Chuan-Kun Wu - Internet of Things Security: Architectures and Security Measures

The Advances in Computer Science and Technology series publishes state-of-the-art results contributed by China Computer Federation (CCF) members or authors associated with or invited by CCF. This series aims to efficiently disseminate advanced researches and practical applications to international research community. The topical scope of Advances in Computer Science and Technology spans the entire spectrum of computer science and information technology ranging from foundational topics in the theory of computing to information and communications science and technology and a broad variety of interdisciplinary application fields. This series mainly include monographs, professional books and graduate textbooks, edited volumes and books. All volumes are authored or edited by established experts in their fields, published according to rigorous peer review, based on the editors preview and selection and adequate refereeing by independent experts. Each volume will provide a reasonable self-contained account of a topic, as well as a survey of the literature on the topic. The intended audience includes graduate students, researchers, professionals, and industrial practitioners.

More information about this series at http://www.springer.com/series/13197

This Springer imprint is published by the registered company Springer Nature Singapore Pte Ltd.

The registered company address is: 152 Beach Road, #21-01/04 Gateway East, Singapore 189721, Singapore

The concept of Internet of Things (IoT) has been proposed for decades. It is designed to connect small physical devices and RFID tags together over the networks, particularly over the Internet. The networked things can be physical things without computation capabilities, or devices that have computation and communication capabilities. Things without computation capabilities need to attach RFID tags so that they have digital identities and can be networked.

In an IoT system, application data are collected by sensors, transmitted over public and private networks, and processed in a data processing center, which may be used by end users. Command data from end users are transmitted down to the endpoint devices, including RFID tags.

The process of data collection makes an effective connection between the physical world and digital data, while the process of endpoint device control is also a connection between the digital data and the physical world, so the techniques of IoT are beyond the edge of the the Internet is only about digital data, and the IoT can connect the physical world with the digital data. If the Internet together with data and related network services is treated as a cyberspace, then the techniques of IoT provide a connection between the physical world and cyberspace. This small but substantial characteristic makes IoT substantially different from the Internet in the traditional sense.

There is no formal definition about what IoT is; however, the concept of IoT can be described by an IoT architecture. A number of different IoT architectures have been proposed in public literatures, including three-layer architectures, four-layer architectures, five-layer architectures, and six-layer architectures or domain-based architectures. Each architecture is a specific description about the logical structure of IoT. Although different architectures have some differences, the natural components of IoT remain the same. Therefore, different IoT architectures can all be referred to in the construction of IoT systems. Hence, it is not important to scrutinize the concepts of IoT and the descriptions of the IoT architectures. As long as a description of the IoT concept or IoT architecture is self-contained, it would not affect practical constructions and applications of IoT.

The techniques of IoT can be used widely. In recent years, the techniques of IoT have already been used in many areas, including industry, government, infrastructure, transport, facilities, and services, in everyday life.

Like many other techniques, while IoT brings many conveniences and advances, it also brings new security threats. Currently, security techniques for IoT systems are far from satisfactory. With the advances of IoT applications, problems caused by lack of security protection appear to be more severe. There have already been security attacks on IoT devices, which caused severe security events where large amount of IoT devices were involved in a DDoS attack. Given that the number of IoT devices keeps growing, DDoS attacks making use of victim IoT devices can be a big security threat and challenge in IoT security.