A LAYER-WISE COMPONENT AND SECURITY ANALYSIS OF AN IOT APPLICATION (Mfine)
In this report, there is a discussion of 5 layers and 3 layer architectures of the Mfine IoT based application. Here firstly there is an introduction about the total report, like what is going to be discussed in this study. After that, there is an analysis of the application. In that analysis section, there is a discussion of 5 layers and 3 layer architecture, security measurements of those architectures, countermeasures of those architectures, and the emerging applications in this sector. Lastly, there is the conclusion about the total study.
In this report, there will be a discussion about the layer-wise security and element analysis of an IoT based mobile application. In this report, there will be a discussion about the three-layer and five-layer architecture of the application. Then there is the justification of one of those architectures, among the five-layer and the three-layer. After that, there is an analysis of the application’s E2E security concerns, and then there are countermeasures of those security concerns. Lastly, there is a discussion of some emerging applications in the analysis section. After the analysis section, there is a conclusion about the full report.
In an IoT application, there are two types of architecture mainly obtained: three-layer architecture and the other is five-layer architecture (Kholod et al. 2021). In this part of the study, the three-layer and five-layer architecture of the application will be discussed briefly.
In a three-layer architecture, there are mainly three layers that can be obtained, “Application layer”, “Network layer”, and lastly the “Perception layer”.
The application layer is the upper layer of the architecture. Through this layer, the delivery of the application towards a selected user can be appropriately done (Hosenkhan, 2019). The application defines the process, where the IoT technology can be deployed is being performed through the application layer. The application layer is also responsible for the specification of protocol interactions, and the methods of an interface via a communication network. The utilization of this application layer is being obtained for both of the network models, the OSI model, and the IP model. The application is also dependent on the protocol of the transport layer for transferring data set from a host towards a host.
The network is one of those critical layers in architecture, which is responsible for the connection among servers and devices (Sengupta et al. 2019). The features of this layer are also able to transfer and processing of data sets. The network layer is the last layer in three-layer architecture, which is able to accept the service requests from the system and also forward them towards the “data link layer”. Through this network layer, the transferring process of “logical address” to “physical layer” can be done. The network layer is also able to perform the transferring process of “variable-length network packets” from a specified source towards a host through networks.
In this three-layer architecture, the perception layer is the only physical layer, which also has sensors. Through these sensors, the network layer is able to sense the information and also to gat6her knowledge about it. Through this perception layer, the parameters of a network can be appropriately identified (Rani, 2020). Through this layer, the transmitting and sensing of sensor data sets can be done correctly. For this applicatio0n, this perception has a significant impact, as this layer is able to gather all the necessary information in the system. For this Mfine application, the perception layer gathers information about doctors and patients.
Figure 1: Three-layer architecture
In this five-layer architecture, the obtained layers are like; “Business layer, application layer, processing layer, transport layer, and lastly the perception layer”. The discussion of those layers will be discussed briefly below.
The business layer is one of the most critical layers in this five-layer architecture. This includes the applications, profit models, and the business for this Mini application (Anand et al. 2020). This layer is also able to manage the complete IoT application in the system. The privacy of the user is also maintained by this layer, like the critical information about the user. In IoT application, the business layer is utilized for separation and differentiation of physical tiers, for adding performance through scale-out capacity. The business layer can also be accessed by the elements of interfaces, or even through the abstraction layer.
In this 5 layer architecture, the application layer is utilized as an abstraction layer, through which the specification of interaction protocol can be adequately maintained (Al et al. 2020). For both the standardized model’s application layer has been utilized, in terms of maintaining proper interaction among elements. In the OSI model, the application layer is the 7th layer, through which the display process and information receiving process is performed. In this application, the used protocols for the application layer are; FTP, TFTP, SMTP, etc.
In this five-layer architecture, the Processing layer is commonly known as the layer of middleware. Through this layer, the storage process of the application is being done correctly. After storing data sets, the analysis, and processing of those datasets are being performed in this layer. The data sets that are being stored in this layer all are coming from the transport layer. The layer is able to provide a massive set of services towards the lower layer for the application (Agarwal, 2020). In this Mini application, the various set of programs like; database, models for big data analysis, and cloud computing is being installed by using this perception layer.
The transport layer is one of those critical layers in this five-layer architecture. Through this layer, the transportation of sensor data sets from a perception layer towards the processing layer is being performed via networks of versa, like; LAN, NFC, RFID, etc. This layer is considered a step 4th layer of this application. This layer is also responsible for the interactions over a network. The security of this interaction is also being performed through this layer. The interactions among different host elements are also properly through this transport layer.
The perception is the physical layer that is responsible for transferring information towards the system through sensors. This layer is able to gather information from network parameters.
Figure 2: Five-layer architecture
For this Sort base application five-layer architecture has been chosen, as it provides several benefits to the users. The obtained are from this architecture will be discussed briefly.
Multiple user allocation:
In this five-layer architecture, the system will allow multiple users, as necessary (Tahsien, 2020). So in this patient monitoring system, there will be one application that will benefit multiple users, which means the doctor is able to monitor multiple patients at a single time. Which ultimately saves time for the doctor, and the users also (www.academia.edu, 2017)?
The tremendous amount of capacity for information:
In this five-layer architecture, there is a total of 5 layers has been obtained, so by using those layers, the storage capacity of the system can also be increased in a higher context. With a vast number of capacity maintenance, the user will be able to gather more information in the application.
The proper way to distinguish:
In this five-layer architecture, the distinguished process is being performed according to the service, protocol, and interfaces. So through this distinguished process, the user will be able to get the required service for the required specifications. So from here, it can be understood that the resource maintenance and service providing facility in this five-layer architecture is helpful for users.
In this five-layer architecture, the obtained protocols are being situated in a hidden form. Through this process, any kind of protocol can be implemented in this architecture, which ultimately provides benefits to the users. So the flexibility of the architecture is well maintained in terms of adopting protocols. So the necessary protocol can be implemented in the architecture as per requirements (www.researchgate.net, 2017).
So with those above-mentioned benefits, the five-layer architecture is selected for this IoT based application.
For this application the security concerns are like;
The compliance lack from the manufacturer part is one of those significant security concerns for the Mini application. As the standards of 5 layer architecture in IoT have not been appropriately selected yet, the lack of compliance may occur as a risk for the application. The obtained lacks in manufacturer parts are like; poor password selection, challenges in the hardware section, lack of update mechanism in terms of security, and unpatched OS utilization in the system, and lastly the insecure process of storage and stat transfer. So with those that lack compliance in 5 layer Iot structure occurs as a challenge for the system. As the update mechanisms are not appropriately maintained so the system may crash at the time of updating the software. Along with that, the insecure transfer of data sets may result in data violation, which means that critical information of the application may be lost.
In this five-layer architecture of IoT application, Botnets are one of those significant attacks that can affect the system in a vast context. In this type of attack, the attacker will create a massive number of bots for infecting the system. This infection is being performed with the use of malware and the request process. The attacker will command the bots to send 1000 requests in a minute for getting down the system performance. Through this request sending procedure, the system will get hanged and shut down a few times. The attacker divides the bots into two different working procedures, one team will install malware into the system, and others will send requests. Through this process, the user of the system will not be able to understand the installation of malware, as the system will get stopped at the same time.
Figure 3: Botnet attack
(Source: Srivastava, 2020)
Physical hardening lack:
The lack of “physical hardening” is also one of those security concerns in IoT applications. Through this process of physical hardening, the attacker will know the location and physical state of the IoT device. After this detection, the attacker may damage the device in terms of physical damage [Referred to appendix 1].
Countermeasures for compliance lack:
To overcome this compliance lack in IoT applications, improvements are being required in the hardware section, OS of the system, storage and data transfer process. The OS of the system needs to be upgraded as per requirement, by performing this process the OS issue can be appropriately obtained. The calculation of storage capacity is also required to be done by considering all the required elements of the system. With a proper storage calculation, the issue related to the storage of the system can be adequately overcome.
Countermeasures for Botnet attack:
The most significant countermeasure for the attacks against the bots is being performed by cleaning all the systems and also performing the removal process of installed bots. Through this removing process, the total power of boots is down. As per the excerpt, this process is one of the most challenging processes in terms of countermeasures. A total of 8 ways has been identified in this countermeasure of bot attacks. The ways are like;
- Installation of kill switches VPN.
- Installation of dedicated systems for blocking emails of fraudulent.
- Secure baseline strategies.
- Software installation in the manual process.
- Installation of windows firewall.
- Compartmentalization of networks.
- Breaking of connections between domains and systems.
- Setting up a vast number of security layers.
In the healthcare sector, there are several emerging technologies that have been obtained in terms of patient health analysis. The obtained technologies are like; CGM, “automated insulin delivery”, and the “connected inhalers”.
This CGM system is the device, which provides support towards the patients in terms of monitoring the glucose level of the patient. This CGM system is also able to take measurements of the patients multiple times of the day. This system has been approved by the FDA in the year 1999. Nowadays, this CGM device is being considered one of the most remarkable technologies of IoT.
“Automated insulin delivery”:
In this health care sector, this insulin delivery system is one of those significant technologies in IoT. Through this system, the insulin-producing manner towards a patient’s body is being done correctly. This machine is also able to measure the required amount of insulin in a patient’s body and provide it.
In this IoT technology, this connected inhaler is one of those significant inventions that provide support to the patients in a higher context. This technology is known as the Propeller health technology; through this, the inhaler production for an entire group has been provided. In this Propeller system, a sensor has been placed for attracting the inhaler towards a Bluetooth based spirometer [Referred to appendix 2].
This report can be concluded as there is a discussion of the three-layer and five-layer architecture of the selected IoT based application, justification of the architecture, security concerns, countermeasures and emerging technologies in IoT. Firstly there is an introduction about the exhaustive study, like what is going to be discussed in this study. Then there is an analysis of those layers and security concerns.
Kholod, I., Yanaki, E., Fomichev, D., Shalugin, E., Novikova, E., Filippov, E. and Nordlund, M., 2021. Open-Source Federated Learning Frameworks for IoT: A Comparative Review and Analysis. Sensors, 21(1), p.167.
Hosenkhan, R. and Pattanayak, B.K., 2019. A secured communication model for IoT. In Information Systems Design and Intelligent Applications (pp. 187-193). Springer, Singapore.
Sengupta, J., Ruj, S. and Bit, S.D., 2019, January. End to end secure anonymous communication for securely directed diffusion in IoT. In Proceedings of the 20th International Conference on Distributed Computing and Networking (pp. 445-450).
Rani, S., Kataria, A., Ghosh, S., Karar, V., Gupta, T., Lee, K. and Choi, C., 2020. Threats and Corrective Measures for IoT Security with Observance to Cybercrime. arXiv preprint arXiv:2010.08793.
Anand, P., Singh, Y., Selwal, A., Alazab, M., Tanwar, S. and Kumar, N., 2020. IoT vulnerability assessment for sustainable computing: threats, current solutions, and open challenges. IEEE Access, 8, pp.168825-168853.
Al-Garadi, M.A., Mohamed, A., Al-Ali, A., Du, X., Ali, I. and Guizani, M., 2020. A survey of the machine and deep learning methods for the internet of things (IoT) security. IEEE Communications Surveys & Tutorials.
Agarwal, P. and Alam, M., 2020. Investigating IoT middleware platforms for smart application development. In Smart Cities—Opportunities and Challenges (pp. 231-244). Springer, Singapore.
Srivastava, A., Gupta, S., Quamara, M., Chaudhary, P. and Aski, V.J., 2020. Future IoT‐enabled threats and vulnerabilities: State of the art, challenges, and future prospects. International Journal of Communication Systems, p.e4443.
Tahsien, S.M., Karimipour, H. and Spachos, P., 2020. Machine learning-based solutions for the security of Internet of Things (IoT): A survey. Journal of Network and Computer Applications, p.102630.
www.academia.edu, 2017 Network architecture, Available at:https://www.academia.edu/download/57984836/V7I12201817.pdf[Acessed on 12-10-2020]
www.researchgate.net, 2017 Architecture layers, Available at:https://www.researchgate.net/publication/320250007_A_systematic_study_of_security_issues_in_Internet-of-Things_IoT[Acessed on 12-10-2020]
Appendix 1: Emerging applications of IoT
Appendix 2: Medical services
Academic Research Writing Arm of Global Research Services.