2nd International Conference on Scientific

and Academic Research

March 14-16, 2023 : Konya, Turkey

All Sciences Proceedings © 2023 Published by All Sciences Proceedings

http://as-proceeding.com/

Layered Architecture of Internet of Things-A Review

Muhammad Awais*, Jawaid Iqbal 2
1
Software Engineering Department, Capital University of Science and Technology Islamabad, Pakistan
2
Computer Science Department, Capital University of Science and Technology Islamabad, Pakistan
*
(mawaiskhan1808@gmail.com) Email of the corresponding author

Abstract – Nowadays internet of thing is need of every person as it makes life easy and comfortable its
object work with sensors and actuator without involving human. This device gets users personal
information and store it in internet cloud etc. IoT device has limited storage, power consumption and the
capacity of network. Attacker can easily attack and get user information and use its wrong way in this
scenario to maintain and keep secure privacy in IoT devices is also big issues so IoT has major issue of
security. Its need to identify security threats and attacks and purpose solution to prevent from those attacks.
So that every person can use every IoT devices without any kind of fear and hesitation about their privacy
and trust and fear of loss private data. In this paper we focus on the layered architecture of IoT with its
threat and attack also highlight the suitable solution of each layer’s attack and focus on the security goal
which used and must achieve in every IoT devices to secure that devices from any kind of attacks and
threats that can breach the end user vulnerability and get access of end user’s system. We also discuss some
useful and existing techniques with services to prevent from different kind of attack that used worldwide.

Keywords – IoT, Security, Privacy, Authentication, Threats, Vulnerability

I. INTRODUCTION that develops because of the growing reliance on

Internet of Things(IoT) is a network that help data and IoT-based devices. When we talk about
devices to communicate with each other and share gadget reliability, we imply that they must always
data. With the help of sensors and actuator it makes function flawlessly and effectively as intended [1].
things smart and automatic. Sensors sense and get Through internet any malicious activity can
data from its environment and pass to the actuator perform that could be dangerous for original user.
that take corresponding action on the basis of Attacker can get sensitive information of original
predefine rules and regulations. IoT make human user through internet connection and use it an
life easy comfortable and efficient and by using IoT illegal way. Due to these security issues people
devices people reduce their effort and make their have some kind of fear and hesitation to use IoT
life easier. IoT devices connected with internet devices. That ‘why security is major issues that
without internet IoT is nothing. Internet work as a many user face.
backbone in IoT devices. So there are some security The main challenges in an IoT context are security
and privacy issues that a user can faced during the related issues such privacy, authorization,
use of IoT devices. verification, access control, system setup,
It is important to protect user security by limiting information storage, and management (Jing et al.,
unauthorized identification and access. By privacy, 2014). IoT applications, such as those for
we mean that the user has sole control over his or smartphones and embedded devices, for instance,
her personal information. Reliability is a problem contribute to the development of a digital

124
environment for global connectivity that makes life are susceptible to hacker exploitation because of the
easier by being sensitive to, adaptable to, and IoT devices' extensive accessibility and
responding to, human requirements. Security is not interconnectedness. Finding a cutting-edge security
assured, though. When user signals are cut off or architecture that addresses problems with data
intercepted, users' privacy may be violated and security, data confidentiality, and data integrity is
their personal data may be exposed. therefore necessary [7].
In order to secure the IoT, there are still unresolved
This issue needs to be resolved in order to provide problems and difficulties that must be overcome. 37
users confidence regarding their privacy and As a result, the IoT systems have security flaws and
control over their personal information before the are open to several attacks [8]. The underlying cause
IoT is widely used. Addressing security issues is of these defects or successful assaults is that the
crucial for the growth of the Internet of Things. In controls or the underlining architecture are not
strong enough to safeguard Internet of Things
addition to proposing potential ideas for enhancing
(IoT)based applications [9]. Security measures
the IoT security architecture, this study seeks to
should be taken into account for the entire design
serve as a valuable guidebook of current security because each layer of the IoT architecture has
risks and vulnerabilities of the varied IoT distinct security challenges and interacts with other
environment [2]. layers [10].
II.LITERATURE REVIEW
Several different goods and technologies are used at
The term "Internet of Things" refers to a network every layer, from sensing to the application. At the
made up of "smart objects," which are multiple edge nodes, these include several sensors and
physical objects, sensors, and edge devices that actuators. There are numerous communication
communicate via various Internet resources and are protocols, including Bluetooth, Wi-Fi, IEEE
used for a variety of purposes in a variety of 802.15.4, Insteon, dash7, and cellular networks. All
industries, including apparel, logistics, health care, of these requirements must be met by a handshake
and transportation (IoT). It is among the most mechanism. In addition, multiple communication
significant technological revolutions of our time [4]. technologies, such as ZigBee, 6LOWPAN, wireless
HART, Z-Wave, ISA100, Bluetooth, NFC, RFID,
It is a predecessor to the smart world because it uses etc., are employed at different levels in the same IoT
pervasive computing and networking to simplify application [11].
and provide other services, like the simple
monitoring of many environmental phenomena. With the help of cutting-edge technologies like
With the development of computing and Radio-Frequency Identification (RFID) and
communication technologies, the quality of the Wireless Sensor Networks (WSNs), which are
environment and ordinary items, often known as sensed by the sensor devices and then processed for
things, objects, or machines, is increasing. Although decision-making, on the basis of which an
an IoT architecture may offer a range of solutions automated action is performed, the fundamental
for different industries, its major objective is to goal of the Internet of Things is to enable
create a working, scalable, flexible, maintainable, autonomous exchange of useful information
and affordable IoT ecosystem [5]. between invisibly embedded different uniquely
identifiable real world devices around us [12].
However, because of their limited resources and the
intrinsic IoT environment conditions—basically,
Due to security issues and challenges every source
the dynamic element, the heterogeneity, and the
of internet can exploit and breach the vulnerability.
open and wireless means of communication—
As each architecture layer have some security
connected objects are typically vulnerable. The
problems. In this paper we described the IoT
majority of conventional security mechanisms
elements that purposed different researchers in IoT
created so far for the Internet do not meet IoT
devices. We also highlight security goals that must
security needs, making IoT network security a
achieve to get authenticity, trust and privacy. We
persistently open and difficult problem [6]. Systems
have reviewed on each architecture layer of IoT and
125
suitable techniques and solution to resolve that address. By using Electron Product Code(EPC),
issues and improved layered architecture of IoT IPv6 and ubiquitous code we can provide address.
which have mac layer and data and assets security
Sensing
layer that is called seventh layer architecture of IoT.
Sensing is processing of gathering data from its
III. MATERIALS AND METHOD related environment and after processing get
We reviewed the security goals IoT elements, information and send to the database or cloud.
different layered architecture of IoT and related There are some sensing devices like FRID,
threats that create problem and issue for end users. actuator, and wearable sensing devices.
A. Security Goals of IoT
Communication
In the following section we presented the security
goals that help to make IoT devices secure and It is main element of IoT that help devices to send
trustable. and receive data, files and communicate with each
other. For example, NFC, Bluetooth, and Wi-Fi.
Confidentiality
Computation
Confidentiality ensure that information is available
just for authorized and authentic user and keep all It works like brain of IoT. It controls and manage
information private from unauthorized access and the computation power of IoT. Like Lite OS.
information only share with trusted user it ensure Services
that information cannot be disclose and not share
with illegal user. Four type of services provides for customer.

Availability • Identity related services

• Information Aggregation
It is property that ensure availability for authentic
• Collaboration Aware services
user 24/7. Authorize user can get access at any time
• Ubiquitous Services
when user needs. It protects information from DoS
and DDoS attack because due to DoS Attack Semantic
Information is unavailable for authorized user.
It has ability to extract information using resource
Integrity and decide to send response to device. Like OWL,
and RDF.
It is property that ensure information is in its
original form and cannot modify by unauthorized C. Layered Architectures of Internet of Things
user or attack. It performs some techniques and
method to keep secure information from attacker. It With the help of these layered architecture we can
ensures that information is not disclose. understand easily what kind of threats and attack
perform on each layer and what is the suitable
B. IoT Elements solution for that attack to keep secure our network
environment.
IoT devices consist of six elements that help to
devices work automatically by observing its
environment and take action according to pre-
defined rules.
Identification
Identification is important part of everything same
in IoT it has identification which consists two main
parts one is name that get from id and second is
address. Each object has different and unique

126
1. Three Layered Architectures and Security Issues attacker get cryptographic keys and know about the
password of user.
Network Layer
This layer act like a bridge between perception
layer and application layer. It gets information from
perception layer and send it to application layer
using different kind of protocol. Its basic purpose
to transmit information.
Security Threats
Denial of service: It is kind of attack in which
attacker create a traffic on particular network to
create difficulty for authentic user on that network.
So that original user does not get access easily on
network.
Figure 1. Three-layers IoT [8]

Perception Layer Men in the Middle: In this attack there is an attacker

between sender and receiver communication and
Perception layer work like human senses. It get control their communication and can easily
identifies and sense different kind of things from its modify.
environment and collect data from them and after
processing it pass information to the network layer. Storage Attack: It is kind of attack in which attacker
can get information by attacking on user’s storage
Security Threats devices like cloud. It can change user’s information
into fake and incorrect detail.
Eavesdropping attack: It is real time attack that get
access to listen private communication that Exploit attack: Attacker purpose to get fully access
transmitted between sender and receiver over the on targeted system and get all information from
network and get sensitive information. targeted system so that attacker uses it according
his needs.
Node capture: It is one of most dangerous attack in
perception layer. Attacker capture full node of Application Layer
network and get important and key information of
sender and receiver that store in particular node. Application layer is defining that how system is
interact with user. All IoT apps and IoT-deployed
Malicious Node: In this attacker add malicious applications are categorized under the application
node on network to stop the sharing real layer. Smart homes, smart cities, smart health,
information and have bad impact on network animal tracking, and more applications for IoT are
energy that can destroy the network. possible. It is accountable for giving the
applications the services. Because services are
Noise in Data: Due to the fact that data must be
dependent on the data gathered by sensors, they
transmitted via wireless networks that reach long
may differ for each application [3].
distances, there is a great likelihood that the data
will contain noise, or worse, erroneous or Security Threats
incomplete information. When so much depends on
the accurate transmission of data, misleading the Cross site scripting: It is kind of attack in which
data might be dangerous [1]. attacker injected wrong script and get completely
access on that application, make changes in
Timing Attack: In this attack attacker get application and use the original information in
information about computation times so that wrong way.

127
Malicious Code: In this attacker injected a part of
malicious code that create unexpected impact and
issues that may damage the system.
Unauthorized access data: Attacker attack and gain
access on whole network then use it data illegal
way.
2. Four Layered Architectures and Security Issues

Figure 3. Five-layers IoT

Processing layer or Middleware layer

Processing layer work on big data processing. It
eliminates extra information and contain useful
information. It solves big data problem because due
to big data performance of IoT affect badly.
Security Threats
Exhaustion: when attacker perform dos attack
exhaustion occurs and create a traffic on processor
Figure 2. Four-layers IoT of system and damage the processing power of
system due to this data is unavailable for original
Support Layer user. It also dangerous for memory sources and
Support layer in four-layer architecture play an battery.
important role to achieve security and make strong Malwares: Malware is attack in which attacker
security level because in three layer there is no intention to damage the victim’s system or
security checker information directly send to computer and network. The virus can be injected in
application layer but in this support layer performs any form like script, code, adware, advertising and
authentication process and protect information usb.
from risks and attacks so that only authentic user
can send information. Business Layer

Security Threats Basic purpose of business layer to control

application and manage the process of change,
DoS: It is kind of attack in which attacker create a
traffic on particular network to create difficulty for creation, and stored information and manage the
authentic user on that network. So that original user user’s privacy. Security Threats
does not get access easily on network. Business logic attack: It is kind of attack in which
Insider Attack: Attacker is from in organization like attacker get benefits from websites scripts and poor
employee who use his legal access for illegal program algorithm It injected wrong code in
intention to gain benefit for his self and misuse of database and control information that transmitted
actual information. between client and database.

3. Five Layered Architectures and Security Issues

Zero-Day-Attack: Attacker create a problem before
anyone know about that and attacker has more
chances to success in launching this attack. And it’s
difficult to identify this attack because there is no
128
detection software at that time attacker’s intention Solution for Processing Layer’s attacks
to damage vulnerability of system.
By using anti-spyware software, different kind file
Solution of Perception Layer’s attacks and e-mail security method so that any kind of
malicious e-mail and attaches file and sources go to
By using different kind of firewall, virtual private spam without disturbing system, updated security
Network, updated antivirus software, use of HTTPs algorithm and method that detect malware and take
and SFTP prevent from different attack that occurs action against that and implement security
on perception layer and avoid to use HTTP and FTP algorithm that monitor and control any kind of
protocol, Public Wi-Fi network. Try to use that suspicious activity.
firewall which detect and prevent environment and
tell the status on regular basis if any kind of Solution for Business Layer’s attacks
malicious activity perform it alert us by showing
status good or bad. By using different encrypted By hiring trained and educated user who know how
method and algorithm can prevent from attacks and to detect risk and threat and manage that risk, apply
transmit save communication. a proper strategy to monitor system and model for
the security purpose.
Solution for Network Layer’s attacks
Improved Architecture of IoT Layered
By using Hash Function that can achieve integrity,
Improved layered architecture of IoT consist Mac
deploy firewall that detect and prevent any kind of
layer that provide authentication and data and
traffic occurs on network during communication
assets security layer that make devices secure.
and generate a kind of alarm to alert authentic user,
monitor and control network devices on daily basis MAC Layer
so that prevent from DoS attacks, use patch
management techniques that patch security holes in Each node on a network needs an addressing
system from where malicious activity can perform mechanism and channel access in order to connect
and use strong password on storage devices like with other nodes on that network or others. This is
cloud. By using all these methods prevent from the fundamental purpose of MAC. The main goal
attacks on network layer. of the MAC protocol is to prevent collisions and
make it easier for network devices to transport data
Solution for Application Layer’s attacks packets. It is in charge of multiplexing and flow
management for the transmission medium. It
By using protocol that provide Authentication, regulates the data packets' distant shared channels
Authorization, and Accountability(AAA), transmission. It provides authentication, error
configure and monitor application setting regularly, detection code
attaches only trustable devices because sometime
malicious code can be perform through USB and Data and Assets security layer
spread in system, must have some back up to
recover data that loss due to malicious or It provides protection sensitive data and assets that
unauthorized activity, must perform threat entered in network it also helps to protect storage
assessment and measure application security on from viruses and threats and protect data
daily basis, manage privileges and use intruder transformation. It provides protection by checking
detection system prevent from attacks that occur on verification of strong password and authenticate
Network layer. user.

Solution for Support Layer’s attacks

We should manage the network security regularly,
use malware prevention software, configure of
security, by managing user privileges and by
controlling removable devices.

129
 In architecture first we discuss three layered
architecture utilizes wired or wireless methods to
carry and/or transmit the data gathered by the
sensors. Additionally, it is in charge of establishing
connections between the various networks, "smart,"
and network devices. As a result, it has numerous
security problems with information integrity and
authentication.
Then the purpose of fourth layered architecture that
is security in the IoT architecture is the justification
for adding a fourth layer. In a three layer
architecture, data is routed straight to the network
layer. Sending data straight to the network layer
increases the likelihood of encountering attacks. But
in four layered architectures there is some security
issues then five layered architectures are discussed
which have two extra layer business and processing
layer. We purposed seventh layered architecture that
help to secure data before any malicious action
Figure 4. Improved layer architecture of IoT
perform and secure that data in storage devices and
mac layer provide authentication and help to
IV. RESULTS achieve main IoT security goals.
We discussed the different kind of techniques and VI. CONCLUSION
protocol and that reviewed services related
Due to security issues and challenges every
security, privacy and authenticity. source of internet can exploit and breach the
Table 1. Techniques and Services vulnerability. As each architecture layer have some
No Techniques Services security problems. In this paper we highlight the IoT
elements that must have in IoT devices. We also
1 Encryption Confidentiality
mentioned security goals that must achieve to get
2 Hash Function Integrity authenticity, trust and privacy. We have reviewed
3 MAC Authenticity on each architecture layer of IoT and purposed
Integrity, Non- suitable techniques and solution to resolve that
4 Digital Signature Repudiation, and issues and reviewed improved layered architecture
Authenticity of IoT which have mac layer and data and assets
security layer that is called seventh layer
5 Kerberos Authentication
architecture of IoT.
ACKNOWLEDGMENT
V. DISCUSSION
Thankfully, we are aware of our parents' affection
We reviewed this pervasive computing for us. Last but not least, we would like to thank our
environment where sensors and actuators will be family and friends whose prayers made it possible
connected to both living and non-living "things" and for us to finish this project.
will all be a part of the Internet, in addition to
computers and smartphones. IoT security issues and REFERENCES
related technologies play a significant part in its [1] Kumar, S. A., Vealey, T., & Srivastava, H. (2016,
implementation. The purpose of IoT security, IoT January). Security in internet of things: Challenges,
components, and a security-based study of IoT solutions and future directions. In 2016 49th Hawaii
International Conference on System Sciences (HICSS)
architecture have all been covered in this paper. We
(pp. 5772-5781). IEEE.
have discussed and examined the security threats [2] Alaba, F. A., Othman, M., Hashem, I. A. T., & Alotaibi,
related to key IoT technologies and the F. (2017). Internet of Things security: A survey. Journal
architecture's security [13]. of Network and Computer Applications, 88, 10-28.
130
[3] Burhan, M., Rehman, R. A., Khan, B., & Kim, B. S.
(2018). IoT elements, layered architectures and security
issues: A comprehensive survey. Sensors, 18(9), 2796.
[4] Gupta, S., Gabrani, G., & Arya, P. K. (2022). Intrusion
Detection System with Layered Approach to Internet of
Things—A Business Paradigm. In Internet of
Things (pp. 117-132). Springer, Singapore.
[5] Punia, A., Tiwari, M., & Verma, S. S. (2023). The IoT in
Security Architecture, Challenges, and Solutions. In
International Conference on Optical and Wireless
Technologies (pp. 405-416). Springer, Singapore.
[6] Swessi, D., & Idoudi, H. (2022). A survey on internet-
ofthings security: threats and emerging countermeasures.
Wireless Personal
Communications, 124(2), 1557-1592.
[7] Ali, A., Mateen, A., Hanan, A., & Amin, F. (2022).
Advanced Security Framework for Internet of Things
(IoT). Technologies, 10(3), 60.
[8] Deep, S., Zheng, X., Jolfaei, A., Yu, D., Ostovari, P., &
Kashif Bashir, A. (2022). A survey of security and
privacy issues in the Internet of Things from the layered
context. Transactions on Emerging Telecommunications
Technologies, 33(6), e3935.
[9] Aryavalli, S. N. G., & Kumar, H. (2023). Top 12
layerwise security challenges and a secure architectural
solution for Internet of Things. Computers and Electrical
Engineering, 105, 108487.
[10] Lee, I. (2020). Internet of Things (IoT) cybersecurity:
Literature review and IoT cyber risk management.
Future Internet, 12(9), 157.
[11] Hassija, V., Chamola, V., Saxena, V., Jain, D., Goyal, P.,
& Sikdar, B. (2019). A survey on IoT security:
application areas, security threats, and solution
architectures. IEEE Access, 7, 82721-82743.
[12] Farooq, M. U., Waseem, M., Mazhar, S., Khairi, A., &
Kamal, T. (2015). A review on internet of things (IoT).
International journal of computer applications, 113(1),
1-7.
[13] Adat, V., & Gupta, B. B. (2018). Security in Internet of
Things: issues, challenges, taxonomy, and architecture.
Telecommunication Systems, 67(3), 423441.

131