Introduction to IoT Data Communication

❑ What is IoT Communication?

❑ The process of transmitting data between IoT devices, sensors, and cloud platforms.
❑ Enables seamless interaction and automation in smart environments.
❑ Uses various communication protocols like MQTT, CoAP, HTTP, LoRaWAN, and Bluetooth.

❑ Key Components:
❑ Sensors and actuators
❑ Communication networks
❑ Cloud or edge computing
❑ Data processing and analytics

1
IoT Architecture

2
Data importance in IoT Ecosystems

❑ Enhancing Connectivity:
⮚ Facilitates real-time monitoring and decision-making.
❑ Efficiency and Automation
❑ Security and Scalability

3
IoT Architecture Main Stages Overview
❑ What is IoT Architecture?
⮚ A structured framework that defines how IoT devices communicate and process data.

4
IoT Architecture Main Stages Overview (Contd.)
❑ Stage 1: Sensors & Actuators
⮚ Sensors collect environmental data (e.g., temperature, humidity, motion).
⮚ Actuators respond based on processed data (e.g., motors, alarms, smart switches).
⮚ Examples: RFID, infrared sensors, cameras.

❑ Stage 2: Internet Gateway

⮚ Bridges sensor networks and the internet for data transmission.
⮚ Uses protocols like Wi-Fi, Bluetooth, Zigbee, LoRaWAN, and 5G.
⮚ Ensures secure and reliable data transfer to the next stage.

❑ Stage 3: Edge IT
⮚ Processes data near the source, reducing latency.
⮚ Uses edge computing devices like gateways and microcontrollers.
⮚ Filters and pre-processes data before sending to the cloud.

5
IoT Architecture Main Stages Overview (Contd.)
❑ Stage 4: Data Center & Cloud
⮚ Centralized storage and analysis of IoT data.
⮚ Supports AI-driven analytics, machine learning, and predictive insights.
⮚ Enables remote monitoring and control of IoT devices.

6
IoT Communication Protocols Overview

❑ What are IoT Communication Protocols?

⮚ Rules that define how IoT devices exchange data
efficiently and securely.
⮚ Categorized into Short-Range, Long-Range, and Data
communication Protocols.

❑ Why are they Important?

⮚ Ensure seamless data transfer between IoT
components.
⮚ Optimize power consumption, bandwidth, and
security.

7
Short-Range Communication Protocols

❑ Wi-Fi:
⮚ Range & Frequency: Up to 100m, operates in 2.4 GHz & 5 GHz bands.
⮚ Use Cases: High-speed connectivity for smart homes, industrial IoT, and multimedia streaming.
⮚ Pros: High data rate, widely available.
⮚ Cons: Limited range, high power consumption.

❑ Bluetooth:
⮚ Range & Frequency: Up to 100m (Class 1), operates in the 2.4 GHz band.
⮚ Use Cases: Short-range communication for wearables, sensors, and smart devices.
⮚ Variants: Bluetooth Classic (higher throughput), Bluetooth Low Energy (BLE) (optimized for low
power).
⮚ Pros: Energy-efficient (BLE), widely supported.
⮚ Cons: Limited range and data rate.

8
Short-Range Communication Protocols(Contd.)

❑ Zigbee:
⮚ Range & Frequency: Up to 100m, operates in the 2.4 GHz band.
⮚ Use Cases: Mesh networking for home automation, smart lighting, and industrial IoT.
⮚ Pros: Low power, supports large networks.
⮚ Cons: Lower data rate than Wi-Fi.

❑ Z-Wave:
⮚ Range & Frequency: Up to 100m, operates in sub-GHz bands (e.g., 908.42 MHz in the U.S.).
⮚ Use Cases: Smart home automation (security systems, lighting, HVAC control).
⮚ Pros: Low power, strong mesh networking.
⮚ Cons: Proprietary standard, fewer devices compared to Zigbee.

9
Long-Range Communication Protocols

❑ LPWAN (Low Power Wide Area Network)

⮚ Range & Frequency: 10-40 km, varies by technology and region.
⮚ Use Cases: Smart cities, agriculture, logistics, and remote monitoring.
⮚ Pros: Low power, long-range communication.
⮚ Cons: Limited data rates, high latency.

❑ LoRaWAN (Long Range Wide Area Network)

⮚ Range & Frequency: Up to 15 km, operates on unlicensed sub-GHz bands (e.g., 868 MHz in
Europe, 915 MHz in the U.S.).
⮚ Use Cases: IoT sensors, environmental monitoring, asset tracking.
⮚ Pros: Low power, long-range, bidirectional communication.
⮚ Cons: Lower data rate than cellular technologies.

10
Long-Range Communication Protocols (Contd.)

❑ NB-IoT (Narrowband IoT)

⮚ Range & Frequency: Several km, operates on licensed cellular bands (e.g., LTE bands).
⮚ Use Cases: Smart meters, asset tracking, industrial IoT, smart parking.
⮚ Pros: Optimized for deep indoor coverage, low power, secure.
⮚ Cons: Requires carrier support, slightly higher cost than LoRaWAN.

❑ Sigfox
⮚ Range & Frequency: Up to 50 km in rural areas, 10 km in urban areas; operates on sub-GHz ISM
bands (e.g., 868 MHz in Europe, 915 MHz in the U.S.).
⮚ Use Cases: Asset tracking, smart agriculture, environmental monitoring, logistics.
⮚ Pros: Ultra-low power, cost-effective, global network availability.
⮚ Cons: Limited data rate (few bytes per message), not ideal for real-time applications.

11
IoT Application Layer Protocols

❑ There are some Application protocols in IoT. The major

protocols that are used in IoT are-

1. Message Queue Telemetry Transport (MQTT)

2. HyperText Transfer Protocol (HTTP)
3. WebSocket
4. Constrained Application Protocol (CoAP)
5. Data Distribution Service (DDS)
6. Advanced Message Queue Protocol (AMQP)
7. Extensible Messaging and Presence Protocol
(XMPP)

12
MQTT

13
HTTP

14
WebSocket

15
COAP

16
DDS

17
AMQP

18
XMPP

19
Choosing the Right Protocol

❑ Factors to Consider:
⮚ Range: Short-range (Wi-Fi, Bluetooth) vs. long-range (LoRaWAN, NB-IoT).
⮚ Power Consumption: Low-power (Zigbee, LPWAN) vs. high-power (Wi-Fi).
⮚ Data Rate: High (Wi-Fi, HTTP) vs. low (LoRaWAN, CoAP).
⮚ Security: Stronger encryption (AMQP, HTTPS) for sensitive data.

❑ Combining multiple protocols can enhance performance and efficiency.

20
Challenges in IoT Data Communication
❑ Limited Bandwidth & Connectivity Issues
⮚ High data traffic from numerous IoT devices leads to network congestion.
⮚ Poor connectivity in remote or urban areas can severely limit performance.
❑ High Power Consumption
⮚ Continuous data transmission leads to rapid battery drainage.
⮚ Power-hungry IoT devices require energy-efficient solutions for longer operation.
❑ Scalability Issues
⮚ As IoT networks grow, managing and maintaining large-scale networks becomes complex.
⮚ Ensuring efficient communication across an increasing number of devices is a key challenge.
❑ Latency Problems
⮚ High latency can negatively affect real-time applications such as autonomous vehicles and
healthcare systems.
⮚ Reducing delay in data transmission is crucial for IoT systems requiring fast responses.

21
Case Study: Smart Grid Communication Failure
❑ Incident: In 2015, a smart grid system in the U.S. experienced a failure where IoT-enabled smart
meters stopped transmitting real-time energy data due to network congestion.

❑ Impact:
⮚ Customers were overcharged or undercharged due to incorrect readings.
⮚ Utility companies lost revenue due to billing errors.
⮚ Power distribution issues occurred because of delayed load balancing decisions.

❑ Root Cause: Overloaded IoT communication network, outdated protocol handling, and poor failover
mechanisms.

22
Analysis of Causes and Consequences
❑ Causes of Communication Failure
⮚ Network Overload: Too many IoT devices transmitting data simultaneously.
⮚ Lack of Data Prioritization: No differentiation between critical and non-critical data.
⮚ Unoptimized Communication Protocols: Use of HTTP instead of lightweight protocols like MQTT
or CoAP.
⮚ Weak Error Handling: No redundancy or fallback mechanisms.
❑ Consequences
⮚ Financial Loss: Incorrect billing led to revenue loss and legal disputes.
⮚ Consumer Trust Issues: Customers lost trust in smart metering reliability.
⮚ Operational Downtime: Manual intervention required to correct errors, delaying energy
distribution decisions.

23
Possible Solutions
❑ Adopt Scalable Network Architectures
⮚ Implement edge computing to process data locally before sending it to the cloud.
⮚ Use LoRaWAN or 5G to handle large-scale IoT deployments.
❑ Use Efficient Communication Protocols
⮚ Switch from HTTP to MQTT or CoAP, which are designed for IoT.
⮚ Implement data compression techniques to reduce payload size.
❑ Implement Redundancy & Failover Mechanisms
⮚ Use multi-path routing to avoid single points of failure.
⮚ Deploy backup cloud servers for automatic failover.
❑ Prioritize & Optimize Data Transmission
⮚ Categorize data (e.g., critical vs. non-critical) and allocate bandwidth accordingly.
⮚ Use adaptive data rate (ADR) algorithms to optimize network traffic.

24
CEP Problems
❑ A university research team is developing a Smart Agriculture Monitoring System to help farmers
remotely monitor soil conditions, temperature, and humidity. The system consists of multiple
sensors deployed across a large agricultural field, a central gateway that collects sensor data, and a
cloud-based server for data storage and processing. Additionally, farmers should receive real-time
alerts on their mobile applications if soil moisture levels drop too low. What messaging protocol
(e.g., MQTT, CoAP, AMQP, XMPP) should the research team use for transmitting sensor data to the
cloud and delivering real-time alerts to farmers?

❑ A hospital is developing a Smart Healthcare Monitoring System to track patient vitals in real time
using wearable sensors. The system transmits data to a nursing station for immediate monitoring,
uploads it to the cloud for remote analysis, and triggers emergency alerts if critical conditions arise,
ensuring rapid medical response. Which messaging protocol (e.g., MQTT, CoAP, AMQP, XMPP)
should be used to ensure reliable and low-latency communication between medical sensors, hospital
servers, and cloud systems?

25
What are IoT Security?
❑ An IoT attack is a cyberattack that targets Internet of Things systems, which include physical
devices, vehicles, buildings, and other objects embedded with software that enables them to
collect or exchange data. As IoT grows, the number of cyber threats increase.

❑ Confidentiality, Integrity, and Availability (CIA) form a triad that fulfills the basic security needs. For
security and privacy of the IoT devices, should satisfy the CIA triad. These all three components are
important for the better security of the devices. So, these security doctrines apply as a whole to the
IoT same as they apply on the Internet.

26
CIA

27
CIA (Contd.)
❑ Confidentiality: Confidentiality ensures that access must be granted to the authorized user to the
information and data reports. The access is subject to the extent of the need for access.
❑ Integrity: The Integrity is determined and ensured when the data is well secured and protected. The
encrypted data only be modified by the authentic user during the process, transmission and storage.
❑ Availability: Availability of the data play an important role. Information security and authentication
are very vital for data security. But, the availability of the data at the required time is a must. It is
useless if the data is not available on time or in an emergency or critical situation.

28
CIA (Contd.)
❑ For security and privacy of the IoT devices, it should satisfy the CIA triad. Components of the CIA
triad are confidentiality, integrity, and availability. These all three components are important for
the better security of the devices.

❑ It poses a significant impact to any individual or institution or organization involved in any CIA triad
basic requirements is missed. As a definition for impacts provided by the NIST (the National
Institute for Standards and Technology) suggesting High, Moderate, and Low potential impacts due
to the loss of CIA.

29
NIST Framework

30
IoT Security

31
Types of IoT attacks

❑ These devices can be vulnerable to hijacking due to weak IoT security measures, outdated
firmware, and poor system design. Here are some of the most common types of IoT attacks:

1. Device spoofing: A type of attack where a malicious device manipulates an authentic device’s IP
address, MAC address, or other identifying information and pretends to be a legitimate one.
2. Man-in-the-middle (MitM) attacks: The concept of a MitM attack involves a hacker
intercepting communication between two systems. The attacker impersonates the original
sender to trick the other party into thinking they’re receiving a legitimate message. MitM is
usually carried out to extract sensitive information and disrupt services.
3. Distributed denial of service (DDoS) attacks. DDoS attacks on IoT devices overload the network
by flooding it with constant traffic, such as fake requests. This way, an attacker overwhelms the
system, crashes it, and causes a denial of service to legitimate users.

32
Types of IoT attacks

4. Eavesdropping. Threat actors perform eavesdropping, also known as sniffing or spying, to

intercept and listen to or monitor the communication between IoT devices.
5. Malware attacks. Cybercriminals install malicious software on IoT devices to gain unauthorized
access to sensitive data, control the device, or spy on network activity or conversations.
6. Zero-day attacks. During a zero-day attack, a hacker exploits unpatched vulnerabilities in the
software of IoT devices previously unknown to cybersecurity engineers. Such attacks are
dangerous because there’s no available fix during an attack.
7. Password cracking. Hackers use different methods, like brute force attacks, to decrypt system
passwords and gain access to IoT devices. The weaker the default passwords and password
practices, the easier it is for attackers to hijack IoT systems.
8. Firmware manipulation. In this type of attack, a cybercriminal modifies the firmware of an IoT
device to alter its functionality and further perform malicious actions.

33
How IoT devices are attacked
❑ Most IoT devices offer immense convenience and efficiency for our daily lives and routine tasks,
whether at home or work. Aside from your laptop, smartphone, or tablet, which are relatively well
secured, other devices like smart TVs or wearables to track your steps are more often exposed to
cybersecurity threats, so it's important to consider the IoT network security. The following are the
most common reasons why your IoT devices may become a sweet catch for hackers:
1. Weak passwords: One of the fundamental reasons IoT devices are a prime target for threat
actors is default or easy-to-guess passwords that allow them entry into the device with little
effort.
2. Unsecured cloud storage: Lack of protection in cloud storage may allow hackers to manipulate
or steal your confidential data easily.
3. Unpatched software: Because outdated IoT software or firmware contain known
vulnerabilities, it provides threat actors a loophole to exploit weaknesses.
4. Insecure network connections: Public or unsecured Wi-Fi networks increase the risk of devices
being attacked and ease hackers’ process of gaining control over them.

34
How IoT devices are attacked
5. Lack of encryption: Anyone who intercepts your unencrypted traffic can read it. This applies to
any traffic you choose to leave outside the secure VPN tunnel — exposing sensitive information
is a major split tunneling security risk.
6. Physical tampering: Physical access to an IoT device may allow attackers to extract sensitive
data, install malicious firmware, and compromise the security of your IoT devices.

35
How to protect IoT systems and devices
❑ Enterprises can use the following tools and technologies to improve their data protection protocols
and security posture:

1. Introduce IoT security during the design phase: The IoT security risks and issues discussed,
most can be overcome with better preparation, particularly during the research and
development process at the start of any consumer- enterprise- or industrial-based IoT (IIoT)
device development. Enabling security by default is critical, along with providing the most
recent operating systems and using secure hardware.
2. PKI and digital certificates: PKI can secure client-server connections between multiple
networked devices. Using a two-key asymmetric cryptosystem, PKI can facilitate the encryption
and decryption of private messages and interactions using digital certificates. These systems
help to protect the clear text information input by users into websites to complete private
transactions. E-commerce wouldn't be able to operate without the security of PKI.

36
How to protect IoT systems and devices (Contd.)
3. Network security: Networks provide a huge opportunity for threat actors to remotely control
IoT devices. Because networks involve both digital and physical components, on-premises IoT
security should address both types of access points. Protecting an IoT network includes
ensuring port security, disabling port forwarding and never opening ports when not needed;
using antimalware, firewalls, intrusion detection systems and intrusion prevention systems;
blocking unauthorized IP addresses; and ensuring systems are patched and up to date.

3. API security: APIs are the backbone of most sophisticated websites. They enable travel
agencies, for example, to aggregate flight information from multiple airlines into one location.
Unfortunately, hackers can compromise these channels of communication, making API security
necessary for protecting the integrity of data being sent from IoT devices to back-end systems
and ensuring only authorized devices, developers and apps communicate with APIs.

37
How to protect IoT systems and devices (Contd.)
5. Network access control (NAC): NAC can help identify and inventory IoT devices connecting to a
network. This provides a baseline for tracking and monitoring devices.
6. Segmentation: IoT devices that need to connect directly to the internet should be segmented
into their own networks and have restricted access to the enterprise network. Network
segments should monitor for anomalous activity, taking action if an issue is detected.
7. Security gateways: Acting as an intermediary between IoT devices and the network, security
gateways have more processing power, memory and capabilities than the IoT devices
themselves, which lets them add features such as firewalls to ensure hackers can't gain access
to the IoT devices they connect.
8. Patch management and continuous software updates: It's critical to provide a way to update
devices and software either over network connections or through automation. Having a
coordinated disclosure of vulnerabilities is also important for updating devices as soon as
possible. Consider end-of-life strategies as well.

38
How to protect IoT systems and devices (Contd.)
9. Training: IoT and operational system security are new to many existing security teams. Security
staff must keep up to date with new or unknown systems, learn new architectures and
programming languages, and be ready for new security challenges. Cybersecurity teams should
receive regular cybersecurity training to keep up with modern threats and security measures.
10. Team integration: Along with training, integrating disparate and regularly siloed teams can be
useful. For example, having programming developers work with security specialists can help
ensure the proper controls are added to devices during the development phase.
11. Consumer education: Consumers must be made aware of the dangers of IoT systems and
provided steps to stay secure, such as updating default credentials and applying software
updates. Consumers can also play a role in requiring device manufacturers to create secure
devices and refusing to use those that don't meet high-security standards.

39
How to protect IoT systems and devices (Contd.)
12. Enforcement and automation of zero-trust policies: The zero-trust model dictates that all users
whether inside or outside the organization's network must be verified, authorized and
continually evaluated for security configuration and posture before being given access to
applications and data. Automating zero-trust policies and enforcing them across the board can
help mitigate security threats against IoT devices.
13. Multifactor authentication (MFA): MFA adds an extra layer of security by requiring more than
one form of identification when requesting access to a device or network. By enforcing MFA
policies, both enterprises and home users can improve the security of IoT devices.
14. Machine learning (ML): ML technology can be used to secure IoT devices by automating the
management and scanning of devices throughout the entire network. Since every device
connected to the network is scanned, it stops assaults automatically before IT teams are
alerted. That's what happened in 2018 when Microsoft Windows Defender software stopped a
Trojan malware attack in 30 minutes.

40
Case Study: Major IoT Security Breach – Mirai Botnet Attack

❑ What Happened?
⮚ In 2016, the Mirai botnet infected hundreds of thousands of IoT devices (CCTV cameras, routers,
DVRs).
⮚ The botnet launched a massive Distributed Denial of Service (DDoS) attack, bringing down major
websites like Twitter, Netflix, Reddit, and GitHub.
⮚ Attackers exploited default usernames and passwords on IoT devices to take control of them.
❑ Key Facts:
⮚ The attack targeted Dyn, a major DNS provider, causing global internet disruptions.
⮚ Devices were turned into "zombie" bots to flood servers with malicious traffic.
⮚ One of the largest DDoS attacks in history, peaking at 1.2 terabits per second.

41
Case Study: Major IoT Security Breach – Mirai Botnet Attack

❑ Scanning & Infection

⮚ Mirai scanned the internet for vulnerable IoT devices with default credentials.
⮚ Once a device was infected, it reported back to the command-and-control (C2) server.
❑ Botnet Formation
⮚ The infected IoT devices were hijacked and turned into bots.
⮚ These bots were then used to send massive traffic to target servers.
❑ DDoS Attack Execution
⮚ The botnet launched DDoS attacks against major services, overloading servers and causing
widespread internet outages.
❑ Impact Analysis
⮚ Global Internet Disruptions – Major platforms went offline.
⮚ Business Losses – Companies like Twitter, Amazon, and PayPal suffered downtime.
⮚ Security Crisis – Exposed the weak security of IoT devices, leading to regulatory discussions.

42
Case Study: Major IoT Security Breach – Mirai Botnet Attack
❑ How to Protect IoT Devices from Similar Attacks
⮚ Strong Authentication & Password Policies
⮚ Change default usernames & passwords on IoT devices.
⮚ Implement Multi-Factor Authentication (MFA) for device access.
❑ Network Segmentation & Traffic Filtering
⮚ Isolate IoT devices on separate networks from critical systems.
⮚ Use firewalls & Intrusion Detection Systems (IDS) to detect abnormal traffic.
❑ Automatic Firmware Updates & Patching
⮚ Ensure IoT devices receive regular security updates to fix vulnerabilities.
⮚ Disable remote access & unused services to reduce attack vectors.
❑ DDoS Mitigation Strategies
⮚ Implement rate limiting & traffic filtering on network infrastructure.
⮚ Use cloud-based DDoS protection services to absorb attacks.

43
CEP Problems
❑ A manufacturing company’s Industrial IoT (IIoT) system controls robotic arms, conveyor belts, and
sensors for real-time automation. Recently, operators noticed unauthorized robotic movements and
production delays. Investigation revealed a possible cyberattack, where an attacker intercepted
communication between IIoT devices and the control system, potentially disrupting operations. Identify
a possible attack that could have compromised the IIoT system. What security mechanisms can be
applied to secure communication, authenticate devices, and detect anomalies in the IIoT
environment?

❑ A family’s Smart Home Automation System controls locks, cameras, lights, and temperature via a
mobile app. Recently, they noticed unauthorized lock activity and camera disruptions. Investigation
revealed a cyberattack compromising the system’s security. Identify a potential attack that could have
compromised the smart home system. How does this attack affect the Confidentiality, Integrity, and
Availability (CIA) of the system? What security measures can be implemented to detect, prevent, and
mitigate this type of attack in an IoT-based smart home environment?

44