocer.
● Connectivity − New enabling technologies for networking, and specifically IoT networking, mean
networks are no longer exclusively tied to major providers. Networks can exist on a much smaller
and cheaper scale while still being practical. IoT creates these small networks between its system
devices.
● Sensors − IoT loses its distinction without sensors. They act as defining instruments which transform
IoT from a standard passive network of devices into an active system capable of real-world integration.
● Active Engagement − Much of today's interaction with connected technology happens through passive
engagement. IoT introduces a new paradigm for active content, product, or service engagement. ● Small
Devices − Devices, as predicted, have become smaller, cheaper, and more powerful over time. IoT
exploits purpose-built small devices to deliver its precision, scalability, and versatility.

IOT ARCHITECTURE:
There is not such a unique or standard consensus on the Internet of Things (IoT) architecture which is
universally defined. The IoT architecture differs from their functional area and their solutions. However,
the IoT architecture technology mainly consists of four major components:
● Sensors/Devices
● Gateways and Networks
● Cloud/Management Service Layer
● Application Layer
 Figure 1: IoT Architecture
STAGES OF IOT SOLUTIONS ARCHITECTURE
There are several layers of IoT built upon the capability and performance of IoT elements that provides
the optimal solution to the business enterprises and end-users. The IoT architecture is a fundamental way
to design the various elements of IoT, so that it can deliver services over the networks and serve the
needs for the future.
Following are the primary stages (layers) of IoT that provides the solution for IoT architecture. ●
Sensors/Actuators: Sensors or Actuators are the devices that are able to emit, accept and process data
over the network. These sensors or actuators may be connected either through wired or wireless. This
contains GPS, Electrochemical, Gyroscope, RFID, etc. Most of the sensors need connectivity through
sensors gateways. The connection of sensors or actuators can be through a Local Area Network (LAN)
or Personal Area Network. ● Gateways and Data Acquisition: As the large numbers of data are produced
by this sensors and actuators need the high-speed Gateways and Networks to transfer the data. This
network can be of type Local Area Network (LAN such as Wi-Fi, Ethernet, etc.), Wide Area Network
(WAN such as GSM, 5G, etc.). ● Edge IT: Edge in the IoT Architecture is the hardware and software
gateways that analyze and pre-process the data before transferring it to the cloud. If the data read from
the sensors and gateways are not changed from its previous reading value then it does not transfer over
the cloud, this saves the data used. ● Data center/ Cloud: The Data Center or Cloud comes under the
Management Services which process the information through analytics, management of device and
security controls. Beside this security controls and device management the cloud transfers the data to the
end user’s application such as Retail, Healthcare, Emergency, Environment, and Energy, etc.
Internet of Things (IoT) technology has a wide variety of applications and use of Internet
of Things is growing so faster. Depending upon different application areas of Internet of
Things, it works accordingly as per it has been designed/developed. But it has not a
standard defined architecture of working which is strictly followed universally. The
architecture of IoT depends upon its functionality and implementation in different
sectors. Still, there is a basic process flow based on which IoT is built.
So. here in this article we will discuss basic fundamental architecture of IoT i.e., 4 Stage
IoT architecture.
So, from the above image it is clear that there is 4 layers are present that can be divided
as follows: Sensing Layer, Network Layer, Data processing Layer, and Application
Layer.
These are explained as following below.
1. Sensing Layer –
Sensors, actuators, devices are present in this Sensing layer. These Sensors or
Actuators accepts data(physical/environmental parameters), processes data and
emits data over network.
2. Network Layer –
Internet/Network gateways, Data Acquisition System (DAS) are present in this layer.
DAS performs data aggregation and conversion function (Collecting data and
aggregating data then converting analog data of sensors to digital data etc).
Advanced gateways which mainly opens up connection between Sensor networks
and Internet also performs many basic gateway functionalities like malware
 protection, and filtering also some times decision making based on inputted data and
data management services, etc.
3. Data processing Layer –
This is processing unit of IoT ecosystem. Here data is analyzed and pre-processed
before sending it to data center from where data is accessed by software
applications often termed as business applications where data is monitored and
managed and further actions are also prepared. So here Edge IT or edge analytics
comes into picture.
4. Application Layer –
This is last layer of 4 stages of IoT architecture. Data centers or cloud is
management stage of data where data is managed and is used by end-user
applications like agriculture, health care, aerospace, farming, defense, etc.

WEB 3.0: VIEW OF IOT:

Web 3.0, at least the concept, will use machines/computers to interpret the data collected from the IoT.
This information will then be processed through an A.I. (Artificial Intelligence) that will provide
suggestions on how to improve your meeting. These improvements will be based on every single
attendees’ habits, movements, and interactions with other attendees while attending your event. For
example, venues that have grasped IoT technology will be able to track exactly what kind and how much
food and beverage is being consumed in real time, allowing them to order food with a just-in-time
delivery service to reduce spoilage and increase their margins by becoming more efficient, not by raising
prices. This will also help the meeting planner understand what their attendees like and focus future
menu items based on this new information.
The adoption of the IoT and Web 3.0 will increase your productivity by working for you. No
longer will you need to spend hours processing data or sending out a post event survey and hoping for
responses. Web 3.0 will also provide recommendations on venues based on the climate, time of year,
number of attendees, and dozens of other factors to streamline your planning process. The data,
information, and recommendations provided will arrive to you in real time and even transform your
current agenda and meeting flow for next year.
Web 3.0 – 
It refers to the evolution of web utilization and interaction which includes altering the
Web into a database. It enables the up-gradation of the back-end of the web, after a
long time of focus on the front-end (Web 2.0 has mainly been about AJAX, tagging, and
another front-end user-experience innovation). Web 3.0 is a term that is used to
describe many evolutions of web usage and interaction among several paths. In this,
data isn’t owned but instead shared, where services show different views for the same
web / the same data. 
The Semantic Web (3.0) promises to establish “the world’s information” in a more
reasonable way than Google can ever attain with their existing engine schema. This is
particularly true from the perspective of machine conception as opposed to human
understanding. The Semantic Web necessitates the use of a declarative ontological
language like OWL to produce domain-specific ontologies that machines can use to
reason about information and make new conclusions, not simply match keywords. 
Below are 5 main features that can help us define Web 3.0:
1. Semantic Web 
The succeeding evolution of the Web involves the Semantic Web. The semantic web
 improves web technologies in demand to create, share and connect content through
search and analysis based on the capability to comprehend the meaning of words,
rather than on keywords or numbers.
2. Artificial Intelligence 
Combining this capability with natural language processing, in Web 3.0, computers
can distinguish information like humans in order to provide faster and more relevant
results. They become more intelligent to fulfill the requirements of users.
3. 3D Graphics 
The three-dimensional design is being used widely in websites and services in Web
3.0. Museum guides, computer games, e-commerce, geospatial contexts, etc. are all
examples that use 3D graphics.
4. Connectivity 
With Web 3.0, information is more connected thanks to semantic metadata. As a
result, the user experience evolves to another level of connectivity that leverages all
the available information.
5. Ubiquity 
Content is accessible by multiple applications, every device is connected to the web,
the services can be used everywhere.

FOUR PILLARS OF IOT:

1. M2M:
● Machine to Machine.
● Enables flow of data between machines which monitors data by means of sensors and at other end
extracts the information on gathered data and processes it.
● Subset of IoT.
● It uses WAN, GPRS, Cellular and Fixed N/w’s
This is commonly known as Machine to machine communication. It is a concept where
two or more than two machines communicate with each other without human
interaction using a wired or wireless mechanism. M2M is an technology that helps the
devices to connect between devices without using internet. M2M communications
 offer several applications such as security, tracking and tracing, manufacturing and
facility management.
2. RFID:
● Radio Frequency Identification
● Uses radio frequency to read and capture information stored on a tag attached to an object. ● A tag can
be read from up to several feet away and does not need to be within direct line-of-sight of the reader to
be tracked.
● Uses NFC (Next Field Communication protocol), IC (Integrated Circuit) Cards, Radio Waves.
RFID stands for “radio frequency identification.” It’s a technology that captures
digital data encoded in smart labels and RFID tags through a reader via radio
waves.
RFID serves a similar purpose to that of a bar code or a magnetic strip of an ATM
card where data from a label or tag is captured by the device and then later stored
in the database.
However, RFID works better than a barcode and ATM magnetic strips. The most
significant advantage of using RFID over barcode is that it doesn’t need to be placed
or positioned relative to the scanner.
The other advantage is that with RFID, you can scan more than one object at a time,
unlike a barcode, which saves loads of time and energy.
We have all seen the kind of struggle that clerks go through at stores when
ensuring the position of the barcode is set in a way that can be read.
Moreover, ATM cards also need to be swiped through a special reader.
RFID solves all these issues since it works within the few feet of the scanner. For
instance, to scan a bag full of groceries, all you need to do is to set the bag on the
scanner without worrying about its proper positioning or placing.
Moreover, the clerk doesn’t have to scan objects one by one like in the case of a
barcode.

How Does it Work?

RFID belongs to a group of technologies referred to as Automatic Identification and
Data Capture (AIDC).
AIDC methods automatically identify objects, collect data about them, and enter the
data directly into computer systems with little or no human intervention. RFID
methods utilize radio waves to accomplish this.
At a simple level, RFID systems consist of three components: an RFID tag or smart
label, an RFID reader, and an antenna.
RFID tags contain an integrated circuit and an antenna, which are used to transmit
data to the RFID reader (also called an interrogator).
The reader then converts the radio waves to a more usable form of data.
Information collected from the tags is then transferred through a communications
interface to a host computer system where the data can be stored in a database and
analyzed later.
Before diving deep into the working of RFID, let’s explore the different components
that it comprises. The major part that RFID consists of are:
1. RFID tag
2. RFID reader

RFID Tag
An RFID tag consists of an embedded transmitter and a receiver. RFID component
comprises two parts:
 Integrated circuit: It’s used for storing and processing the information.
 Antenna: It’s used to transmit and receive signals.
RFID tags also have non-volatile memory storage, which includes either
programmable or fixed logic for sensor data and transmission. Tags can be
categorized as:
 Passive: This tag remains dormant since it has no battery. It uses the reader’s
signal energy to turn on the tag along with reflecting a signal back to the
reader that carries the information.
 Active: Active RFID tags have a battery in it that transmits signals
periodically. These tags have a range of up to 100 meters due to the presence
of a battery. Due to this, active tags are useful in location tracking
applications.
 Battery-assistive passive: These tags do contain a battery, but it doesn’t
transmit signals periodically like that of active RFID tags.
The battery is used to turn the tag when it receives a signal, which enables all the
energy from the reader’s signal to reflect.
RFID Reader
An RFID reader consists of an interrogator, which is nothing but a two-way radio-
transmitted receiver, also known as a transceiver.
The prime function of a transceiver is to transmit an encoded signal that activates
the tag.
In response, the tag transponder initiates the conversion of radio signals into
usable power along with responding to the reader.

3. SCADA
● Supervisory means top level.
● Control means controlling things.
● Data Acquisition means acquiring the data / reading the data.
● SCADA is a s/w used to control the hardware i.e., PLC, drives, servers, sensors and also acquire the
data which is stored on the personal computer or Human Machine Interface (HMI).
SCADA stands for Supervisory Control And Data Acquisition.
SCADA software system is a device monitoring and controlling framework. The supervisory
control includes, taking action and control through remote locations for various control
mechanisms and processes.
Various kinds of data can be acquired from network of devious (connected through
wireless/wired communication systems) for storage, processing and analytics to aid decision
making.
Frontend of a SCADA software solution  is a graphical user interface (GUI/UI).
In a nutshell, a SCADA software solution is a real time monitoring, supervision and control
system from remote and/or local physical location.
Let’s try to understand the functional blocks of a SCADA based IoT system, with the help of the
simplified IoT framework as shown above
 The User Interface(UI) of Mobile App or Web based dashboard represented above is the
HMI of the SCADA system.
 This, along with the backend business logic, database (cloud server) and a Gateway
constitutes of a SCADA solution for control and monitoring of devices in an IoT network.
 The IoT gateway  ensures compatibility between IoT sensor network and cloud server.
Through the gateway, the sensor data is stored in the cloud server.
 The cloud server is the hosting spot for the algorithms that implement the business logic.
 The sensor unit detects the change in the environment like change in temperature, sound
and also acts as a data accumulating unit.
There can be a number of devices or machines connected within a SCADA solution based IoT
project. For an instance, in case of home automation system, various home appliances such as
AC, lights, refrigerator can be a part of connected smart home.
Hence SCADA solution is an intelligent software system with an intuitive UI (for data
representation) connected with cloud server for data processing and predictive and descriptive
analysis.
Let us see the detailed features of a SCADA software system

4. WSN
● Wireless Sensor Networks.
● It senses and gathers data using sensors which are spatially distributed.
● It collects this data into a centralized location with the help of wired / wireless
connection.
Wireless Sensor Network (WSN) is an infrastructure-less wireless network that is
deployed in a large number of wireless sensors in an ad-hoc manner that is used to
monitor the system, physical or environmental conditions. 
Sensor nodes are used in WSN with the onboard processor that manages and monitors
the environment in a particular area. They are connected to the Base Station which acts
as a processing unit in the WSN System. 
Base Station in a WSN System is connected through the Internet to share data. 
 

WSN can be used for processing, analysis, storage, and mining of the data. 
Applications of WSN: 
 
1. Internet of Things (IOT)
2. Surveillance and Monitoring for security, threat detection
3. Environmental temperature, humidity, and air pressure
4. Noise Level of the surrounding
5. Medical applications like patient monitoring
6. Agriculture
7. Landslide Detection
Challenges of WSN: 
 
1. Quality of Service
2. Security Issue
3. Energy Efficiency
4. Network Throughput
5. Performance
6. Ability to cope with node failure
7. Cross layer optimisation
8. Scalability to large scale of deployment
Components of WSN: 
 
1. Sensors: 
Sensors in WSN are used to capture the environmental variables and which is used
for data acquisition. Sensor signals are converted into electrical signals.
2. Radio Nodes: 
It is used to receive the data produced by the Sensors and sends it to the WLAN
access point. It consists of a microcontroller, transceiver, external memory, and
power source.
3. WLAN Access Point: 
It receives the data which is sent by the Radio nodes wirelessly, generally through
the internet.
4. Evaluation Software: 
The data received by the WLAN Access Point is processed by a software called as
Evaluation Software for presenting the report to the users for further processing of
the data which can be used for processing, analysis, storage, and mining of the data.

DNA OF IOT

DNA Connectivity IoT subscriptions are intended for corporate data transfer between sensors, devices
and systems when mobile data transfer is required. We provide this service in 2G, 3G and 4G networks.
Subscriptions can be easily and comprehensively managed via the DNA Control Center (a user interface
provided by Cisco Jasper).
IoT subscriptions use DNA’s nationwide mobile network. Mobile subscriptions are particularly
suitable for connecting IoT devices located over a wide area – from large properties or factory buildings
to cities – or where devices are in mobile use. IoT subscriptions make use of the mobile network’s
advanced information security features. The mobile network combines the reliability and continuity of
an established technology with predictable development according to mobile technology standards.
SIM cards with various physical characteristics are available to suit the different user cases and
devices. Subscriptions can be integrated into secure company-specific APN solutions, and an
international roaming feature can also be added if you want to use the connections outside Finland.
The DNA of IoT
4.1 DCM: Device, Connect, and Manage
The first issue that the Internet of Things (IoT) ecosystem needs to address is the long and fragmented
value chain that characterizes the industry. This results in numerous supplier–buyer interfaces, adding costs
and time to the launch of any new product offering.
Just like the blind men and the elephant story and people’s understanding of the four pillars or the six
pillars mentioned before, the IoT is still different things to different people, even though introduced more
than a decade ago. However, there is one thing most people agree with: IoT (or machine-to-machine,
M2M; wireless sensor networks, WSN; supervisory control and data acquisition, SCADA; radio-frequency
identification, RFID; etc.) systems all have three layers. Figure 4.1 is an example IoT application of an
intelligent nuclear power plant IoT system [63] of Datang Telcom in China. More examples of the three-
layer architecture of IoT can be found at European Telecommunications Standards Institute (ETSI)’s
website
The three-layer DCM classification is more about the IoT value chain than its system architecture at
runtime. For system architecture, some (e.g., one of Numerex’s and IBM’s reports) have divided the IoT
system into as many as nine layers, from bottom to top: devices, connectivity, data collection,
communication, device management, data rules, administration, applications, and integration.
While large companies such as IBM, Oracle, Microsoft, and others have comprehensive solutions,
products, and services that cover almost the entire value chain, startups or smaller players in the IoT sector
should focus on providing products or services in no more than two components or areas in the value chain.
The following sections discuss the three DCM components.

4.2 Device: Things That Talk

According to the IoT definitions and descriptions in the previous chapters, devices or assets can be
categorized as two groups: those that have inherent intelligence such as electric meters or heating,
ventilation, and air-conditioning (HVAC) controllers, and those that are inert and must be enabled to
become smart devices (e.g., RFID tagged) such as furniture or animals that can be electronically tracked
and monitored—things that “talk.” This is the Cambrian explosion of communications. We are seeing a
radical species divergence of different kinds of devices and different types of things that want to talk, from
your washing machine having an Internet connection and being able to scream for help if it is broken, to
your car having a wireless connection for data telemetry back to the manufacturer. Today, voice
communications is way below 1% of the total communications traffic on this planet. That’s why people are
giving voice away for free. So that means that we’re going to see a whole zoo of new kinds of devices that
have to talk. It’s going to become a world of smartifacts, or intelligent objects. This stuff is so cheap, we’re
putting chips in everything, anything with a chip inside can be connected into the Internet of Things.
Devices that perform an input function are commonly called sensors because they “sense” a physical
change in some characteristic that changes in response to some excitation, for example, heat or force, and
convert that into an electrical signal. Devices that perform an output function are generally called actuators
and are used to control some external device, for example, movement. Both sensors and actuators are
collectively known as transducers because they are used to convert energy of one kind into energy of
another kind. For example, a microphone (input device) converts sound waves into electrical signals for the
amplifier to amplify, and a loudspeaker (output device) converts the electrical signals back into sound
waves.
A sensor (also called a detector) is a device that responds to a physical stimulus, measures the physical
stimulus quantity, and converts it into a signal, usually electrical, which can be read by an observer or by
an instrument.
Based on this definition, a sensor is basically an electrical device. It could be an M2M terminal, an RFID
reader, or a SCADA meter. Sensors are particularly useful for making in-situ measurements (things that
talk) such as in industrial process control or medical applications. A sensor can be very small and itself can
be a trackable device; however, when a train or an aircraft is instrumented with a small sensor, the entire
aircraft becomes one trackable device.
The sensor itself, if not connected, is not part of the IoT or WSN value chain. This is like a central
processing unit (CPU), which is not part of the web or social networking services, even though they are
somwhat related. Some sensors do not generate electrical signals; for example, a mercury-in-glass
thermometer converts the measured temperature into expansion and contraction of a liquid, which can be
read on a calibrated glass tube. However, it’s important to understand the types and shapes of the
ubiquitous sensors if you are into IoT, just as an architect should know what concrete and cement are as
well as their differences.

4.3 Connect: Via Pervasive Networks

The communications layer is the foundational infrastructure of IoT. There are
two major communication technologies: wireless and wired (or wireline).
Each category has broadband and narrowband, packet and circuit switched,
as well as short-range and long-range communications. The penetration and
traffic of U.S. wireless data subscribers in 2013 will reach the same level of
broadband wired household usage in 2008 [215]. The mobile Internet is
catching up quickly, thanks to the development of the Internet of Things and
the flexibility of wireless communications. 4.3.1 Wired Networks
Wired networks for IoT can be categorized as short-range field bus–based access networks, mostly for
SCADA applications, and IP-based networks, for M2M and SCADA applications.
The IP-based networks are widely used and their protocol stack is well known, as shown in Figure 4.5,
together with telephony SS7 and cable TV DOCSIS (data-over-cable service interface specification)
protocols, the triple (Internet, telephony, and cable TV) networks convergence plan candidates. SS7
(Signaling System 7) is a critical component of modern telecommunications systems (PSTN, xDSL, GPRS,
etc.). Every call in every network is dependent on SS7. Likewise, every mobile phone user is dependent on
SS7 to allow inter-network roaming. SS7, a form of packet switching, is also the “glue” that sticks together
circuit-switched (traditional) networks with Internet protocol–based networks.
Chapter 4
The DNA of IoT
4.1 DCM: Device, Connect, and Manage
The first issue that the Internet of Things (IoT) ecosystem needs to address is the long and fragmented
value chain that characterizes the industry. This results in numerous supplier–buyer interfaces, adding costs
and time to the launch of any new product offering.
Just like the blind men and the elephant story and people’s understanding of the four pillars or the six
pillars mentioned before, the IoT is still different things to different people, even though introduced more
than a decade ago. However, there is one thing most people agree with: IoT (or machine-to-machine,
M2M; wireless sensor networks, WSN; supervisory control and data acquisition, SCADA; radio-frequency
identification, RFID; etc.) systems all have three layers. Figure 4.1 is an example IoT application of an
intelligent nuclear power plant IoT system [63] of Datang Telcom in China. More examples of the three-
layer architecture of IoT can be found at European Telecommunications Standards Institute (ETSI)’s
website [212].
Figure 4.1
Examples of three-layer architecture of IoT.
The author has proposed the concept and acronym DCM (device, connect, and manage [74]) as a
corporate stretegy or slogan for TongFang Co. Ltd. The board of the company announced financing of 500
million Chinese renminbi (RMB) (or US$78.5 million) for the development of the IoT/DCM business in
2005. Numerex created a better acronym called DNATM (devices, networks, and applications) [213] in 2008
(Figure 4.2).
Figure 4.2

DCM (DNA) of IoT.

The three-layer DCM classification is more about the IoT value chain than its system architecture at
runtime. For system architecture, some (e.g., one of Numerex’s and IBM’s reports) have divided the IoT
system into as many as nine layers, from bottom to top: devices, connectivity, data collection,
communication, device management, data rules, administration, applications, and integration.
While large companies such as IBM, Oracle, Microsoft, and others have comprehensive solutions,
products, and services that cover almost the entire value chain, startups or smaller players in the IoT sector
should focus on providing products or services in no more than two components or areas in the value chain.
The following sections discuss the three DCM components.

4.2 Device: Things That Talk

According to the IoT definitions and descriptions in the previous chapters, devices or assets can be
categorized as two groups: those that have inherent intelligence such as electric meters or heating,
ventilation, and air-conditioning (HVAC) controllers, and those that are inert and must be enabled to
become smart devices (e.g., RFID tagged) such as furniture or animals that can be electronically tracked
and monitored—things that “talk.”
Just as Paul Saffo [214], a technological forecaster and strategist, described in an interview in 2002:
This is the Cambrian explosion of communications. We are seeing a radical species divergence of different
kinds of devices and different types of things that want to talk, from your washing machine having an
Internet connection and being able to scream for help if it is broken, to your car having a wireless
connection for data telemetry back to the manufacturer. Today, voice communications is way below 1% of
the total communications traffic on this planet. That’s why people are giving voice away for free. So that
means that we’re going to see a whole zoo of new kinds of devices that have to talk. It’s going to become a
world of smartifacts, or intelligent objects. This stuff is so cheap, we’re putting chips in everything,
anything with a chip inside can be connected into the Internet of Things.
Devices that perform an input function are commonly called sensors because they “sense” a physical
change in some characteristic that changes in response to some excitation, for example, heat or force, and
convert that into an electrical signal. Devices that perform an output function are generally called actuators
and are used to control some external device, for example, movement. Both sensors and actuators are
collectively known as transducers because they are used to convert energy of one kind into energy of
another kind. For example, a microphone (input device) converts sound waves into electrical signals for the
amplifier to amplify, and a loudspeaker (output device) converts the electrical signals back into sound
waves.
A sensor (also called a detector) is a device that responds to a physical stimulus, measures the physical
stimulus quantity, and converts it into a signal, usually electrical, which can be read by an observer or by
an instrument.
Based on this definition, a sensor is basically an electrical device. It could be an M2M terminal, an RFID
reader, or a SCADA meter. Sensors are particularly useful for making in-situ measurements (things that
talk) such as in industrial process control or medical applications. A sensor can be very small and itself can
be a trackable device; however, when a train or an aircraft is instrumented with a small sensor, the entire
aircraft becomes one trackable device.
The sensor itself, if not connected, is not part of the IoT or WSN value chain. This is like a central
processing unit (CPU), which is not part of the web or social networking services, even though they are
somwhat related. Some sensors do not generate electrical signals; for example, a mercury-in-glass
thermometer converts the measured temperature into expansion and contraction of a liquid, which can be
read on a calibrated glass tube. However, it’s important to understand the types and shapes of the
ubiquitous sensors if you are into IoT, just as an architect should know what concrete and cement are as
well as their differences. Figure 4.3 showcases a few sample sensors.
Figure 4.3
Examples of sensors.
 Some of the existing sensors and their types are listed in Table 4.1. The size of the overall sensor market
is difficult to estimate. A number of research reports on the market size of different sensor sectors are
on http://www.sensorsportal.com. For example, the global automotive sensor market, including silicon-
based sensors, grew by 9.7 percent in 2006 to $10.1 billion and is forecast by Strategy Analytics to reach
$17.1 billion by 2013 as vehicle systems such as powertrain control, safety, and convenience features
become more advanced and require more sensors. IC Insights estimates that the wireless sensors and
transmitters market will surpass $1.8 billion by 2012. The CMOS image sensor market alone is projected
to be $8.3 billion by 2014.
Table 4.1
List of Sensors and Types

Sensor Type
Sensors (Examples)
(Examples)

Sensor Type
Sensors (Examples)
(Examples)

Acoustic, sound,
Geophone, hydrophone, lace sensor, microphone, seismometer
vibration

Air-fuel ratio meter, crank sensor, curb feeler, defect detector,

engine coolant temperature (ECT) sensor, all effect sensor, MAP
(manifold absolute pressure) sensor, mass flow sensor or mass
airflow (MAF) sensor, oxygen sensor, parking sensors, radar
Automotive,
gun, speedometer, speed sensor, throttle position sensor, tire-
transportation
pressure monitoring sensor, transmission fluid temperature
sensor, turbine speed sensor (TSS) or input speed sensor (ISS),
ariable reluctance sensor, vehicle speed sensor (VSS), water
sensor or water-in-fuel sensor, wheel speed sensor

Breathalyzer, carbon dioxide sensor, carbon monoxide detector,

catalytic bead sensor, chemical field-effect transistor,
electrochemical gas sensor, electronic nose, electrolyte–
insulator–semiconductor sensor, hydrocarbon dewpoint analyzer,
hydrogen sensor, hydrogen sulfide sensor, infrared point sensor,
Chemical
ion-selective electrode, nondispersive infrared sensor,
microwave chemistry sensor, nitrogen oxide sensor,
olfactometer, optode, oxygen sensor, pellistor, pH glass
electrode, potentiometric sensor, redox electrode, smoke
detector, zinc oxide nanorod sensor

Ammeter, current sensor, galvanometer, hall effect sensor, hall

Electric current, probe, leaf electroscope, magnetic anomaly detector,
electric potential, magnetometer, metal detector, multimeter, ohmmeter, radio
magnetic, radio direction finder, telescope, voltmeter, voltage detector, watt-hour
meter
Sensor Type
Sensors (Examples)
(Examples)

Actinometer, bedwetting alarm, dew warning, fish counter, gas

Environment, detector, hook gauge evaporimeter, hygrometer, leaf sensor,
weather, moisture, pyranometer, pyrgeometer, psychrometer, rain gauge, rain
humidity sensor, seismometers, snow gauge, soil moisture sensor, stream
gauge, tide gauge

Air flow meter, anemometer, flow sensor, gas meter, mass flow
Flow, fluid velocity
sensor, water meter

Bhangmeter, hydrometer, force gauge, level sensor, load cell,

Force, density, level magnetic level gauge, nuclear density gauge, piezoelectric
sensor, strain gauge, torque sensor, viscometer

Bubble chamber, cloud chamber, geiger counter, neutron

Ionizing radiation,
detection, particle detector, scintillation counter, scintillator, wire
subatomic particles
chamber

Air speed indicator, altimeter, attitude indicator, depth gauge,

Navigation fluxgate compass, gyroscope, inertial reference unit, magnetic
instruments compass, MHD sensor, ring laser gyroscope, turn coordinator,
variometer, vibrating structure gyroscope, yaw rate sensor

Charge-coupled device, colorimeter, contact image sensor,

electro-optical sensor, flame detector, infra-red sensor, kinetic
inductance detector, LED as light sensor, Nichols radiometer,
fiber-optic sensor, photodetector, photodiode, photomultiplier
Optical, light,
tubes, phototransistor, photoelectric sensor, photoionization
imaging, photon
detector, photomultiplier, photoresistor, photoswitch, phototube,
scintillometer, Shack–Hartmann, single-photon avalanche diode,
superconducting nanowire single-photon detector, transition edge
sensor, visible light photon counter, wavefront sensor

Accelerometer, auxanometer, capacitive displacement sensor,

free fall sensor, gravimeter, inclinometer, laser rangefinder,
Position, angle,
linear encoder, linear variable differential transformer (LVDT),
displacement,
liquid capacitive inclinometers, odometer, piezoelectric
distance, speed,
accelerometer, position sensor, rotary encoder, rotary variable
acceleration
differential transformer, selsyn, sudden motion sensor, tilt
sensor, tachometer, ultrasonic thickness gauge

Pressure Barograph, barometer, boost gauge, bourdon gauge, hot filament

ionization gauge, ionization gauge, McLeod gauge, oscillating
U-tube, permanent downhole gauge, Pirani gauge, pressure
Sensor Type
Sensors (Examples)
(Examples)

sensor, pressure gauge, tactile sensor, time pressure gauge

Alarm sensor, Doppler radar, motion detector, occupancy sensor,

Proximity, presence proximity sensor, passive infrared sensor, reed switch, stud
finder, triangulation sensor, touch switch, wired glove

Active pixel sensor, biochip, biosensor, capacitance probe,

catadioptric sensor, carbon paste electrode, displacement
receiver, electromechanical film, electro-optical sensor, Fabry–
Pérot interferometer, image sensor, inductive sensor, intelligent
sensor, lab-on-a-chip, leaf sensor, machine vision, micro-sensor
Sensor technology
arrays, photoelasticity, RADAR, ground-penetrating radar,
synthetic aperture radar, sensor array, sensor grid, sensor node,
soft sensor, SONAR, underwater acoustic positioning system,
staring array, transducer, ultrasonic sensor, video sensor, visual
sensor network, Wheatstone bridge

Bolometer, bimetallic strip, calorimeter, exhaust gas temperature

gauge, gardon gauge, golay cell, heat flux sensor, infrared
Thermal, heat, thermometer, microbolometer, microwave radiometer, net
temperature radiometer, quartz thermometer, resistance temperature detector,
resistance thermometer, silicon bandgap temperature sensor,
temperature gauge, thermistor, thermocouple, thermometer

Analog image processing, digital holography, frame grabbers,

intensity sensors and their properties, atomic force microscopy,
compressive sensing, hyperspectral sensors, millimeter wave
scanner, magnetic resonance imaging, diffusion tensor imaging,
Other sensors and functional magnetic resonance imaging, optical coherence
sensor related tomography, positron emission tomography, quantization (signal
techniques processing), range imaging, Moire deflectometry, phase
unwrapping techniques, time-of-flight camera, structured-light 3-
D scanner, omnidirectional camera, catadioptric sensor, single-
photon emission computed tomography (SPECT), transcranial
magnetic stimulation (TMS)

Microelectromechanical systems (MEMS) is the technology of very small mechanical devices driven by
electricity. It merges at the nanoscale into nanoelectromechanical systems (NEMS) and nanotechnology.
MEMS are also referred to as micromachines in Japan, or microsystems technology in Europe. MEMS can
be a sensor or actuator, or a transducer.
Energy harvesting (also known as power harvesting or energy scavenging) is the process by which
energy is derived from external sources (e.g., solar power, thermal energy, wind energy, salinity gradients,
and kinetic energy), captured, and stored for small wireless autonomous devices, like those used in
wearable electronics and WSNs. Energy-harvesting devices or sensors have a very long historical
connection to the water wheel, windmills, and waste heat. Before batteries (Volta, 1799) and the dynamo
(Faraday, 1831), those energy-harvesting devices were the only ways to get any useful power. The
following are options for energy harvesting:
 RF, used for RFID tag energy broadcasting and harvesting
 Solar, a well-known clean energy
 Thermoelectric, used in watches
 Vibrations, used in (kinetic) watches
 Human input, home utility (piezoelectric) switches
Today, there is an accelerated interest in the information and communications technology (ICT)
community for powering ubiquitously deployed sensor networks, mobile electronics, electric vehicles, and
so on. Many things become possible as this technolgy improves.

4.3 Connect: Via Pervasive Networks

The communications layer is the foundational infrastructure of IoT. There are two major communication
technologies: wireless and wired (or wireline). Each category has broadband and narrowband, packet and
circuit switched, as well as short-range and long-range communications. The penetration and traffic of U.S.
wireless data subscribers in 2013 will reach the same level of broadband wired household usage in 2008
[215]. The mobile Internet is catching up quickly, thanks to the development of the Internet of Things and
the flexibility of wireless communications.
Today’s communications environment is a complex mix of wired and wireless networks employing
circuit-switched (CS) and packet-switched (PS) technology. Developments are taking place in all four
sectors and there is competition between different stakeholders, fixed mobile convergence (FMC) being an
obvious example. We therefore have a communications environment that is complex [64]. We need a next-
generation network (NGN), which has more than the ability to transition between circuit- and packet-
switched networks. The general idea behind the NGN is that one network transports all information and
services (voice, data, and all sorts of media such as video) by encapsulating these into packets, similar to
those used on the Internet. NGNs are commonly built around Internet protocol, and therefore the term all-
IP is also sometimes used to describe the transformation toward NGN. For example, the 3GPP long-term
evolution (LTE) is a standard for wireless communication of high-speed data. It is based upon GSM/EDGE
and UMTS/HSPA network technologies. One of the most important features of LTE is that it will be an all-
IP flat network architecture including end-to-end QoS, provisions for low-latency communications.
With the growing abundance of embedded IoT systems comes the increased pressure at the edge of the
network: multiple access methods must be accommodated, implying the need for a common underlying
converged core IP/MPLS (multi-protocol label switching) network. A high-level graphic view of next-
generation all-IP networking is described by Emmerson [64]. The connectivity domain enables broadband
access, both wired and wireless. It also includes the transport and aggregation network. This part of the all-
IP network supports various access technologies using copper lines, optical fiber, and air as transmission
media.
The Chinese government has been actively pushing for the convergence of the country’s three big
networks—the Internet, telecom networks, and TV broadcasting networks—via various measures, most
notably through the Triple Network Convergence Plan (Figure 4.4) it laid out early in 2010.
Figure 4.4
Triple network convergence.
While the Triple Network Convergence Plan reiterates many government policies set out previously, one
area that is expected to have significant effects on the market is the government’s step to grant permission
for TV broadcasting firms and telecom carriers to enter and do business in each other’s realms. Local
scholars estimate that triple network convergence will induce investment and consumption to 700 billion
RMB (about US$103 billion), leading to widespread concern over the policy’s effect on the development
of related industries and various parties.
The fusion of the three networks is expected to start from business- or policy-level convergence, to
application-level convergence, and finally to technological-level convergence, when the all-IP NGN vision
is implemented. At that time, many good things will happen; for example, ubiquitous M2M devices can be
used as cell phones, so no SIM card will be required for making a phone call.
There is no doubt that if all-IP is a reality, it will give the Internet of Things a huge lift and make the IoT
dream come true much easier and faster. As an example, in the building automation industry, all-IP
networking will simplify the integration work enormously, without having to deal with various field bus
network protocols, OLE for process control (OPC) middleware, and so on.
Internet Protocol version 6 (IPv6) is a version of the Internet protocol that is designed to succeed Internet
Protocol version 4 (IPv4). The Internet operates by transferring data in small packets that are independently
routed across networks as specified by the Internet protocol. Since 1981, IPv4 has been the publicly used
IP, and it is currently the foundation for most Internet communications. The Internet’s growth has created a
need for more addresses than IPv4 has (32 bits). IPv6 allows for vastly more numerical addresses (128
bits), but switching from IPv4 to IPv6 may be a difficult process [216].
 The Internet world is getting ready for the big change from IPv4 to IPv6. After the change, everything,
every duct on the planet, could have a fixed IP address, which would have an enormously huge impact on
the Internet of Things on all aspects.
However, as a side note, countries such as the United States are not eager to make the change from IPv4
to IPv6 compared with countries such as China and India, because more IPv4 addresses were allocated to
the United States and Europe. It’s rumored that a university such as Massachusetts Institute of Technology
received more IPv4 address allocation than the entire country of China or India. That’s why countries such
as China have developed other protocols such as IPv9 in an effort to get more IP addresses [65].
When talking about IoT, wireless communications is the topic most of the times, because three (M2M,
RFID, and WSN) of the four IoT pillars are based on wireless. However, most of the systems in industrial
automation, building automation, and so forth are built using SCADA technology on wired short-range
field bus and long-range TCP/IP networks. The development of the Internet of Things, for the time being,
should cover both wired and wireless networks, just as Axeda, the device relation management software
product and service provider, did in its product and service portfolio before or after the all-IP convergence
and IPv6.

4.3.1 Wired Networks

Wired networks for IoT can be categorized as short-range field bus–based access networks, mostly for
SCADA applications, and IP-based networks, for M2M and SCADA applications.
The IP-based networks are widely used and their protocol stack is well known, as shown in Figure 4.5,
together with telephony SS7 and cable TV DOCSIS (data-over-cable service interface specification)
protocols, the triple (Internet, telephony, and cable TV) networks convergence plan candidates. SS7
(Signaling System 7) is a critical component of modern telecommunications systems (PSTN, xDSL, GPRS,
etc.). Every call in every network is dependent on SS7. Likewise, every mobile phone user is dependent on
SS7 to allow inter-network roaming. SS7, a form of packet switching, is also the “glue” that sticks together
circuit-switched (traditional) networks with Internet protocol–based networks.
Figure 4.5
Protocol stacks of the “three networks.”
DOCSIS is an international standard that permits the addition of high-speed data transfer to an existing
cable TV system. It is employed by many cable television operators to provide Internet access over their
existing HFC (hybrid fiber-coaxial) infrastructure.
A complex automated industrial system, such as a manufacturing assembly line, usually needs an
organized hierarchy of controller systems to function. In this hierarchy [217,218], there is usually a
SCADA/HMI (Human–Machine Interface) at the top, where an operator can monitor or operate the system.
This is typically linked to a middle layer of programmable logic controllers (PLC) via a non-time-critical
communications system (e.g., Ethernet). At the bottom of the control chain is the field bus (could run on
top of a different power line communications network too) that links the PLCs to the IoT device
components that actually do the work, such as sensors, actuators, electric motors, console lights, switches,
valves, and contactors.
 More details on field bus and its relevance to IoT are described here because this information is currently
often neglected in most of the materials about IoT. Field bus is the name of a family of industrial computer
network protocols used for real-time distributed control, now standardized as IEC 61158. The IEC 61158
standard includes eight different protocol sets called types:
 Type 1 Foundation field bus H1
 Type 2 ControlNet
 Type 3 PROFIBUS
 Type 4 P-Net
 Type 5 FOUNDATION field bus HSE (high-speed Ethernet)
 Type 6 SwiftNet (a protocol developed for Boeing, since withdrawn)
 Type 7 WorldFIP
 Type 8 Interbus
There is a wide variety of concurring standards. Table 4.2 provides a comprehensive list of wired field
bus standards or protocols used with SCADA systems for industrial automation.
Table 4.2
List of Field Bus Standards

Protocol Group Protocols/Field Buses

Protocol Group Protocols/Field Buses

DLMS/IEC 62056

ANSI C12.18

IEC 61107
Automatic meter
reading
Modbus

M-Bus

U-SNAP [191]

Local Interconnect Network (LIN)—a very low cost in-vehicle

sub-network

Controller Area Network (CAN)—an inexpensive low-speed

serial bus for interconnecting automotive components
Automobile/vehicle
J1939 and ISO11783—an adaptation of CAN for agricultural
and commercial vehicles

FlexRay—a general purpose high-speed protocol with safety-

critical features
Protocol Group Protocols/Field Buses

Media Oriented Systems Transport (MOST)—a high-speed

multimedia interface

Keyword Protocol 2000 (KWP2000)—a protocol for

automotive diagnostic devices

Vehicle Area Network (VAN)

DC-BUS—automotive power-line communication multiplexed

network

IDB-1394

SMARTwireX

J1708—RS-485 based SAE specification used in commercial

vehicles, agriculture, and heavy equipment

Wire—from Dallas/Maxim
Building, home
automation
BACnet—designed by committee ASHRAE

S-Bus

C-Bus

CC-Link Industrial Networks, supported by Mitsubishi Electric

DALI

DSI

Dynet

HomePlug—power line home networking

HomePNA—phone line home networking

Protocol Group Protocols/Field Buses

ITU-T G.hn—a way to create a high-speed (up to 1 Gbit/s)

LAN using existing home wiring (power lines, phone lines, and
coaxial cables)

Konnex (KNX)—previously AHB/EIB

LonTalk—protocol for LonWorks by Echelon Corporation

Modbus RTU or ASCII or TCP

oBIX—OASIS Standard

xAP—Open protocol

MTConnect

OPC

OPC UA
Industrial control
system
AS-Interface (Actuator Sensor Interface)—an industrial
networking solution used in PLC, DCS, and PC-based systems

SafetyBUS p—a standard for safe field bus communication

within factory automation. It meets SIL level SIL 3 according to
IEC 61508 and safety category Cat. 4 of EN 954-1

IEC 61850

IEC 60870-5

DNP3—Distributed Network Protocol

Power system
automation Modbus

Profibus

IEC 62351—security for IEC 60870, 61850, DNP3, and ICCP

protocols
Protocol Group Protocols/Field Buses

DF-1

FOUNDATION field bus—H1 & HSE

Profibus—by PROFIBUS International

PROFINET IO

CC-Link Industrial Networks, supported by the CLPA

CIP (Common Industrial Protocol)—can be treated as

application layer common to DeviceNet, CompoNet,
ControlNet and EtherNet/IP
Process automation

Controller Area Network—utilized in many network

implementations, including CANopen and DeviceNet

ControlNet—an implementation of CIP, by Allen-Bradley

DeviceNet—an implementation of CIP, by Allen-Bradley

DirectNet—Koyo/Automation Direct proprietary, yet

documented PLC interface

EtherNet/IP—IP stands for Industrial Protocol. An

implementation of CIP, by Rockwell Automation

Ethernet Powerlink—an open protocol managed by the Ethernet

POWERLINK Standardization Group (EPSG)

EtherCAT

Interbus, Phoenix Contact’s protocol for communication over

serial links, now part of PROFINET IO

HART

Modbus RTU or ASCII or TCP

Protocol Group Protocols/Field Buses

Modbus Plus

Modbus PEMEX

Ethernet Global Data (EGD)—GE Fanuc PLCs (see also SRTP)

FINS, Omron’s protocol for communication over several

networks, including Ethernet

HostLink Protocol, Omron’s protocol for communication over

serial links

MECHATROLINK—open protocol developed by Yaskawa

MelsecNet, supported by Mitsubishi Electric

Optomux—Serial (RS-422/485) network protocol originally

developed by Opto 22 in 1982

Honeywell SDS (Smart Distributed System)—originally

developed by Honeywell; currently supported by Holjeron

SERCOS interface—Open Protocol for hard real-time control of

motion and I/O

SERCOS III—Ethernet-based version of SERCOS real-time

interface standard

GE SRTP—GE Fanuc PLCs

Sinec H1—Siemens

SynqNet—Danaher

TTEthernet—TTTech

PieP—Open Fieldbus Protocol

BSAP—Bristol Standard Asynchronous Protocol, developed by

Protocol Group Protocols/Field Buses

Bristol Babcock Inc

The graphic (the CIP family of field bus protocols) in [219, first page] compares some of the field buses
against the OSI model. In the past, automation field bus protocols have tended to be application specific,
making them very efficient at what they do but limiting the roles for which they can be used, and making
interoperability between the protocols used in different application areas difficult to achieve. The Common
Industrial Protocol (CIP) forms the basis for a family of related technologies and has numerous benefits for
both device manufacturers and the users of industrial automation systems. The first of the CIP-based
technologies, DeviceNet, emerged in 1994 and is an implementation of CIP over CAN, which provides the
data link layer for DeviceNet.

4.3.2 Wireless Networks

Just like the wired networks, wireless networks for IoT can be categorized as follows:
 Short-range (including near field communication [NFC], usually narrowband, and wireless PAN,
LAN, and MAN) mesh networks, RFID, WiFi, WiMax, and so on;
 Long-range (via cellular networks, wireless WAN, pseudo-long-range) GSM, CDMA, WCDMA, and
other networks, as well as satellite communication.
Short-range wireless mesh networks are the fundamental communication techniques of WSN and RFID.
Long-range cellular networks are the foundation networks for M2M

4.4 Manage: To Create New Business Value

The previously described first two stages of the DCM model show the processes and venues of how the
information is captured from various types of devices and how this information is aggregated via various
gateways and transported across access networks and the core backbone to the central servers. The
machine-generated information comes in large volumes much bigger and faster than information generated
by humans; however, much of the data are of low value or even noises, which must be filtered out by
middleware at the edge as described before in the RFID sections. And then those preprocessed data are
transformed into high-value information via a cognitive application platform, most of the times a high-
performance cloud computing (or high-throughput computing) platform.
In the current customer-driven, technology-based environment, it is no longer enough to offer a service
or product and expect it to satisfy your customers. Even if you have the best customer service in the
industry, you have to be able to extend out your offerings to meet current demand to keep the customers
satisfied. The Internet of Things brings enormous possibilities and potentials for creating new business
value and generating new revenue ecosystems with data processing and managing rules that combine
intelligence from remote assets unreachable before with your intelligent enterprise systems.
With IoT, more and more areas of the real world become part of the ICT world, as shown
in http://consen.org/node/9 from the IoSS (Internet Architecture for Optimization Sensing Systems) project
in Europe. Disruptive applications beyond current imagination will appear. Smart grid, connected car, fleet
control, mobile surveillance, and remote monitoring are listed as the top five disruptive applications out of
a total of 65 identified, according to reports from the Boston Consulting Group. All of the top five are IoT
applications. For example, with the wide use of telematics, things like total vehicle life cycle management,
refined used car price estimate, Pay as You Drive insurance policy, neighbor-to-neighbor car-sharing
business such as those provided by startup RelayRides become possible, and the list goes on and on.
Let’s take a look again at the typical capabilities of an M2M platform and how they support the business
of a mobile operator or an M2M enabler/partner. With those functions and roles (as shown
in http://machine2twomachine.files.wordpress.com/2011/08/fig-16.jpg [265]), both the mobile operator
and the M2M partner can attain additional revenue by offering advanced services to their M2M partners
(Figure 4.7). For example, the M2M platform and the fleet management system the author’s team built for
China Mobile utilize its existing Operation Support System/Business Support System (OSS/BSS) for SIM
card issuing, billing, and other services, and China Mobile collects the revenue from the customers and
shares it with us. China Unicom has also built and operates a telematics service support platform on top of
their OSS/BSS, aiming to provide foundation services to a variety of TSPs (telematics service providers).
M2M applications that can be linked inside the network to people’s existing mobile subscriptions offer
mobile operators enormous advantages in the competitive M2M marketplace. Using smartphones as
connected portable navigation devices is such an example of potentially great market growth opportunity.
The application stores’ model of Apple and Google Android has turned smartphones into M2M terminals.
One example is the application from Portman Electronics Ltd.’s IES iPhone M2M Tracking System. It is a
real time GPS/GSM/GPRS tracking service. Another example of nonoperator vendor is SeeControl, who
empowers you to use sensors, GPS trackers, barcode scanners, RFID, and smart web forms to collect asset
data from anywhere and manage business processes.
THE TOOLKIT APPROACH FOR END-USER PARTICIPATION IN IOT:

PHASE 1: EPLORATION:
The first phase of the toolkit is "exploration". This phase begins with the iteration "understand", and
forms the basis for understanding the context, problem, and users. Followed by the second iteration
"discover" that is characterized by immersion in the situation, empathizing with the users and observing
them, leading to discoveries of new ideas and insights. Having reached a level of understanding,
combined with discoveries of ideas and insights, the third iteration "define" consists of framing these
insights into well- defined opportunities and needs, pain points and positive experiences of the users.
The entire process is iterative, and all these different processes
overlap and repeat throughout, and that is especially true for the "think" iteration. Here this toolkit
provides you with concrete ideation techniques and brainstorming tools which are helpful throughout the
entire journey. Finally, in the "conceptualize" iteration all the insights are gathered and ideas are
examined, combined, visualized and framed into a complete concept.

PHASE 2: EXPERIMENTATION:
Having formed a concept in the previous phase, it's now time to put it to the test. First, the "plan &
engage" activities are considered important at the beginning of experimentation, to ensure sustainable
end-user involvement. With careful planning the piloting or experimentation activities can be carried out
in an engaging manner, keeping the stakeholders involved and informed throughout the process. The
following "prototype" iteration consists of building and creating a prototype. Prototypes can take on
many forms, from tangible MVPs (Minimum Viable Products) to intangible service or experience design
prototypes, but the main goal of the
prototype is always the same: to "test" it in the third iteration. The purpose of building a prototype is to
find answers, discover new insights and ideas, and to filter and measure the assumptions made.
Therefore, these two iterations are often repeated numerous times, bringing you back to the first phase of
exploration for new insights, ideas and concepts – by debunking your assumptions or validating insights.
Once a well-defined, tested and validated prototype has come out from the many iterations throughout
the processes, the process of "pre-launch" has to do with analyzing, validating, distilling and
orchestrating the upcoming launch of the prototype. The "develop" iteration continues to develop, deploy
and generate the prototype into a product or service.

PHASE 3: EVALUATION:
Many of the toolkits available across the various sources have focused on the previous two phases, but
 the third phase of evaluation is equally important. Beginning with the first iteration "launch", the final
prototypes, products and services are realized and delivered. Very similarly, the second iteration
"implement" refers to delivering to the stakeholders, but further so, focuses on the process of fully
implementing the product/service and explaining
its importance and impact for the context. The third iteration "Identify" finally identifies the outcome of
the process and ensures the ongoing sustainability of the product/service in the future. LSPs looking for
tools that serve in answering to their current needs can use the filters below to display the specific tools
relating to each of the tracks: 1. use cases, 2. co-creation, 3. prototyping & testing, 4. user research. A
selection can also be made according to the skill level, effort needed and overall level of difficulty in
using the tool: beginner, intermediate, advanced.
IOT MIDDLEWARE:
Internet of Things middleware is software that serves as an interface between components of the IoT,
making communication possible among elements that would not otherwise be capable.
Middleware connects different, often complex and already existing programs that were not
originally designed to be connected. The essence of the Internet of Things is making it possible for just
about anything (any Thing) to be connected and to communicate data over a network. Middleware is part
of the architecture enabling connectivity for huge numbers of diverse Things by providing a connectivity
layer for sensors and also for the application layers that provide services that ensure effective
communications among software.
MuleSoft, Oracle, RedHat and WSO2 are among the companies that offer IoT middleware. These
products provide API management as well as basic messaging, routing and message transformation.
More comprehensive IoT platforms include middleware along with sensors and networking components.

What is middleware?
Middleware is software that serves as an interface between components of the IoT, making communication
possible among elements that would not otherwise be capable. Often described as “software glue,”
middleware makes it easier for software developers to implement communication and input/output so that
they can shift their focus to the specific purpose of their application.
Examples of middleware:
1. OpenIot
2. Middlewhere
3. FiWare
Middleware enables connection between complex programs that were not initially designed to be
connected, which makes it an integral part of the supporting architecture. There are many reasons why
middleware is needed to connect autonomous devices:

1. Device discovery and management.

Devices must announce their presence and the services that they provide before connecting. In this case,
middleware takes the form of APIs, listing the devices, their capabilities, and services.
2. Big Data and analytics
As IoT devices collect a large amount of data from their sensors and actuators, this data must be analyzed
in great detail. It is imperative to incorporate machine learning techniques into edge computing. Edge IT
processing systems offer computation and data processing at the edge of the network where IoT connects
the physical world to the cloud. A fundamental part of it is the seamless and robust integration between IoT
and cloud; between the physical world and the world of computation.
 

3. Security
IoT devices have a strong integration into our personal lives. As the sales of smartwatches, smart pillows,
and voice commanded shower controls accelerate, security and privacy issues should also be addressed.
The middleware supporting IoT should have certain security controls, including user authentication and
access control management.
 

4. Cloud services
As the cloud is an integral part of IoT deployment, it is imperative for IoT middleware to have the potential
to run on various types of clouds.
IoT devices are reshaping how future services are going to be defined. Instead of reinventing the wheel,
enterprises must take a look at pre-built middleware that provides a connection between autonomous
devices. 
 
https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.1071.5409&rep=rep1&type=pdf
IOT INFORMATION SECURITY:
The sheer volume of Internet of Things devices makes their security a high priority and is crucial for the
future wellbeing of the internet ecosystem.
For device users, this means abiding by basic security best practices, such as changing default
security passwords and blocking unnecessary remote access (e.g., when not required for a device’s
functionality). Vendors and device manufacturers, on the other hand, should take a broader approach and
invest heavily in securing IoT management tools. Steps that should be taken include:
● Proactively notifying users about devices running outdated software/OS versions.
● Enforcing smart password management (e.g., mandatory default password
changes). ● Disabling remote access to a device, unless it’s necessary for core
functions.
● Introducing a strict access control policy for APIs.
● Protecting C&C centers from compromise attempts and DDoS attacks.
Imperva cloud WAF helps IoT manufacturers protect their C&C centers by providing on-edge traffic
filtering services that ensure only authorized and authenticated client requests are allowed to reach their
APIs. Combining industry-leading WAF services and DDoS mitigation solutions, Imperva cloud WAF is
able to secure its users against all online threats and efficiently handle multi-versioning from different
devices. For added reliability, the service is also equipped with load balancing and failover features that
help operators handle organic traffic spikes, such as the kind that can occur upon the
release of a new firmware patch.
Definition
Internet of Things (IoT) security is the safeguards and protections for cloud-connected devices such as
home automation, SCADA machines, security cameras, and any other technology that connects directly to
the cloud. IoT technology is distinguished from mobile devices (e.g., smartphones and tablets) technology
based on its automatic cloud connectivity in gadgets. IoT security involves securing traditionally poorly
designed devices for data protection and cybersecurity. Recent data breaches have shown that IoT security
should be a priority for most manufacturers and developers.

How IoT Security Works

IoT devices are anything that connects to the cloud and collects data. It could be locks, garage door
openers, temperature monitors (e.g., Google Nest), refrigerators, security cameras, ovens, televisions, or
any other gadget that connects to the cloud. Many of the latest warehouse machinery connects to the cloud.
Notice that these devices are not considered mobile devices, which have a standard operating system and
their own cybersecurity standards. IoT devices use an operating system, usually Linux, but it’s a modified
version of the full software.
Because IoT devices work differently than standard mobile devices, they require their own set of
cybersecurity rules unique to the way they operate. They don’t have the advantage of inherent security
rules that come with a mobile device such as iOS and Android. When IoT first became popular, several
data breaches and disastrous attacks were launched against these devices. Even today, IoT security is still a
challenge for many developers and manufacturers.
IoT security involves protecting data as it transfers from the local device to the cloud. It also protects the
device itself from being compromised. Because users rarely change the default password for IoT devices,
malware named Mirai is a significant threat. Mirai targets IoT devices with the default password still active
and running Linux and makes it a part of a botnet. This botnet is then used to launch a distributed denial-
of-service (DDoS) against a target. Simply changing the default password and blocking Telnet services will
help stop Mirai’s brute-force attack on IoT devices.
Because IoT devices communicate with the cloud, security must also involve protecting transferred data
and the location where it’s stored. The cloud stores a myriad of data points that could be used in identity
theft or intrusion of the user’s privacy if an attacker can compromise the user’s account. Although many
website owners work with SSL/TLS on data transfers, IoT device manufacturers have been found to
transfer cloud-connected devices without encryption.
Authentication issues have also plagued IoT security. Most notably is missing authentication or broken
authentication found in children’s toys. Data breaches on children’s toys potentially give an attacker access
to a toy’s activity and the child’s personal information. Better authentication tools and protection from
brute-force password attacks stop attackers from obtaining this information.
There is no one way IoT security works, but it’s been a goal for cybersecurity professionals to educate
developers and manufacturers on the proper methods of coding with security and placing better protections
on cloud activity. IoT security includes encrypting data traveling in the cloud, better password controls,
and coding IoT actions that defend against attacker-controlled scanners and tools. With no accepted
standards, IoT security is in the hands of users who own the devices and the manufacturers and developers
who release them to the public.

Challenges with IoT Security

IoT manufacturers must take steps to better secure devices, but a lot of the challenges with IoT security
include user interaction and education. Users must change the default password when installing a device,
but many are unaware of the dangers or just prefer the convenience of using the default password. Users
must be educated to change the default password, but manufacturers can’t force them to change it or risk
losing business.
Another issue is the lack of updates. Even if a manufacturer has several updates to manage bugs and
vulnerabilities, users must install them. If users don’t update firmware, the device could be vulnerable to
several attacks for months. Users don’t typically search for updates consistently, so they also are unaware
that firmware updates exist.
Cybersecurity standards are defined for mobile devices, desktops, and web applications, but no standards
exist for IoT security. IoT security is the “wild wild west” of cybersecurity, and it’s left to developers to
code security into their applications properly. This has left a hole in cybersecurity protections on IoT
devices. Manufacturers have their own standards, but these standards are not sufficient to protect against
advanced attacks.
Most users and developers don’t see IoT devices as an attack target, so they often skip the best
cybersecurity practices while developing products. In addition to insecure coding, IoT manufacturers don’t
always have their devices penetration tested for vulnerabilities and exploits. With web and mobile devices,
it’s standard to offer bug bounties to hackers to find issues before attackers do and pay penetration testers
to find bugs before software is released.

Tools to Better Secure IoT Devices

Users and manufacturers can take several steps to better secure IoT. Most cybersecurity relies on user
actions, which is why cybersecurity is weak in the industry. User education can help alleviate many
problems related to IoT security, but manufacturers also have ways they can help stop attacks on user
accounts and devices.
Here are some ways IoT security can be used to stop attackers:
 Always change device passwords during setup. Never use passwords across multiple websites or devices, as
attackers will use a list of passwords to attempt to brute force device access. Strong passwords are also
necessary. Using “password” as the password will make it easy for attackers to brute force it using dictionary
attacks.
 If the IoT device has a smartphone app, be aware of the permissions the app asks for to proceed. Android
and iOS require apps to ask for permission to phone resources. For instance, if the app asks for contact
access, it’s likely the app will take a snapshot of your contacts. Deny access if it’s not necessary.
 Use a VPN to connect to the device when accessing it remotely. IoT devices often come with an app that can
be installed on a smartphone where users can access devices from the Internet. Transmission of data from the
device to the cloud may not be encrypted. By using a VPN, the data transferred will always be encrypted and
not vulnerable to man-in-the-middle attacks.
 Some IoT device apps want to connect with social media. The data could be shared with social media
platforms unknowingly. Restrict connecting to social media apps when it is not necessary.
 Block unnecessary ports on your network. Attackers use scanners to identify open ports, and if the Telnet
port is found open, it could lead to additional attacks using the Telnet protocol. If the devices provide the
option to block specific protocols, block the ones that will not be used, and are unnecessary.
 Regularly check the manufacturer site for updates. Firmware updates include patches for bugs and security
vulnerabilities. These updates should be installed as soon as possible because as soon as attackers are aware
of the vulnerabilities patched in the updates, they will design malware and exploits against them.

What are IoT devices?

We begin by defining the “things” in the internet of things, because the diversity in IoT
devices makes the IoT’s scope so broad and its security challenging. The main
characteristics of an IoT device is that they are able to connect to the internet and
interact with its environment through the collection and exchange of data. Devices
commonly have limited computing capacity and only a few specific functions. Because
devices are so diverse, there are countless ways IoT can be used and applied to
different environments.

For regular users, smart homes demonstrate just how accessible IoT devices are.
Users can update their home’s security system (through smart locks, IP cameras, and
motion sensors) or improve their entertainment system (through a smart TV, smart
speakers, and connected game consoles) by simply buying such devices. IoT devices
are also often portable and can be connected to any network. A typical example is
how users bring their devices from their homes to the office (e.g. smart watches and e-
readers).

While diversity can give users countless devices to choose from, it is one of the
reasons behind the fragmentation of the IoT and carries many of its security concerns.
The lack of industry foresight and standardization has given rise to compatibility issues
that also complicate the matter of security. The portability of devices presents a
greater possibility of threats poisoning more than one network. Compounding to these
concerns are other factors that IoT security must address.

What are the security issues in the IoT?

While IoT devices play a huge role in the discussion of IoT security, placing all the
focus on this aspect of the IoT does not provide a full picture of why security is
necessary and what it entails. There are many factors that make IoT security critical
today.

Threats and risks

IoT security is critical largely because of the expanded attack surface of threats that
have already been plaguing networks. Adding to these threats are insecure practices
among users and organizations who may not have the resources or the knowledge to
best protect their IoT ecosystems.

These security issues include the following:

 Vulnerabilities. Vulnerabilities are a large problem that constantly plague users

and organizations. One of the main reasons IoT devices are vulnerable is
because they lack the computational capacity for built-in security. Another reason
that vulnerabilities can be so pervasive is the limited budget for developing and
testing secure firmware, which is influenced by the price point of devices and
their very short development cycle. Vulnerable standard components also affect
millions of devices, as demonstrated by Ripple20 and URGENT/11. Aside from
the devices themselves, vulnerabilities in web applications and related software
 for IoT devices can lead to compromised systems. Malware operators are on the
lookout for such opportunities and are knowledgeable even about older
vulnerabilities.
 Malware. Despite the limited computing capacity of most IoT devices, they can
still be infected by malware. This is something cybercriminals have used to great
effect in the past few years. IoT botnet malware are among the most frequently
seen variants, as they are both versatile and profitable for cybercriminals. The
most notable attack was in 2016, when Mirai took down major websites and
services using an army of ordinary IoT devices. Other malware families
include cryptocurrency mining malware and ransomware.
 Escalated cyberattacks. Infected devices are often used for distributed-denial-
of-service (DDoS) attacks. Hijacked devices can also be used as an attack base
to infect more machines and mask malicious activity, or as an entry point for
lateral movement in a corporate network. While organizations may seem like the
more profitable targets, smart homes also see a surprising number of unforeseen
cyberattacks.
 Information theft and unknown exposure. As with anything dealing with the
internet, connected devices increase the chances of exposure online. Important
technical and even personal information can be unknowingly stored and targeted
in these devices.
 Device mismanagement and misconfiguration. Security oversights, poor
password hygiene, and overall device mismanagement can assist in the success
of these threats. Users may also simply lack the knowledge and the capability to
implement proper security measures, wherein service providers and
manufacturers may need to help their customers achieve better protection.

Emerging issues

The lack of industry foresight gave little time to develop strategies and defenses
against familiar threats in growing IoT ecosystems. Anticipating emerging issues is
one of the reasons research on IoT security must be done continuously. Here are
some of the emerging issues that need to be monitored:

 Complex environments. In 2020, most U.S. households had access to an

average of 10 connected devices. This research paper defined complex IoT
environments as an interconnected web of at least 10 IoT devices. Such an
environment is nearly impossible for people to oversee and control because of its
elaborate web of interconnected functions. An overlooked misconfiguration in
such a scenario can have dire consequences and even put the physical
household security at risk.
  Prevalence of remote work arrangements. The Covid-19 pandemic has
usurped many expectations for the year 2020. It brought about large-scale work-
from-home (WFH) arrangements for organizations around the globe and pushed
heavier reliance on home networks. IoT devices also proved useful for many
users’ WHF setups. These changes have highlighted the need to reexamine IoT
security practices.
 5G connectivity. The transition to 5G comes with much anticipation and
expectations. It is a development that will also enable other technologies to
evolve. At present, much of the research on 5G remains largely focused on how
it will affect enterprises and how they can implement it securely.

The possible consequences of IoT attacks

Aside from the threats themselves, their consequences in the context of the IoT can
be much more damaging to deal with. The IoT has the unique capability of affecting
both virtual and physical systems. Cyberattacks on IoT ecosystems could have far
more unpredictable effects because they translate more easily into physical
consequences. This is most prominent in the field of industrial internet of things (IIoT),
where past cyberattacks had already demonstrated cascading consequences. In the
healthcare industry, IoT devices are already being utilized to remotely monitor
patients’ vital signs and has proven very helpful during the pandemic. Attacks on such
devices can expose sensitive patient information or even endanger their health and
safety. In the smart home, exposed devices could allow cybercriminals to monitor the
household, compromise security devices like smart locks, and turn devices against
their owners, as was the case when a baby monitor and a smart thermostat were
hacked in separate attacks.

How to secure the IoT

There is no instant fix that can answer the security issues and threats laid out in this
article. Specific strategies and tools may be necessary for properly securing more
specialized systems and aspects of the IoT. However, users can apply a few best
practices to reduce risks and prevent threats:

 Assign an administrator of things. Having a person act as an administrator of

IoT devices and the network can help minimize security oversights and
exposures. They will be in charge of ensuring IoT device security, even at home.
The role is critical especially during this time of WFH setups, where IT experts
have limited control in securing home networks that now have a stronger
influence on work networks.
 Regularly check for patches and updates. Vulnerabilities are a major and
constant issue in the field of the IoT. This is because vulnerabilities can come
 from any layer of IoT devices. Even older vulnerabilities are still being used by
cybercriminals in order to infect devices, demonstrating just how long unpatched
devices can stay online.
 Use strong and unique passwords for all accounts. Strong passwords help
prevent many cyberattacks. Password managers can help users create unique
and strong passwords that users can store in the app or software itself.
 Prioritize Wi-Fi security.  Some of the ways users can do this include enabling
the router firewall, disabling WPS and enabling the WPA2 security protocol, and
using a strong password for Wi-Fi access. Ensuring secure router settings is also
a big part of this step.
 Monitor baseline network and device behavior. Cyberattacks can be difficult
to detect. Knowing the baseline behavior (speed, typical bandwidth, etc.) of
devices and the network can help users watch for deviations that hint at malware
infections.
 Apply network segmentation. Users can minimize the risk of IoT-related
attacks by creating an independent network for IoT devices and another for guest
connections. Network segmentation also helps prevent the spread of attacks, and
isolate possibly problematic devices that cannot be immediately taken offline.
 Secure the network and use it to strengthen security. IoT devices can place
networks at risk, but networks can also serve as levelled ground through which
users can implement security measures that cover all connected devices.
 Secure IoT-cloud convergence and apply cloud-based solutions. The IoT
and the cloud are becoming increasingly integrated. It is important to look at the
security implications of each technology to the other. Cloud-based solutions can
also be considered to deliver added security and processing capabilities to IoT
edge devices.
 Consider security solutions and tools. A large hurdle that users face in trying
to secure their IoT ecosystems is the limited capacity in which they can
implement these steps. Some device settings might have restricted access and
are difficult to configure. In such cases users can supplement their efforts by
considering security solutions that provide multi-layered protection and endpoint
encryption.
 Take into consideration the different protocols used by IoT devices. To
communicate, IoT devices use not only internet protocols, but also a huge set of
different networking protocols, from the well-known Bluetooth and Near Field
Communication (aka NFC), to the lesser-known nRF24, nRFxx, 443MHz,
LoRA, LoRaWAN and optical, infrared communication. Administrators must
understand the whole set of protocols used in their IoT systems in order to
reduce risks and prevent threats.
  Secure the heavy use of GPS. Some IoT devices and applications use GPS
heavily, which carries potential security concerns. Organizations, in particular,
need to be wary of cases where GPS signals can be jammed or even faked,
especially if they use positioning systems for manufacturing, monitoring, and
other functions. If these positioning systems are crucial to a company, means of
monitoring the GPS signal should then also exist in the company. Another option
would be for the company to use other positioning systems as well, such as Real-
Time Kinematic (RTK) or Differential GNSS (DGNSS or DGPS).

Aside from employing these security practices, users should also be aware of new
developments in the technology. IoT security has been given heavier consideration in
recent times. Research is continually being done on how to secure specific industries,
monitor IoT-related threats, and prepare for upcoming gamechangers such as 5G.
Users must understand that the IoT is an active and developing field, therefore its
security will always have to transform and adapt to its changes.