As low-cost Internet of Things (IoT) devices go online without proper security precautions taken by vendors and the businesses that utilize them, the vulnerabilities of the IoT have grown to be one of the greatest concerns of security professionals. For secure communication in the IoT, a number of requirements must be fulfilled. These criteria, which include privacy, message integrity, authentication, data freshness, service integrity, heterogeneity, and key management systems, are crucial components of security. This article discusses the IoT’s requirements for secure communication.
Privacy:
While the sensors are communicating in the network they are a member of, nodes that are not included in the network should be prevented from accessing the messages transmitted. In order to achieve this goal, the nodes in the network should establish a secure communication channel among themselves. To ensure secure communication and prevent the message from being listened to by unauthorized legal entities, the transmitted messages must be encrypted. The message traffic of the network is encrypted using different methods at the selected protocol layer.
Message Integrity:
Message integrity can be defined as the message transmitted by the source reaching the destination without being changed as it moves through the network. It should be detected that the message sent on the network has been modified by any network element, and the modified message should be rejected. Whether a message has been modified during transmission can be found by a mechanism such as a Message Authentication Code (MAC).
Authorization:
Authorization can be defined as mutual authentication of communicating nodes. In this case, the attacking node cannot engage in communication without source authentication.
Data Freshness:
It can be defined as the fresh (new) messages transmitted on the network or the absence of repetitions of old messages. If any message in the network is a retransmission of an earlier message, this data should not be evaluated by the nodes in the network. The standard approach to ensuring data is up-to-date in the network is to include a timestamp in each transmitted message indicating the validity period of the message.
Service Integrity:
Service integrity is the ability to securely collect data from nodes without corruption. In the data collection process, the nodes transmit the data they receive from the neighboring nodes either to the gateway or to the nodes if there are nodes to process the data. Secure data collection, accurate calculation of the measurement of real-world data, and detection of data obtained from corrupted nodes are important for service integrity.
Heterogeneity:
Devices with different features (bit rate, capacity, version, function) developed by manufacturers in the IoT technology should be able to communicate with each other. Security protocols that can be automatically adjusted according to the hardware’s capabilities should be developed so that devices with the specified features can communicate among themselves without any problems.
Key Management:
Devices that make up the IoT must exchange some security parameters among themselves to ensure the security of data. For this purpose, simplified key management and minimum energy-consuming key distribution methods should be used for security mechanisms that ensure mutual trust between devices.
Consequently, if the projects that create IoT systems or develop services based on IoT systems carefully consider these requirements mentioned above, projects that are resistant to external threats will be developed.
