Importance Of IoT Security And Safeguarding Against Cyber Threats

Write about the Safegurading Internet Of Things (Iot): Key To Greater Success For IOT.

Defining IoT and its Growth

The internet of thing is the new technology evolved for the future network for the development of mar things. The deployment of IoT in the business organization opens the new door for the opportunities. The IoT is growing at the rapid rate. “The IoT is defined as the creation of internetworking between physical resources and devices” (Saif, 205). The devices which are used in the internet of thing platform are having feature of sensors, actuators, software, and network connectivity. The IoT is defined by global standard as the technique which is capable of managing interoperations between network resources and devices. “The deployment of the internet of things is depends on the integration of objects related to physical world and virtual world embedded in the communication network platform” (Radhakrishnan, 2016). The sensing and controlling are the key features of the IoT for the management of accessing of devices remotely on the network infrastructure. It is the platform of maintaining interconnection between physical world and computer world for increasing the performance of the devices and objects associated with the network. The IoT is compatible for providing efficiency, efficacy, availability of data, integrity, controlling, economic benefit, and others. It works on reducing the human intervention in carrying out the tasks. The operations are designed to work automatically without involving any human connection. The physical infrastructure utilizes the concept of sensors and actuators for the development and maintenance of smart grid, smart cities, smart offices, intelligent transportation system, development of virtual power plants, and others. The internet infrastructure uses numerous protocols, domains and application for the implementation of internet of things platform. The interconnection between the embedded devise and resources can be managed by the association of smart objects in the environment. The computer, people, devices, resources, machine are integrated together into a single platform for the transfer of information and data between various units for carrying out the activities efficiently without making use of humans. There are three major modules of the IoT are 3D internet, internet of context, and next generation network. “The implementation of IoT depends on the IoT devices which are radio frequency identification tracking system, Bluetooth sensor, wearable system with internet connectivity, smartphones integration, and embedded system depends on low power consumption” (Bruch, 2016). The critical area of IoT technologies is the security of the components. It is the prerequisite to maintain the confidentiality, integrity, privacy, and authenticity of data for managing system level security for IoT solutions.  The IoT reference model depends on the concept of cloud server side architecture which si used for keeping eye on the functionality of the different resources used in the deployment of the system. The resources, devices, services, operations, functions, and processes can be maintained and monitored through the medium of cloud server side architecture reference model. The development of digital strategies makes use of IoT platform to bring revolution in the field of technological development. The business and governance model is used for developing a new picture for the enterprise. The benefits of using IoT in the working curriculum helps in increasing the productivity and services, reduces the cost associated with the deployment of the project, and setting standards and policies to develop better technology from the competitors. The cost incurred on the project can be reduced by effectively using the resources, maintaining the availability of resources, overcoming the problem of resource availability, implementation of better decision making capability, and reduction in the down time of the application. In this paper, we will look forward for safeguarding solution required in the IoT environment.

Key Features and Benefits of IoT

It has been seen that with the growth of technology, storage, power, and battery capacity is also goes on increasing. The efforts are tremendously going to reduce the cost of managing the resources on the network. The IoT is the new concept which supports the paradigm of accessing any data from anywhere and at any time according to the user requirement. It is the new feature which extends the capability of the existing information and communication system. The IoT technology is based on the smart objects. “The smart objects are defined as the objects which are having physical characteristics, ability to give response to the incoming signals, have some computing capabilities, and physical phenomenon of sensing” (Ahmed, 2012). The key barriers which are seen in adopting the IoT infrastructure are categorised as the standards of interoperability is not well maintained, security concern for communication between the devices, uncertain occurrence of ROI, lack of legacy equipment, immaturity in technology for large scale enterprise, privacy of data, not efficient skilled workers, and impact on environment. The building blocks of IoT are the wireless sensor network and radio wave frequency identification. The implementation of IoT suffers from three limitations such as management of heterogeneous devices, use of sensor nodes, and the dimensions of the object. RFID is responsible for maintaining communication between different devices. The Ambient intelligence is one of the most important IoT services because it is responsible for carrying out activities of sensing, actuation, and computing. “The ambient technologies are used for developing sensitive and responsive control measures for controlling the devices on the network” (Choudhary, 2014). The ambient technologies are the amalgamation of context aware programs and adaptive personalised system. It is used for developing intelligent system for managing profile system, human centric applications, and development of pervasive computing. The user can intelligently design their application according to the requirement specification plan. Ubiquitous computing and ambient intelligence together work for developing loosely coupled system because if the device got failure or get under the control of hacker than it can be easily removed from the system so as to maintain communication flow between other participating devices. The critical area of IoT technologies is the security of the components. It is the prerequisite to maintain the confidentiality, integrity, privacy, and authenticity of data for managing system level security for IoT solutions. There are three major concern areas in the IoT infrastructure is to maintain confidentiality, privacy, and trust. In the IoT scenario, the data confidentiality is the basic issue. The safeguarding mechanisms are required to protect the asset and pool of data. The authorization is the fundamental technique used in the traditional working to restrict the access of data from the unauthorised users. The authentication process is based on mechanism used for access control and the process employed for object authentication. There are two limiting factors which are responsible for exploiting the confidentiality of the data. The first concern is the generation of big data. It is difficult to maintain the scalability of the big data. The second concern is the controlling mechanism used for accessing the data from the network. The data leakages arise due to the flaws in the accessing methods. The role based access control is the standard approach which is used for accessing data in the conventional IoT infrastructure. In this user take the permission to act as a particular role for accessing information. he role based access controls should be developed for limiting the access of information. The limited user can access the resources, policies, devices, application, and components to complete their allocated tasks. It helps in minimizing the entrance of the intruder. Privacy of data is the second major concern of IoT environment. Privacy means data should be kept secured from leakage to different source. The domain of the IoT application is based on the fundamental concept of privacy. Wireless communication technologies play a key role in ensuring the privacy of personnel data. The privacy of the data can be violated with the use of ubiquitous computing for exchanging data between the network device and resources. The intelligent network depends on the effective utilization of the centralized and distributed objects. “The interactive standards should be used for managing behavioural changes equipped in the devices over the network” (Choudhary, 2014). The remote access capabilities can increased the risks of violating the information. There are number of frameworks designed for maintaining the privacy of data which are named as Tropos, Kaos, PRIS, and NFR. PRIS is the most commonly used framework for preserving privacy of data. It provides the layer of abstraction to the objects and processes used in the IoT applications. The key challenges in preserving the privacy of data are defining the model for preserving the privacy of IoT application, innovative techniques for scaling the heterogeneity characteristics, maintaining the balance between the solution and the application. The third concern area is the Trust. It is difficult to trust on the method used for securing the privacy and confidentiality of the data in IoT environment. The security policies and credentials should be used for identifying the best safeguarding method for the IoT scenario. The following figure shows the key security challenges which are faced by IoT solutions and applications:

Modules of IoT

From the research and analysis, the key concern areas of security in IoT environment are insecurity related with web interface, inefficiency in authorization and authentication methods, insecurity in the services provided by the network, lack of encryption methodologies, concern of privacy of data, insecurity in developing cloud interface, insecurity in developing mobile interface, insecurity in configuration technology, insecurity in software used, and poor security of infrastructure.

The backbone of every business activity is to securely complete the task without any external intervention. The devices connected to the network have a greater chance of attack. The level of get increased with the level of increasing the complexity of the network. The Iot Security is the major problem domain for every enterprise. In this paper we will focus on delivering the security solution which can be effective in the IoT environment.

• Research objective: The aim of this paper is to analyse safeguarding solution in internet of things environment. The research work should be in the direction of collecting information related to the IoT environment to analyse the need of security system in IoT environment. The deployment of the internet of things is depends on the integration of objects related to physical world and virtual world embedded in the communication network platform. It is required to have a clear idea about physical and virtual world.
• Research Philosophy: The research philosophy is based on the construction of well specified research questions, methodology, and research objectives. The research questions should be capable of collecting data which can be used for analysing the need of the safeguarding system and what are the possible safeguarding solutions.
• Research approach: The research work utilizes two types of research approaches which are named as inductive and deductive. The deductive approach is used for developing the strategy to analyse the data collected on IoT by using the evidence of literature review. The inductive approach is used to collect data by arranging physical interview with the high professional to know the real fact of the IoT technology.
• Data collection methods: The quantitative and qualitative are the two methods which are used for collecting data on the research proposal of IoT. The qualitative methodology depends on organizing the semi-structured interview for collecting data. The integral part of this methodology is to develop the list of research question on IoT. The analysis of the reliable data helps in analysing the current situation of the security system in IoT and the improvement required in the future network. The success of the research depends on the data collected through the construction of well-defined and designed research questions. The questionnaire can be arranged for getting review and opinion on IoT of different experts at a time. The research methodology helps in generating new security methods for IoT in the future.
• Limitation of Data collection methodology: The inaccuracy and unstructured format of the research question can lead to generate wrong research data which adversely affect the report. The standard should be followed for developing the research questions.

Particulars	Descriptions
1. Interconnection between the devices and resources	The IoT policies and standards are used for developing interconnection between the devices. The flow of communication can be continued without any breakdown on the global platform of devices and resources.
2. Services related to IoT	There are some constraints which are associated with the IoT. The consistency should be maintained with managing privacy and protection between various and physical objects which are integrated together.
3. Heterogeneity	The easy compatibility of heterogeneous hardware and software devices on the platform of internet of things. The embedded devices on the network maintain connection with smart objects.
4. Dynamic changes	The dynamic changes in the location, speed, and state of devices helps in predicting the availability of the resource on the network. The dynamic changes of the numerous devices can be managed efficiently on the IoT platform.
5. Enormous scale	The communication between the resources on the network can be managed according to the application requirement. It can be increased or decreased. It helps in overcoming the problem of communication breakdown between the interactive devices.
6. Scalability	The scalability issues of the traditional infrastructure can be resolved by using the concept of IoT. The different issues which are associated with the network as naming and addressing issue of the resulting system, high level interconnection between data communication and networking entities, Information and knowledge management on the digital platform, and management of service provisioning.
7. Ubiqutious data exchange	Wireless communication technologies are used for enabling workload between the smart objects. It is capable of maintaining spectrum availability, adoption of dynamic radio system, and others. Ubiquitous computing and ambient intelligence together work for developing loosely coupled system because if the device got failure or get under the control of hacker than it can be easily removed from the system so as to maintain communication flow between other participating devices.
8. Solutions based on energy optimization	IoT equipment helps in developing constant flow of communication between the participating units which helps in optimising the utilization of the resources.
9. Capabilities of localization and tracking capabilities	The wireless communication entities should be capable of tracking the location of the devices so that it is easy to maintain continuous flow of information.
10. Self-organization capabilities	The complexity of the IoT platform is increased due to the distributed intelligence system and management of smart objects. It is capable of minimizing human intervention. The Adhoc network is capable of sharing of information. The coordination can be developed between various tasks by managing the flow of information.
11. Operating system	The peculiarities of the operating system should be clearly defined in the requirement specification plan. The computational services are responsible for developing successful software components.

The IoT application is the configuration of IoT reference model by using the concept of cloud server architecture, identification of the devices and resources, use of network technology for maintaining connection between the devices, use of algorithms and software for developing interconnection, processing based on data signals, hardware and software technology, dependability, security standards and policies, privacy, and integrity. There are some constraints which are associated with the IoT. The consistency should be maintained with managing privacy and protection between various and physical objects which are integrated together. The strategic changes can be bought by the amalgamation of different constituting units innovation, stakeholders, development, and creations. The growth of the internet of things depends on the evolution which comes in the field of technology with the rapid growth of cloud computing, social networking, automatic computing, cyber security system, and others. The IoT is capable of providing on-demand information for increasing the speed of the application. The devices are connected with the network. The next generation computing power can be increased by using the terminology of measuring organization value, process operations, and activities analysis. There are various issues in the traditional working system of the internet for managing device such as chain management system for devices, transaction tracking system, value chain transformation system, and many more. The internet of things is capable of providing solution and resolving issues of the chain management system for devices, transaction tracking system, value chain transformation system, and many more. It is the best solution for knowing the current location of the devices and assets, inventory level reduction, reducing the chance of fraud, and reducing the chance of damage to intellectual property, and others. The IoT is capable of using the historical data for managing  the reading of the sensor machine. The IoT is capable of managing the asset pool for the effective utilization of functions related to providing high quality service to the customers, material and rsource availability, and reducing the cost of working capital. The graph below shows the strategy developed by the organization in the deployment of IoT.

• Security: The major concern of any network is the area of security. Every application looks forward for developing some safeguarding system to secure the transmission of information between different units.  The process which are used for increasing the security of the application are using the booting process, application whitelisting, development of access controls and authentication protocols, deployment of firewall, making use of intrusion prevention and detection system, and others.
• Point to point integration of devices: The IoT services helps in overcoming the problem of communication between the interconnected devices. The actuators and sensors are used for generalise the flow of data. The devices can be efficiently managed on the networking platform. The gateways of cloud architectures are used for managing and integrated devices.
• Lifecycle management of devices: The factors which are responsible for managing the life cycle of the operating devices are designing of IoT in the initial stage of the internet, changes required in the configuration of the network, debugging of services in the customization of devices, reducing the malfunctioning of correlating devices.
• Use of intelligence driving system: The aggregation of data depends on the edge devices which are implemented on the cloud platform. The analysis of the big data can be managed by deploying the controlling strategies. The routing of the data can be possible by the aggregation of data.

Building Blocks of IoT

The evolution of the IoT depends on the following factors:

• The volatile objects do not make effective utilization of identifiers and numbering spaces on the global platform.
• The cloud server side reference model is efficiently used in the development of application which give birth to IoT architecture to develop application at much faster rate and with compatibility.
• There are some constraints which are associated with the IoT. The consistency should be maintained with managing privacy and protection between various and physical objects which are integrated together.
• Use of sensor technology with the existing hardware and software components gives the new direction to the application.
• The increases complexity in the technological world raises the concern of security issues associated with the application. The IoT is developed to provide safeguarding to the application.
• The potential and the capability of the internet of things helps in increasing the sale, service, and productivity of the organization.
• The integration of devices helps in managing availability of resources in the complex working structure and helps in maintaining the flow of work without any breakdown.

Technologies	Explanation
Integration of services	The integrated system of devices and resources are used for developing the IoT application efficiently
Integration of software	The analytical engines are used for managing information required by the vendors through the medium of application and middleware. The point to point solutions are used managing the integration of software to provide efficient and effective services
Hardware	The growth of the internet of things depends on the evolution which comes in the field of technology with the rapid growth of cloud computing, social networking, automatic computing, cyber security system, and others. RFID sensor, GPS chips and external devices are the prerequisites for the implementation of the IoT. The implementation of IoT depends on the IoT devices which are radio frequency identification tracking system, Bluetooth sensor, wearable system with internet connectivity, smartphones integration, and embedded system depends on low power consumption.
Network Management	The accessing on the network depends on the information transportation and satellite management. The IoT solution helps in managing the wireless connectivity between various integrating devices.
Analytical solutions	The hardware and software used in the IoT environment should be capable of managing business intelligence concepts. The functions and operations which are related to the analytical solutions are pattern recognition system, data mining tasks, predictive analysis of the tasks, configuration of video and audio image, and development strategies for artificial intelligence. The action are managed according to the pattern used to determining the integration of the resources and devices
RFID readers	Radio waves are used for identifying the items and devices over the network. The Radio frequency identification is used for tracking the location of the devices on the internet for creating effective links between them. The RFID reader is used to analyse the areas of inventory management system, customer relationship management, supplier chain management system, automatic roll out system, and maintenance and monitoring system.
Sensor devices and Network	There are incompatibility between the physical and virtual world The sensor devices and network is the best solution to fill the gap between them for effective utilization of resources. The location of the devices can be predicted by using the sensor technology. The combination of sensor technology and radio lights is used for predicting the location of the devices on the internet. The internet connection is required for accessing the sensor devices.
Microcontrollers	The microchips which are embedded within the devices for controlling the activities of the devices are called as Micro-controllers. The intelligence distributed processing system is used for controlling the managing decision for the effective utilization of resources and devices.
Protocols	There are various protocols which are implemented for managing interconnection between resources and devices such as HTTP, HTTP-API, Link layer security protocol, HTTPS, and others. The standard protocols are used for developing and maintaining links between the devices. Some of the commonly used protocols are HTTP, Zigbee, wireless hart, and ISA.
Biometrics	The deployment of the biometrics helps in providing security to the devices available on the network from hacking. It also helps in distinguishing the inanimate objects. There are various biometrics techniques available such as fingerprinting, voice recognition system, voice recognition system, iris recognition system, and others.
Vision of the machine	RFID readers are used for transmitting information on different virtual machines for the availability of data. Controllers and sensor are used for developing vision of the machine.  Wireless communication technologies play a key role in ensuring the privacy of personnel data. The privacy of the data can be violated with the use of ubiquitous computing for exchanging data between the network device and resources.
Use of actuators	The detection of incoming signals and providing instant responses can be managed by using the actuators. The illumination can be provided by using the mechanical switches.
Technologies used for predicting location of the devices	The location of the devices can be predicted by using the sensor technology. The combination of sensor technology and radio lights is used for predicting the location of the devices on the internet.
Use of ambient technologies	The ambient technologies are used for developing sensitive and responsive control measures for controlling the devices on the network. The ambient technologies are the amalgamation of context aware programs and adaptive personalised system. It is used for developing intelligent system for managing profile system, human centric applications, development of pervasive computing.

The IoT is the newer concept of managing resources on the internet. The internet of thing is capable of managing relationship with supply chain management system, loss of assets can be prevented, the business delivery process can be enhanced, optimizing the response in the supply chain, effective management of costs, forecasting the accuracy of the object, maintaining relationship with suppliers, employers, customers, partners, and other associated members. It focuses on improving the safety and security measures within the regulation of compliance and governance. It provides the facility of risks management by keeping the system proactive before the occurrence of risks. It is capable of improving the revenues generated by the organization and action required for data driven mechanism. The benefits of IoT can be represented in the graph below:  

The table below shows the changes required in the traditional network for the implementation of IoT. It also looks upon the benefits which are associated with IoT:

Changes	Benefit
The management of traffic in the real time environment	Improving the experience of the customers in using the application based on IoT
The monitoring of the equipment can be remotely done	The key steps should be taken to improve the capability of the resources and employees.
On-demand fluctuation results in generating quick response	It is capable of improving the agility and flexibility of the application
The traditional supply chain management system should be replaced by intelligent supply chain management system.	The intelligent supply chain management system is capable of managing the accurate stock availability without the condition of underflow and overflow.
New program for tracking the resources on the real time environment	It works on reducing the working capital
The infrastructure is capable of promoting changes	Cost saving and environmental benefits
The traditional components should be changed with the smart components	The reduction in consuming the resources
Making use of innovative services	Cot saving structure
Smart grids can be deployed	Responsive and reliable system.
The hardware and software used in the IoT environment should be capable of managing business intelligence concepts.	Availability of resources can be improved.
Wired connectivity should be replaced by wireless connectivity using satellite connection	The IoT solution helps in managing the wireless connectivity between various integrating devices.

Reference Architecture for IoT:

The internet of things architecture is based on the cloud server side reference model. The generic and specific requirement are the prerequisite for the development of IoT architecture. The generic requirement is the collection of inherent connection which should be maintained between the resources available on the internet. The firewall can be successfully implemented for putting restriction on the entry of the malware and viruses which can exploit the functionality and operational capability of the entire system. The specific requirement is the collection of connectivity program, communication flow, collection of data and analysis, management of the devices and resources, management of scalability program, and setting security standards. There are various protocols which are implemented for managing interconnection between resources and devices such as HTTP, HTTP-API, Link layer security protocol, HTTPS, and others. The desirable requirements can be categorised as removing the devices from the internet if the devices get under the control of hackers, the software should be periodically updated automatically, security measures and standards used for updating the entire program for compatibility, analysis, storing, and management of confidential information and other related data. The IoT development is based on the layered architecture which is represented below is the figure:

The reference model for IoT is based on layered architecture for the initialization of the framework required to develop the digital application. The domain specific feature should be clearly defined in the requirement specification plan for the development of the application. The application can be developed by making use of architectural language. The domain specific features are used to describes the vocabulary architecture. The deployment specific features can be deployed by using deployment language. The code generation taks can be efficiently done by using the amalgamation of languages. The languages play a key role in reducing the efforts required to develop the application. The peculiarities of the operating system should be clearly defined in the requirement specification plan. The computational services are responsible for developing successful software components. The reference cube of deploying IoT services is shown below in the figure:

Barriers in Adopting IoT Infrastructure

The combination of meta-model and architectural data is used to develop IoT application. The alignment of the business activities and process can be done by the deployment of meta-model. The scheduling of strategic activities are responsible for managing the availability of data, performance of the resources, interoperability between te devices, accuracy of data, integrity of services, maintainability, flexibility in the process and methods employed, coordination and integration of services, decision support system for controlling the flow of services in the application, and many more. “The management of activities is responsible for managing the operations such as planning, designing, controlling, enabling, and monitoring” (Tollens, 2016). The framework should be developed for managing the resources associated with the application such as people, processes, and structure. The management of activities can be uniquely done by the implementation of IoT solutions. The interacting modules are used for managing interconnection between local devices. The data and the permanent storage can be analysed by using the remote servers. The local analysis is used for processing operation for the implementation of IoT devices. The internet of things is capable of performing rollout services. The IoT solution depends on vertical packages. The IoT provides the methods of testing procedures for testing the devices and solution. In the IoT environment the emphasis is given on the security standards used for managing the on-board devices, improving operations for implementing business processes, improving the scalability of the cloud, management of devices for remote access, validation of integration rule for the application, and others. “The IoT is the next generation platform for managing the services provided by the devices in the effective way” (Wang, 2014). The alignment of application and API is used for providing a new architecture for the effective utilization of the resources. The multiple channels can be used for generating alerts to increase the capacity of automation in the flow of activities. The cost saving and predictive maintenance program is used for managing workflow between different communicating devices.

The table below represent the potential areas of IoT:

Potential areas	Description
Governance structure	The governance structure and framework is used for developing the architecture which is responsible for identification of resources, developing protocols for safeguarding the system, interoperations between the resources, and maintenance of inter-tag communication. The standards should be developed for defining the confidentiality and associated security of the data.
Development of ubiquitous network	“The IoT is capable for deploying automatic set up for implementing the procedures for authentication and encryption to safeguard the devices from the attack of security breaches and vulnerabilities” (Xiang, 2012).
Policies used for developing legislation and regulation	Privacy should be developed at every security level to ensure the legislative framework of the governance.
Usage of intelligent objects	“The intelligent network depends on the effective utilization of the centralized and distributed objects. The interactive standards should be used for managing behavioural changes equipped in the devices over the network” (Vermesan, 2013).
IoT security	The security measures should be taken for securing the privacy and confidentiality of the data.
Services provided by the software	The IoT environment depends on the user centric services. The event driven middleware is used for implementing the services on the platform of sensor dynamics.
Collaboration between physical and virtual components	“The 3D objects are used for developing virtual environment for the IoT applications” (Zhu, 2015).
Augmented reality	The collaboration of people, things, and place is used for managing context sensitive information
Application mashup	Standard protocols are used for managing mash-up of the application for managing the interoperability, security and privacy of information, and capability configuration.
Overcoming communication issues	Microchips are stored on the antenna for converting the traditional antenna to smart antenna. These microchips are used for managing fow of communication between the devices. The standard API’s are used for transforming the speed and modulation of the devices
Issues related to interoperability	The traditional network is facing the problem of interoperability. The problem of interoperability can be resolved by using the inter-tag and multi-tag integration for maintaining the flow of communication on the centralized and decentralised network.

Challenges	Description
Security	“The decentralized control used for managing interconnection between the devices can act as an entrance gate for the malware” (Wu, 2014). The expensive devices should compromise with tampering services. The middleware layer and APIs can increase the complexity of the system because of the peer to peer communication between different devices.
Privacy and trust	The sensitivity of the data is major challenge in the remote access of the information. The compliance framework raises the social and political issues in managing the privacy of information
Integration and complexity issues	The IoT environment is facing the problem of integration of devices and their associated testing, use of protocols for managing the communication, inclusion of API and multiple platforms, and others. The building blocks of IoT increase the complexity of the infrastructure.
Standard protocols and standards	The legacy system is focusing on the development of new standards for the IoT infrastructure. The open source platform of IoT is get affected by the traditional security protocols and standards.
Value proposition for the use cases	It is difficult to develop customer centric use case diagram due to the high complexity of data available over the network.

The following is the list of possible attacks which can exploit the IoT system and applications:

Particulars	Descriptions
Physical access	The physical access is the gap between physical and the virtual objects. It is the entrance of the intruder though the medium of physical devices. It can be due to poor configuration setting. The physical access can affect the memory and the data stored on it.
Local attacks on the Wi-Fi connections	The attacker can access the Ethernet connection for accessing information from the local network.
Cloud polling	The cloud polling is the methodology of keeping constant communication between the devices placed over the network. The cloud server is responsible for executing and uploading current information of the devices which can be used by the hacker in the negative sense.
Direct connection	The direct connection should be developed between hub and the application placed on the same network. Simple service discovery protocol is used for analysing the location of the devices. The attacker can easily use these devices for entrance because these devices are performing unencrypted communication.
Vulnerabilities in the interfaces	The common types of vulnerabilities which are development of unauthenticated request for performing reconfiguration actions. Upgrading of unrequested request Overflows of buffer Flaws of infection Cross site scripting References used for indirect and direct objects Misconfiguration of security Data exposure to sensitivity Access control for missing function level Forgery request for cross site Vulnerabilities associated with components. Invalidated redirection
Cloud infrastructure attack	The weak passwords are generated by the IoT cloud services which can strongly hack by the hackers. The SSL encryption methods are used for testing the cloud management. The cloud system is responsible for managing IoT devices on the internet. The logical errors can be the cause of disclosure of confidential information. The sensitive information of the customers can be lost
Malware attack	Malicious software can be injected into the IoT devices which can exploit the functionality of the system. It can replicate the copies of data and result into the exposure of confidential information.
Common entrance point for the hacker	The common entrance points for the hackers are weak administration credentials, open forum and ports, un-patching of operating system software, and others.

The risks associated with the application get increase with the increase in complexity, communication, and analysis tasks. The following table shows the risks increasing chart:

Function	Area	Risks associated	Semi-Autonomous	Fully-Autonomous
Collection of the data	No Data	No-risk associated data	Moderate risks associated data	High risks data
Analysis of the data	No analysis	No analysis	Cloud analysis	On-device cloud analysis
Decision making process	No decision	Human controllable decision	Cloud based	On-device cloud based
Communication	No communication	Cloud read	Cloud read write	Machine to machine
Potential impact	Limited	Moderate	High	Critical

The review should be generated on the companies which have already implemented the technology of IoT to evaluate the resiliency of the IoT environment. It also helps in evaluating the benefits and challenges which the company faced in the implementation of IoT. The key barriers which are seen in adopting the IoT infrastructure are categorised as the standards of interoperability is not well maintained, security concern for communication between the devices, uncertain occurrence of ROI, lack of legacy equipment, immaturity in technology for large scale enterprise, privacy of data, not efficient skilled workers, and impact on environment. The review system uses the technology of threat modelling for evaluating risks associated with each security layer. The layer includes the components such as devices, connecting cloud, gateways, and IT infrastructure. The threat modelling results into the analysis of the data collected by the assessment of vulnerability associated with each layer.  The two types of analysis are performed according to the availability of the code which are named as dynamic and static. The common attack surface should be review properly by using the set of protocols authentication mechanism, fail and safe devices, and exposure of infrastructure and use of gateways. The physical routes should be enumerated by using the physical access points, interfaces, communication channels, interfaces, connecting application, and others. The physical access points are used for gaining access of the electronic components by disassembling the communication buses. The Zigbee and Z-wave are the protocols which are used for communication channels. The control procedures provides the interface to the connecting applications. The web application uses consuming surfaces like vendor platform and open platform.

Critical Areas in IoT Technologies

“The enterprise can improve their working tactics by including the IoT solution into their curriculum” (James, 2015). The success of the IoT solution depends on the security measures embedded with the every stage of the project. The security controls should be used for securing the booting process of the hardware based components. The microcontrollers are the trusted platform for performing secured operations. It makes use of specialised security chips and processor along with cryptographic modules associated with the application. “140-2 FIPS standard module is used for determining the longevity and resiliency of the application” (Miorandi, 2012). The authentication and data management technologies are used for providing security to the devices. The authentication mechanism used for securing the application depends on he specification of hardware and software used. The shared keys, password, digital signature and certification are some of the techniques used for securing the application. The communication protocols which are used in securing the application are CoAP, Zigbee, Z-Wave, Bluetooth, and etc. The strong device authentication and identification mechanism should be developed for ensuring the security to the centralized network. The source code which are used in the application are provide security through encryption policies, authorisation, and restriction methods. The limited data should be placed on the network and the unwanted data should be removed periodically. The unprotected data can be entrance point for the attackers who can exploit the working of the whole system. The defence mechanism should be placed to minimize the risks associated with the compromised data. The framework of governance policies should be developed for the effective and efficient management of devices, information, people, resources, entities, and etc of the IoT environment. The digital signatures are used for governing the devices through the gateway policies. The device policies deal with the security policies for registration management of keys, data communication, and others. The protocols should be used by the devices for sharing of information securely. Over the air update is the major challenge to develop a robust application. There are three distint phases which are used for securing the application for over the air attac which are categorised as OTA bits should be generated securely, secure transmission of the bit, and bits of the target device should be updated. Network band width is the challenge for updating the bit of the target device. The public key cryptographic standards should be used for securing the messaging and packaging. The end point updates should be provided to the software for keeping the IoT devices secured on the network. The remote access of the data should be provided some security measures. The common entrance points for the hackers are weak administration credentials, open forum and ports, un-patching of operating system software, and others. The resiliency of the assets can be managed by focusing on the security measures which are undertaken to strengthen the communication key management techniques, communication protocols, event management, program and others. The security program and control should be taken for facing the problem of security breaches. The external factors such as weather and human errors should be taken into consideration for securing the enterprise devices from the threats and vulnerabilities. The proactive plan should be prepared for the security measures t deal efficiently with external threats. The contextual intelligence helps in securing the IoT devices placed on the network. The protocols standard using the concept of artificial intelligence helps in safeguarding the IoT infrastructure. The security mechanism should be provided on each layer for securing the interaction between the IoT devices, application, and network layer. The IoT security depends on the use of multiple layer of security, methods used for authentication and encryption of devices, use of intrusion detection and prevention methods, and deployment of the firewall system. The security and safeguarding mechanism should be used for developing the integrity of the data during the transmission between various IoT devices to manage resiliency of the network.  The diagram below shows the security in every layer.

Concern Areas in IoT Infrastructure and Importance of Safeguarding

The table below shows the security methods deployed in every layer for developing the resilience IoT infrastructure.

Layer	Security Methods	Description
Device Layer	Secure booting process	The authentication and integration methods should be used for securing the devices on the network
	Authentication of the devices	The authentication mechanism should be used for accessing the network through the device using strong login credentials
Application layer	Access control mechanism	The two main access control methods are used for developing resilience infrastructure which are named as mandatory access control method and role based access control method.
	Application data	The integrity, privacy, and authenticity of the data should be maintained for using it in the application.
	Firewall and intrusion prevention methods	The firewall and intrusion prevention method are used for filtering the intruder from the application. The industry specific protocols are used for inspection of the deep packet. The malicious payloads can be identified by using the IT protocols
Network Layer	Event monitoring and security information	The integration should be developed for maintaining the correlation between the products and the events.
	Integrity of the signals	The quality of the signal should be ensured for managing the communication between various devices.
	Confidentiality of datagram and signal	The UDP should be maintained for carrying out confidential communication.

It is the major concern for securing the IoT devices on the internet. The user can reduce some chance of occurrence of risks by following mitigation policies. The mitigation policies are creating the strong password using alpha-numeric for working on the IoT infrastructure. The password should be changed periodically. The encryption methods should be used for setting up the Wi-Fi network.  The remote access of the devices should be disabled. The wired connection should be used in place of wireless connection. The IoT devices should be used for tampering process. The security measures should be used on the vendor devices. The modification of privacy and security methods are used for managing security. The periodic updates should be available within the application. The smart features of the devices should be equipped with the security measures. The secured socket layer should be used for developing secure communication connections. The SSL certification is used for revocation list. In the IoT environment the emphasis is given on the security standards used for managing the on-board devices and improving operations for implementing business processes. The security policies should be used for managing web interface and API. The software should use secure boot chain for executing the activities on the devices. The device management strategy should be developed for managing the security analytical features. The unused tools should be removed from the application periodically which helps in cleaning the space and restricting the entrance of the intruders. The jamming can be applied for the implementation of smart fail safe mechanism. The compatibility of the devices should be checked for endorsing smart features into the application. It has been researched that the wireless protocols of the IoT infrastructure are having the chance of occurrence of vulnerabilities such as sniffing of network traffic, injection of malware and viruses, process of tampering and forging, process of jamming, high consumption of battery, unfairness and collision between the packets in the Link layer, occurrence of black holes in the network layer, and de-synchronization of transport layer. The attacke can attack through the Wi-Fi access used for accessing the network. The Wi-Fi access points should be provided with isolation security. The Z-wave protocol is used for securing the IoT infrastructure. The potential attacks can be overcome by using correct security standard at correct itme. The proactive and reactive schedule should be prepared to face the situation of vulnerabilities. The IoT security environment depends on the physical and cyber-security solution. The security should be provided to the M2M communication so that no data leakage takes place from any sources and the hacker gets the chance of attack. The target device should be analysed for posting the security measures on it. The availability, privacy, and integrity of the data should be maintained for the smooth flow of communication on the IoT infrastructure.

Challenges in Ensuring IoT Security

There are various key barriers which are seen in adopting the IoT infrastructure are categorised as the standards of interoperability is not well maintained, security concern for communication between the devices, uncertain occurrence of ROI, lack of legacy equipment, immaturity in technology for large scale enterprise, privacy of data, not efficient skilled workers, and impact on environment. “The IoT security model should be composed of some unique characteristics which can be classified as visibility of security events, controlling the security policies, use of actionable intelligence, and use of automated decision” (Fang, 2016). The enterprise can improve their working tactics by including the IoT solution into their curriculum. The success of the IoT solution depends on the security measures embedded with the every stage of the project. The visibility of the security events can be possible by using the technology of audio and video analytics, remote sensing and management of the assets, and maintaining the correlation between multisite events.” Controlling the security policies is used to give response to the attack which gets entered into the system” (Friess, 2012). The mitigation and comprehensive cyber-security should be used for detecting the threats on the IoT infrastructure. “Actionable intelligence depends on fog nodes for analysing the real time data which can be collected from switches, door controllers, routers, IoT devices, and others” (Friess, 2014). The automated decisions are depends on the fog node analysis for avoiding human errors and take action which is under the regulatory policies.

The layer of security should be implemented for safeguarding the IoT devices. The list of security procedures are listed below:

• Authentication of the devices: “The hardware and software devices placed on the IoT network should be provided with the authentication protocols to access the data from the network without any intervention” (Haller, 2014). The verification and validation process comes forth before accessing of information from the unauthorised or authorised user. This method helps in restricting the un-authorised person to access the information from the network. The digital signature method is used for providing authentication to the resources.
• Controls used for user access: “The role based access controls should be developed for limiting the access of information” (Kamat, 2014). The limited user can access the resources, policies, devices, application, and components to complete their allocated tasks. It helps in minimizing the entrance of the intruder.” The role based access control is the standard approach which is used for accessing data in the conventional IoT infrastructure” (Gaiser, 2015). In this user take the permission to act as a particular role for accessing information.
• Control measures for application access: “The use of application can be done limited by using the monitoring programs for sending the secured data over the network” (Li, 2015). The firewall protection and intrusion detection system are used for preventing the entrance of the intruders. These systems are capable of performing deep inspection of the packet. It helps in reducing the risks to a high extent. In the IoT environment the emphasis is given on the security standards used for managing the on-board devices and improving operations for implementing business processes
• Life cycle management of the devices: “The procedures are used for enabling the security measures associated with the hardware and software” (Noronha, 2016). The patching is the most recommended process for updating the hardware and software according to the requirement of the application. The patches are applied on the application to fill the gap between physical and virtual world and continue the flow of information to maintain the continuity of services provided by the application.
• Encryption policy: “The encryption policies are used for protecting the configuration of the devices using the bit streams to protect the devices against of hacking and vulnerabilities attack” (Shacklett, 2014). The public and private keys are used for encrypting the data. It helps in preventing the disclosure of information because it requires the pair of private and public key at receiver end to decrypt the data.
• Standards for managing interoperability: the standard should be developed for enduring that the secure communication exists between the communicating devices. The devices can securely and safely communicate to each other.
• Add-ons on IoT solution: “The add-ons helps in building the specific requirement for developing the application” (Khalid, 2016). It is worth full for indulging security features according to the requirement of the application.
• Responsibilities of the key-players: The security method and credential should be followed for exchanging information over the network. The potential risks should be assessed by the stakeholders. The synchronization of activities reduces the chance of risks to occur.
• Managing the data baseline: The monitoring credentials are used for predicting the use and location of the devices. It helps in developing connection with the devices for accessing it according to the requirement without any hindrance.
• Data governance: The standards should be developed for defining the confidentiality and associated security of the data. The governance structure and framework is used for developing the architecture which is responsible for identification of resources, developing protocols for safeguarding the system, interoperations between the resources, and maintenance of inter-tag communication.
• Creation of loosely coupled system: The internetworking between the devices should be based on loosely coupled system because if the device got failure or get under the control of hacker than it can be easily removed from the system so as to maintain communication flow between other participating devices.
• Framework designed for preserving Privacy: The remote access capabilities can increased the risks of violating the information. There are number of frameworks designed for maintaining the privacy of data which are named as Tropos, Kaos, PRIS, and NFR.

There are different security measures to overcome different situation because one security methods is not capable of securing assets in all the areas. The devices with high asset values are provided with high standard security level. The security process should be first thought which should go simultaneously with the designing and implementation of IoT.

Conclusion:

The growth of the internet of things depends on the evolution which comes in the field of technology with the rapid growth of cloud computing, social networking, automatic computing, cyber security system, and others. The IoT is defined as the creation of internetworking between physical resources and devices. The devices which are used in the internet of thing platform are having feature of sensors, actuators, software, and network connectivity. The internet of thing is capable of managing relationship with supply chain management system, loss of assets can be prevented, the business delivery process can be enhanced, optimizing the response in the supply chain, effective management of costs, forecasting the accuracy of the object, maintaining relationship with suppliers, employers, customers, partners, and other associated members. The building blocks of IoT are the wireless sensor network and radio wave frequency identification. The implementation of IoT suffers from three limitations such as management of heterogeneous devices, use of sensor nodes, and the dimensions of the object. The review system uses the technology of threat modelling for evaluating risks associated with each security layer. The security measures should be used on the vendor devices. The modification of privacy and security methods are used for managing security. The periodic updates should be available within the application. The smart features of the devices should be equipped with the security measures. The Standard protocols are used for managing mash-up of the application for managing the interoperability, security and privacy of information, and capability configuration. There is incompatibility between the physical and virtual world. The sensor devices and network is the best solution to fill the gap between them for effective utilization of resources. The development of digital strategies makes use of IoT platform to brig revolution in the field of technological development. The intelligence distributed processing system is used for controlling the managing decision for the effective utilization of resources and devices o the IoT infrastructure.

References:

Ahmed, A. (2012). Types of security threats and its prevention. 1st ed. [ebook] Available at: https://ijcta.com/documents/volumes/vol3issue2/ijcta2012030240.pdf [Accessed 29 May. 2017].

Bruch, M. (2016). IoT and sustainability. 1st ed. [ebook] Available at: https://citris-uc.org/wp-content/uploads/2016/07/CITRIS_IoT-and-Sustainability-White-Paper.pdf [Accessed 29 May. 2017].

Choudhary, P. (2014). Safeguarding the internet of things. 1st ed. [ebook] Available at: https://www.cognizant.com/whitepapers/safeguarding-the-internet-of-things-codex2465.pdf [Accessed 29 May. 2017].

Fang, S. (2016). An integrated system for regional environment monitoring and management based on internet of things (1st ed.). Available at https://ieeexplore.ieee.org/document/6725615/ [Accessed 29 May. 2017].

Friess, P. (2012). Internet of things and digital enterprise: U K collaborative workshop (1st ed.). Available at https://connect.innovateuk.org/documents/3077922/3726394/Overview+of+EU+IoT+opportunities,%20Peter+Friess.pdf/f2ff3406-b813-4839-9c98-b22b9ccf1a7f [Accessed 29 May. 2017].

Friess, P. (2014). Internet of things- from research and innovation to market deployment (1st ed.). Available at https://www.internet-of-things-research.eu/pdf/IoT-From%20Research%20and%20Innovation%20to%20Market%20Deployment_IERC_Cluster_eBook_978-87-93102-95-8_P.pdf [Accessed 29 May. 2017].

Gaiser, K. (2015). Integrating IoT sensor technology into the enterprise (1st ed.). Available at https://www.intel.com/content/dam/www/public/us/en/documents/best-practices/integrating-iot-sensor-technology-into-the-enterprise-paper.pdf [Accessed 29 May. 2017].

Haller, S. (2014). The internet of things in an enterprise context (1st ed.). Available at https://ai2-s2-pdfs.s3.amazonaws.com/1c49/c74521b4c9eae7a352a3b223b4213294c681.pdf [Accessed 29 May. 2017].

James, S. (2015). Industrial Internet of things. 1st ed. [ebook] Available at: https://www3.weforum.org/docs/WEFUSA_IndustrialInternet_Report2015.pdf [Accessed 29 May. 2017].

Kamat, P. (2014). Industrial internet of things (1st ed.). Available at https://www3.weforum.org/docs/WEFUSA_IndustrialInternet_Report2015.pdf [Accessed 29 May. 2017].

Khalid, A. (2016). Internet of things and research agenda (1st ed.). Available at https://ijcsmc.com/docs/papers/March2016/V5I3201699a15.pdf  [Accessed 29 May. 2017].

Li, D. (2015). Building value from visibility (1st ed.). Available at https://www.zebra.com/content/dam/zebra/white-papers/en-us/zebra-iot-report-en-us.pdf  [Accessed 29 May. 2017].

Miorandi, D. (2012). Internet of things: Vision, Aplications, and Research challenge. 1st ed. [ebook] Available at: https://www.dicom.uninsubria.it/~sabrina.sicari/public/documents/journal/2012_IoT_vision.pdf [Accessed 29 May. 2017].

Noronha, A. (2016). Attaining IOT value: How to move from connecting things to capturing insights (1st ed.). Available at https://www.cisco.com/c/dam/en_us/solutions/trends/iot/docs/iot-data-analytics-white-paper.PDF [Accessed 29 May. 2017].

Radhakrishanan, S. (2016). Bootstrapping security. 1st ed. [ebook] Available at: https://www.ericsson.com/assets/local/publications/white-papers/wp-iot-security.pdf [Accessed 29 May. 2017].

Saif, I. (2015). Safeguarding the internet of things. 1st ed. [ebook] Available at: https://dupress.deloitte.com/content/dam/dup-us-en/articles/internet-of-things-data-security-and-privacy/DUP1158_DR17_SafeguardingtheInternetofThings.pdf [Accessed 29 May. 2017].

Shacklett, P. (2014). Reaping the benefit of the internet of things  (1st ed.). Available at https://www.cognizant.com/InsightsWhitepapers/Reaping-the-Benefits-of-the-Internet-of-Things.pdf [Accessed 29 May. 2017].

Tollens, W. (2016). The internet of things for today and tomorrow (1st ed.). Available at https://www.arubanetworks.com/assets/eo/HPE_Aruba_IoT_Research_Report.pdf [Accessed 29 May. 2017].

Vermesan, O. (2013). Internet of things- Converging technologies for smart environment (1st ed.). Available athttps://www.internet-of-things-research.eu/pdf/Converging_Technologies_for_Smart_Environments_and_Integrated_Ecosystems_IERC_Book_Open_Access_2013.pdf [Accessed 29 May. 2017].

Wang, C. (2014). Internet of things for enterprise system of modern manufacturing (1st ed.). Available at https://pdfs.semanticscholar.org/a504/6b31365733a0bc99a60ed9ca2bf3b7a15690.pdf [Accessed 29 May. 2017].

Wu, H. (2014). Integration of distributed enterprise applications: A survey (1st ed.). Available at https://eclass.upatras.gr/modules/document/file.php/EE653/%CE%95%CF%81%CE%B3%CE%B1%CF%83%CE%AF%CE%B5%CF%82/Integration%20of%20Distributed%20Enterprise%20Applications_A%20Survey.pdf [Accessed 29 May. 2017].

Xiang, K. (2012). Internet of things: Security risks and automated policies. 1st ed. [ebook] Available at: https://www.cisco.com/c/dam/en_us/solutions/trends/iot/docs/security-risks.pdf [Accessed 29 May. 2017].

Zhu, Y. (2015). The internet of things has the potential to connect and transforms businesses (1st ed.). Available at https://assets.cdn.sap.com/sapcom/docs/2015/08/54f65c37-3b7c-0010-82c7-eda71af511fa.pdf  [Accessed 29 May. 2017].