SunilCheruvu,AnilKumar,NedSmithandDavidM.Wheeler
DemystifyingInternetofThingsSecurity
SuccessfulIoTDevice/EdgeandPlatformSecurity
Deployment
SunilCheruvu
Chandler,AZ,USA
AnilKumar
Chandler,AZ,USA
NedSmith
Beaverton,OR,USA
DavidM.Wheeler
Gilbert,AZ,USA
Anysourcecodeorothersupplementarymaterialreferencedbytheauthorinthisbookis
availabletoreadersonGitHubviathebook’sproductpage,locatedatwww.apress.com/9781-4842-2895-1.Formoredetailedinformation,pleasevisithttp://www.apress.com/sourcecode.
ISBN978-1-4842-2895-1
e-ISBN978-1-4842-2896-8
/>Thisbookisanopenaccesspublication.
©TheEditor(s)(ifapplicable)andTheAuthor(s)2020
OpenAccessThisbookislicensedunderthetermsoftheCreativeCommonsAttribution4.0International
License(whichpermitsuse,sharing,adaptation,distribution
andreproductioninanymediumorformat,aslongasyougiveappropriatecredittotheoriginalauthor(s)and
thesource,providealinktotheCreativeCommonslicenseandindicateifchangesweremade.
Theimagesorotherthirdpartymaterialinthisbookareincludedinthebook'sCreativeCommonslicense,unlessindicated
otherwiseinacreditlinetothematerial.Ifmaterialisnotincludedinthebook'sCreativeCommonslicenseandyourintendeduse
isnotpermittedbystatutoryregulationorexceedsthepermitteduse,youwillneedtoobtainpermissiondirectlyfromthe
copyrightholder.
Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewhole
orpartofthematerialisconcerned,specificallytherightsoftranslation,reprinting,reuseof
illustrations,recitation,broadcasting,reproductiononmicrofilmsorinanyotherphysical
way,andtransmissionorinformationstorageandretrieval,electronicadaptation,computer
software,orbysimilarordissimilarmethodologynowknownorhereafterdeveloped.
Trademarkednames,logos,andimagesmayappearinthisbook.Ratherthanuseatrademark
symbolwitheveryoccurrenceofatrademarkedname,logo,orimageweusethenames,
logos,andimagesonlyinaneditorialfashionandtothebenefitofthetrademarkowner,with
nointentionofinfringementofthetrademark.Theuseinthispublicationoftradenames,
trademarks,servicemarks,andsimilarterms,eveniftheyarenotidentifiedassuch,isnotto
betakenasanexpressionofopinionastowhetherornottheyaresubjecttoproprietary
rights.
Whiletheadviceandinformationinthisbookarebelievedtobetrueandaccurateatthedate
ofpublication,neithertheauthorsnortheeditorsnorthepublishercanacceptanylegal
responsibilityforanyerrorsoromissionsthatmaybemade.Thepublishermakesno
warranty,expressorimplied,withrespecttothematerialcontainedherein.
DistributedtothebooktradeworldwidebySpringerScience+BusinessMediaNewYork,233
SpringStreet,6thFloor,NewYork,NY10013.Phone1-800-SPRINGER,fax(201)348-4505,email,orvisitwww.springeronline.com.ApressMedia,LLCisa
CaliforniaLLCandthesolemember(owner)isSpringerScience+BusinessMediaFinanceInc
(SSBMFinanceInc).SSBMFinanceIncisaDelawarecorporation.
Idedicatethisbooktomyreadersfortheircuriositytolearn.MywifeSunitha,adivinepresence
andguidanceconstantlychannelsmycreativeenergytoempowertheworldwithmywisdom.My
daughter,Riaisaninspirationwithherintuitiveperspective,andhercritiqueofthedraftwas
instrumentalintransformingthecontentfortheaudience.
—SunilCheruvu
TomywifeManjuandchildren,IndujaandAbhiramfortheirconstantencouragement,
supportandcuriosityduringthewritingprocess.Iwanttothankmyparents,teachersand
friendsfortheircontinuedguidanceinlearningnewthingsandsharingmyknowledgewith
others.
—AnilKumar
ThisbookisdedicatedmywifeKJwhogivesunconditionalsupportforallthethingsIaspireto
bothvocationallyandotherwiseandtoourchildrenHayden,Addison,GavinandJanellefor
courageouslypursuingtheirdreams;andtoThomasforalwaysbeingwillingtothinkoutofthe
box.
—NedSmith
Tomylovelywife–Withoutyourencouragingsupport,strategicinsights,andchallenging
questions,IwouldnothaveaccomplishedallthatIhave.Tomywonderfulchildren–Listento
yourmother!
—DavidM.Wheeler
Foreword
In1989IwalkedintotheDistributedSystemsLaboratoryasanundergraduateinthe
ElectricalEngineeringdepartmentatUniversityofPennsylvaniaanditseemedasifIdidn’t
leavethatlabuntilIreceivedadoctorate6yearslater.Combiningcomputeand
communicationshasbeenaprofessionalpassioneversinceasI’veleadarangeofinitiatives
atIntelCorporationinprotectingvideoandaudiocontent,bringnetworksanddigital
technologiesintothehome,securingcomputeinfrastructure,andpreparingforanew
generationofdistributedapplicationspopularlyreferredtoastheInternetofThings(IoT).
IoT’sconnectionandcomputerizationisapervasivetrendtransformingeverythingwedo
andtheinfrastructurewhichsupportsus.FromsmartcitiesandhomestoIndustry4.0,
enterprises,criticalinfrastructure,healthcare,retail,andwearables,vastflowsofdata,
increasinglyprocessedusingmachinelearningalgorithms,arealteringourexistence.This
unprecedentedscale,pervasiveness,andinterconnectivityalsocreatesanenvironment
wherethesecurityandintegrityoftheseapplicationsbecomesaparamountconcern.One
onlyhastolooktotheheadlineswhereattacksoncriticalinfrastructuresuchaspower
generationanddistribution,vulnerabilitiesinourautomobiles,andmalwareinthedevices
suchaswebcams,smartphones,andPCswhichwebringintoourhomes,highlightour
collectivevulnerability.Giventheextensiveattacksurfacesbeingcreatedandtheasymmetry
betweenattackersneedingtofindasinglevulnerabilitytoexploitwhiledefendershaveto
findandcloseallvulnerabilities,IoTcreatesanunmatchedsetofsecuritychallenges.
Duringmyjourney,I’vehadthepleasureofworkingwithmanyexpertsintheirrespective
fields.Theseauthorsarethebestwhenitcomestoofferingpracticalguidanceinaddressing
theIoTSecuritychallenges.ThistimelybookwillbuildyourknowledgeabouttheIoTsecurity
challengesandremediesfromthegroundup,startingwiththefundamentalsecuritybuilding
blocksandextendingintoavailableIoTframeworksandspecificverticalapplications.Please
joinusinthecriticalmissionofsecuringIoTapplications,andbyextension,ourfuture!
—BrendanTraw
IntelSeniorFellow
Hillsboro,Oregon
July2019
Introduction
TheInternetofThings(IoT)isageneraltermdescribinganydeviceusedtocollectdatafrom
theworldaroundusandthensharethatdataacrosstheInternetwherethedatacanbe
intelligentlyprocessedtoprovideinformationandservices.Thisdefinitioncanbeextended
toanindustrialclosedloopcontrolsystemwheredataisacquired,coalescedwithrelated
data,transmittedtoanintelligentstation,analyzed,andthenactedupontoinfluencethe
environment.
ThetechnologyconsultingfirmGartner,Inc.forecaststhat20.4billionconnectedthings
willbeinuseworldwideby2020.Thetotalspendingonendpointsandserviceswillreach
nearly$3trillionin2020.1TheyalsoforecastthatworldwidespendingonIoTsecurity2is
expectedtoreach$3.1billionby2021.Inasimilarstudy,IDCForecastsWorldwide
TechnologySpendingontheInternetofThingswillexperienceacompoundannualgrowth
rate(CAGR)of13.6%overthe2017–2022forecastperiodandreach$1.2trillionin2022.3
TheauthorsbelievethatIoTisaripefieldfornotjustsecuringtheIoTdevicesbutalsofor
innovationsinsecuresystemdesign,securebuildingblocktechnologies,andsecure
hardwareandsoftwaredevelopmentpracticesthattogetherturntheInternetofThingsinto
theSecureInternetofThings.
TheIoTecosystemisataninflectionpoint,andIntelhasdevelopedaroadmapofproducts
andserviceswhichcomprehendthisgrowthandenablescustomerstoparticipateintheIoT
ecosystemtransformationfromacollectionofdisjointed,verticallyintegratedsuppliersof
embeddedtechnologiesintoanecosystemofinteroperableandflexiblebuildingblock
technologies.Thistransformationhasthreeevolutionaryphases:
Phase1:Connectpreviouslyunconnecteddevicesthroughamultitudeofinterfacesand
gatewayseventuallyconvergingontheCloud.
Phase2:Makedevicessmarterandmoresecurewheretheconnecteddevicesare
empoweredtomakemoreimportantdecisionsandbecomemoreawareoftheir
environmentandcontext,whilesecurityisresilientlymaintained.
Phase3:Increasethedegreeofautonomousoperationwhilemaintainingsecuritywhere
thesmartdevicesrequirelessdependenceonback-endservices–todictatepoliciesandto
makedecisions,becomingdevicesthatcandynamicallyjoinorleaveanetwork,can
resilientlyrecoverfromfailures,proactivelyupdatesystemsoftware,andevenlearnto
optimizeoperationalefficiency.
Upthroughcalendaryear2018,theindustry,largely,hasexperiencedatransitiontoPhase
1.We’renowseeingdramaticshiftstowardPhases2and3throughouttheindustry.We
anticipatethefuturewillbeallaboutmakingIoTsystemssecureasaprerequisitetopaving
thewayforasmarterandmoreautonomousIoT.SomemayarguethatIoTisn’tanew
phenomenon,andsomesayit’srevolutionizingthecomputedomainwherecomputehappens
fromEdgenetworkstocloudservices.OurperspectiveisthatIoTisactuallyboth
evolutionaryandrevolutionary–IoTwilladvanceandreshapetheexisting(brownfield)
infrastructurewhileatthesametimerevolutionizeandcreatenew(greenfield)markets,
processes,andecosystems.IoTwilldisruptsomebusinesses,transformothers,andcreate
entirelynewones.Thatisbothevolutionaryandrevolutionary!
InthisexpandingworldofIoT,securitybecomescriticalsincetheattacksurfaceexpands
inintricateandprofoundwayswhenconnectingbillionsofnewandpreviouslyunconnected
devices.ConnectingdevicesthathavenothistoricallybeenpartoftheInternetworldisabit
likethrowingtheinnocenttothewolves.SecurityisavitalpartoftheIoTtransformationto
connectedness.Thedata4fromtheNationalVulnerabilityDatabase(NVD)pertainingto
“CVSS5SeverityDistributionOverTime”showsthatduring2016–2018,thenumberof
vulnerabilitieswithmediumseveritytripled(3359vs.8912)andthosewithhighseverity
doubled(2469vs.4317).Duringthesameperiod,thetotalnumberofvulnerabilitiesalmost
tripled.Asearch6forIoTintheNVDfrom2016to2018resultedin89hitswithseveral
criticalandhighseverityvulnerabilitiesinIIoTgatewaysandinotherIoTdevices.Therefore
itisnotenoughtosimplyconnectthesedevices;theimperativeisthatthesedevices
authenticatemutuallyandauthorizeservicesallwhileprotectingtheconfidentiality,
integrity,andprivacyofthedatatheycollectandsharebetweenelementsofthesystem.Itis
criticaltohaveend-to-endsecurityincludingeachelementalongthedataandcontrolpaths
fromsensorandactuator,toedgeandgateway,allthewaytotheCloud,protectingboththe
deviceandtheirassociateddata,interfaces,andsoftware.Edgedevicesrangefromthe
lowest-powerMCU-baseddevicestoIntelAtom,allthewayuptohigh-performanceIntel
Core/Xeon-basedplatforms.
ItisimportanttounderstandthattheanatomyofIoThacksisradicallydifferentfrom
typicalconsumerorenterprisecomputing.Considertheexampleofahypotheticalshutdown
oftheelectricalgridviaadomestic,Wi-Fi-connectedovenandaransomwareattackthat
encryptsthefirmwareinaconnectedovenrenderingitunusable.Inbothcasestheoven
becomesinoperable.Thedifferenceisinhowthedeviceownerneedstorespondtothe
outage.Asystemicoutageofthepowergridmarshalsresourcestoaddresstheissuefairly
quicklyastheimpactismorebroadlyfelt.Thisoutagewillgarnerattentionfromgovernment
andprivatesectorprofessionalsbecauseofitsbroadindiscriminateimpact.Consumerscould
overcometheoutagebyresortingtolocalpowergenerationsourcestokeepappliances,
lights,andlocalnetworksrunning.Conversely,alocalizedmalwarecompromiseofasingle
ovenrequiresthehomeownerthemselvestobethefirsttorespondanddiagnose.Ifthe
malwareisvirulent,andnoticedbynetworkoperators,thehomenetworkmaybe
quarantinedtopreventfurtherspreading.Thehomenetworkownermayberequiredto
provetonetworkoperatorsthatthehomenetworkisfreefrommalwarebeforebeing
reconnected.Thisisasignificantburdentomostapplianceowners–aburdenmanydonot
havetheskillstoadequatelycarry.TheIoTphenomenonbringsanimportantparadigmshift
wherethefocusofourattentionturnsfromtactiledeviceslikeasmartphonetoanetwork-ofnetworksandasystem-of-systemswherethemisbehaviorofafewdevicesmayhave
systemicconsequences.Andattimesthoseconsequencesmaybebroadlyfelt,whileatother
timesfallfullyonanunsuspectingandunpreparedfew.
Nevertheless,theIoTparadigmshiftdoesn’tseemtofullypersuadesecuritypractitioners
tocarefullyregardthesecuritydesignofeveryconnecteddevice.Someevenask:Whatisso
uniqueaboutIoTthatitrequiresuniquesecurityknowledgeorexpertise?Howisitdifferent
fromsayPCsandservers?WhatdevicesqualifyaspurelyoronlyIoTthings?AnyCPU
spanningfromMCUclasstoAtomtoCoretoXeontoXeon-SPcanbea“thing”thatis
connectedtotheInternet.Sowhat’sunique?Fromourperspective,thechallengeinIoTcanbe
framedasfollows:
TheDeviceLifecycleisuniquesinceIoTdevicesoftenhaveamuchlongerreplacement
cyclethanPCsandsmartphones(sometimesupto30years).Fewofusarestillusingtheir
10-year-oldPC,butmanyofuscanidentifycomponentsinouroffices,publicbuildings,
transportationsystems,HVACsystems,watertreatmentsystems,andfactoriesthatmaybe
mucholder.Longreplacementcyclesimplyembeddedsystemswithsecurity
vulnerabilitieshaveembeddedattackvectors.
Securityobjectivesandrobustnessrulesvarygreatlyacrossmultipleverticals/domains.
Hereareafewexamples:AutoSARandthenumerousstandardsimpactingtheautomotive
domain–AutomotiveE-safetyVehicleIntrusionproTectedApplications(EVITA)/Secure
HardwareExtension(SHE)/AUTomotiveOpenSystemArchitecture,RetailPaymentCard
Industry(PCI),MedicalHealthInsurancePortabilityandAccountabilityAct(HIPAA),
namingonlyafew.
MultipleOperatingSystemsmustbeconsideredinIoTsystemstoaddressdiverse
operationalrequirements.SomeexamplesincludeLinux-Yocto,WindRiverLinux,Android,
WindowsIoT/Enterprise/Client,VxWorks,QNX,andmanyotherproprietary
implementations.Interoperabilityandconsistencyinserviceoperations,systemupdate
capabilities,anddriversupportareonlyafewoftheobstaclesencounteredinsupporting
suchadiversefieldofoperatingsystemsonasinglehardwareplatform.
SystemonChip(SoC)andCPUwithembeddedsecuritycapabilitiesandfeaturescanvary
significantlyacrossvendors’MCUproductsandevenwithinthesamevendors’products
includingIntelAtom,Core,Xeon,andXeon-SParchitectures,makingdesignofend-to-end
servicesandsecuritymorechallenging.
Therearemultiplepre-OSbootloadersandplatforminitializationsoftware,forexample,
FirmwareSupportPackage(FSP)+Coreboot,IntelSlimBootloader,UEFI,LegacyBIOS,
DeepEmbedded,andothertypesoffirmwarethatareusedacrossthevariousIoT
segments,allofwhichcomplicateIoTplatformdesignandfieldsupport.Inadequatefield
updatemechanismwouldresultinattacksoninitializationsoftwareimplyingthat
attackersareabletoloadandconfiguremalware.
Thestakeholdersaremanyandscattered–independentBIOS/bootloadervendors,board
vendors,independentmakercommunitydesignandintegrationshops,OEM/ODM,tiered
SW/HWSystemIntegrators,andMiddlewareproviders.Producingacoalescedplatform
withconsistentandinteroperablefeaturesandservicesinsuchadiverseecosystemis
formidable.Thisimpliessecurityprocessessuchasincidentresponse,forensics,
compliance,andsystemdesignmustmaintainhealthyecosysteminteractionstoprevent
securityissuesfromfallingintothe“cracks.”
Hypervisorsareacriticalpartofthesecurityequationsincetheyprovideneededisolation
andprotection.SomeoftheseincludeWindRiverVirtualizationProfile,Xen,VMWare,RTS,
andACRN.However,hypervisorsalsoaddsystemcomplexityastheyimpactoperating
systems,devicedrivers,andplatformfirmware.
Managingthesedevicesonheterogeneousnetworksisahugechallengethatrequiresa
cradle-to-gravelifecycleapproach;thisincludesprovisioning,commissioning,
decommissioning,softwareupdate,andotheroperationalmanagementtasks.Safetyand
regulatoryaspectsofsecurityarealsoinherentlypresent.
Securityisnotjustasinglestepbutinsteadajourneysincewhatissecuredthisminute
maynotbesecurethenextminuteandalsobecausesecurityhastobecomprehendedinall
phasesoftheIoTdevicelifecycle.Thisbookaimstodivergefromagenericdiscussionof
technologiespresentedbyexistingliterature.Itinsteadstrivestoinformreadersofthe
methodologyandintuitionassociatedwithimplementingsecuresystemsthatweredesigned
tobesecureandpresentsfocusedinsightsgatheredfromtheauthors’yearsofexperiencein
thesecuritydomain.
Whilethisbookrepresentsasnapshotintime,theIoTecosystemisnotstationary.The
anatomyofthreatsisdynamic,andmoreapplicationsarebeingdesignedanddeployedevery
day.TheNationalVulnerabilityDatabase(NVD)miningrevealsthatthethreatsare
consistentlymovingdownthestack,andtheyarenowatthefirmwareandhardwarelevel.
Thismakesconstantimprovementthroughsecuritybydesigncritical,andsecuritydesign
cannotstartwiththeapplicationdeveloper,butmustbeginatthesilicondesignand
manufacturingphaseandcontinuethroughplatformdevelopment,softwaredesign,system
installation,andsustainingoperations.ThisiswhereapartnershipwithIntelbeginstopay
outenormousbenefitsthatcontinuelongintothesystemlifecycle.
DesignofIoTdevicescannotconsideronlytheirownsecurity.IoTdevicesthatare
designedforsecuritymuststillinteroperatewithotherdevicesandsystemsthatmaynotbe
builtwiththesamesecuritymeasures.Interoperabilityrequirescommonlyaccepted
standardsandregulationsthathelpensurebehaviorofthesingletonaswellasasystemof
devicesisconsistentfromvendortovendorandfromproducttoproduct.Morestandardsare
beingcreatedandregulationsarebeingenactedtoaddressmanyoftheIoTsecurityconcerns,
includingprotectingtheuser’sdata,identity,andothervaluableassets.
ManagingriskinanIoTenvironmentisinherentlyaformidabletask.AsMikeCrews,
DirectorofArchitectureinIntelCorporation’sInternetofThingsGroup(IoTG)–astaunch
believerinSecurity–opines,“Everyverticaldomain–whetheritisRetail,orIndustrial,or
DigitalSurveillanceSystem–isjustone‘JeepHack’incident7awayfromencounteringthe
potentialrisksinnotdeployingandmanagingthesecuritylifecycleoftheIoTDevices.”His
opinionisverticaldomainbusinessownershavetobewellinformed,feelresponsible,and
mustjudiciouslyinvestinsecuringtheirownassetsaswellastheassetsoftheircustomers.
Theauthorsbelievetherearethreeprinciplesthatsupportsecuritybydesignwhichwe
haveinterwoventhroughoutthisbook.Theyarebynomeanstrivialtoachieveinreal
systems,andinsteadrequirealotofcommitmentfromallparticipantsintheIoTecosystem.
Theprinciplestoevaluatefeaturesthataresecurebydesigninclude
SimpletoImplementbyleveragingrelevantstandardApplicationProgrammingInterface
(API),frameworks,andSoftwareDevelopmentKits(SDK)todeveloptheIoTdevice
SeamlesstoDeploybyleveragingrelevantstandardandscalableprovisioningtoolsand
associatedcollateraltodeployIoTdevicesinthefield
EasytoManagebyleveragingthestandardmanagementtechnologies,tools,and
associatedcollateraltomanagetheIoTdevicelifecycle
Afterreadingthisbook,weanticipatereaderswillbeempoweredwiththeknowledgeand
toolsneededtorecognizesecuritytrade-offsinIoTsystemdesignandsoftwarearchitecture
andtoidentifytherelevanthardwarebuildingblockingredientsthatunderpinsecureIoT
deployments.Webelievethesolutionspresentedhereprovidereasonablesecuritytrade-offs
andfollowthesecurebydesignprinciples.Thechaptersofthisbookaimtoenlightenthe
reader’sunderstandingtoaddressthefollowing:
Chapter1:HowtheIoTecosystemdiffersfromthePCanddatacenterecosystemandhow
thosedifferencesimpactsecurity.
Chapter2:WhatareIoTframeworksandhowdesignchoicesindifferentframeworksaffect
security,interoperability,andusabilitytrade-offs.
Chapter3:Whataretherelevanthardwaresecurityfeaturesandbuildingblock
technologies–astheauthorsbelieve,hardwaresecurityisthelastlineofdefense.
Chapter4:Howtoapproachbuildingsecurefirmware,systemsoftware,andapplications
thatleveragehardwaresecuritycapabilities.
Chapter5:WhichsecuritypropertiesaffectIoTconnectivityandwhatimpactdotheyhave
onnetworkandsystemdesignsgiventheIoTparadigmshifttowardNetworkofNetworks
(NoN)andsystemofsystems.
Chapter6:WhatotherrequirementsaffectingIoTverticalsarerelevanttosecurityand
whysecurityisnotasimpleblanketbutinsteadmustbedesignedfromthebeginningwith
afoundationallayercommonacrossallverticalsandthenbuiltupusingvertical-specific
stackcomponentsandapplicationservices.Wealsodiscusskeystandardsimpactingsome
oftheIoTverticals.
Fromthisbook,readerswillgatheranoverviewofthedifferentsecuritybuildingblocks
availableinIntelArchitecture(IA)–basedIoTplatforms.Readerswillalsobeableto
understandthethreatpyramid,secureboot,chainoftrust,andtheSWstackleadingupto
defenseindepth.Readerswillalsobeabletocomprehendtheconnectivityinterfaceswith
securityimplicationsandIoTverticalswiththeiruniquesecurityrequirementsand
associatedstandardsandregulations.
WeinviteyoutojoinusonourjourneydemystifyingIoTsecurity!
Acknowledgments
Forabooksuchasthis,onethatcoversamyriadofspecializedtopics,itisdifficulttosingle
outonlyafewpeopletoappreciatebecausesomanyactuallycontributedtothecontentin
bothdirectandindirectways.
WewouldliketothankourIntelIOTGmanagement,MichaelR.CrewsandMichaelCarboni,
forprovidingunconditionalsupportthroughouttheprocess.Andaspecialthanksmustbe
giventoSunil,ourleadauthor,forkeepingusallontrackandalwaysinspiringustokeep
workingtowardourgoal.
EachofusasauthorsreceivedsupportfrommanycolleaguesatIntelwhoprovided
information,reviewedcontent,andansweredquestions.Ourspecialthankstothosewho
contributedsignificantlytothisprocessincludingMatsAgerstam,JodyBooth,VincentCao,
GeoffreyCooper,JanKrueger,TonyMartin,SriniMusti,AlElizondo,ImranDesai,MauriceMa,
MikeTaborn,AnahitTarkhanyan,YuWang,MattWood,AnthonyXu,DaveZage,AnthonyChun,
ToddCramer,MitchellDzurick,andmanyothers.WeespeciallywanttothankGeoffreyCooper
forreading,rereading,andthenreadingagaintoomanydraftsofourchaptersandMats
Agerstamforhismanyinsightfulcontributions.
WeofferoursinceregratitudetonumerousothersacrossIntelCorporationwhohave
sharedtheirexperiencesandknowledgeinvariousmeetings,SAFEreviews,cryptoreviews,
andthecountlesspresentationsthatweasauthorsareprivilegedtobeapart.Your
contributionshavehelpeduscomprehendsecurityinvariousIoTdomainsandwelearnmore
fromyoueveryday–ThankYou!
Wealsowishtothankmanycolleaguesinourindustrywithwhomwehaveworkedto
defineandalignourarchitectures,standardsandopensourcecontributionsforthe
bettermentofsecurecomputing.
—SunilCheruvu
—AnilKumar
—DavidM.Wheeler
—NedSmith
TableofContents
Chapter1:ConceptualizingtheSecureInternetofThings
TheBadUSBThumbDrive
Air-GapSecurity
Stuxnet
DesigningSafeandSecureCyber-PhysicalSystems
ConstrainedComputingandMoore’sLaw
TrustedIoTNetworksandtheNetworkEdge
Conclusion
Chapter2:IoTFrameworksandComplexity
Introduction
HistoricalBackgroundtoIoT
IoTEcosystem
ElementsofanIoTSystem
IoTDevice
IoTNetwork
IoTSystemManagement
IoTFramework
SummaryIoTFrameworkConsiderations
IoTFrameworkArchitecture
DataObjectLayer
NodeInteractionLayer
PlatformAbstractionLayer
PlatformLayer
SecurityChallengeswithIoTFrameworks
ConsumerIoTFrameworkStandards
OpenConnectivityFoundation(OCF)
AllSeenAlliance/AllJoyn
UniversalPlugandPlay
LightweightMachine2Machine(LWM2M)
OneMachinetoMachine(OneM2M)
IndustrialIoTFrameworkStandards
IndustrialInternetofThingsConsortium(IIC)andOpenFogConsortium
OpenPlatformCommunications-UnifiedArchitecture(OPC-UA)
DataDistributionService(DDS)
FrameworkGateways
FrameworkGatewayArchitecture
SecurityConsiderationsforFrameworkGateways
Summary
Chapter3:BasePlatformSecurityHardwareBuildingBlocks
BackgroundandTerminology
Assets,Threats,andThreatPyramid
InvertedThreatPyramid
End-to-End(E2E)Security
SecurityEssentials
BasePlatformSecurityFeaturesOverview
ConvergedSecurityandManageabilityEngine(CSME)
Secure/Verified,MeasuredBootandBootGuard
TrustedExecutionTechnology(TXT)
PlatformTrustTechnology(PTT)
EnhancedPrivacyID(EPID)
MemoryEncryptionTechnologies
DynamicApplicationLoader(DAL)
SoftwareGuardExtensions(SGX)–IACPUInstructions
IdentityCrisis
EnhancedPrivacyIdentifier(EPID)
PTT/TPM
DeviceBootIntegrity–TrustButVerify
SecureBootMechanisms
OverviewofBIOS/UEFISecureBootUsingBootGuardVersion1.0(BtG)
DataProtection–SecuringKeys,DataatRestandinTransit
IntelPlatformTrustTechnology(PTT)
WindowsPTTArchitecture
LinuxPTTSoftwareStack
RuntimeProtection–EverVigilant
IntelVirtualizationTechnology(IntelVT)
SoftwareGuardExtensions(SGX)
IntelCSE/CSME–DAL
IntelTrustedExecutionTechnology(TXT)
ThreatsMitigated
Zero-DayAttacks
OtherAttacks
Conclusion
References
Chapter4:IoTSoftwareSecurityBuildingBlocks
UnderstandingtheFundamentalsofOurArchitecturalModel
OperatingSystems
ThreatstoOperatingSystems
Zephyr:Real-TimeOperatingSystemforDevices
LinuxOperatingSystems
HypervisorsandVirtualization
ThreatstoHypervisors
Intel®ACRN
ACRNSummary
SoftwareSeparationandContainment
ContainmentSecurityPrinciples
ThreatstoExtendedApplicationContainment
Containers
KataContainers
TrustedExecutionEnvironments
ContainmentSummary
NetworkStackandSecurityManagement
IntelDataPlaneDevelopmentKit
SecurityManagement
NetworkStackandSecuritySummary
DeviceManagement
MeshCentral
WindRiverHelixDeviceCloud
DeviceManagementSummary
SystemFirmwareandRoot-of-TrustUpdateService
ThreatstoFirmwareandRoTUpdate
TurtleCreekSystemUpdateandManageabilityService
SystemFirmwareandRoTSummary
Application-LevelLanguageFrameworks
JavaScriptandNode.jsorSails
JavaandAndroid
EdgeXFoundry
Application-LevelFrameworkSummary
MessageOrchestration
MessageQueuingTelemetryTransport
OPCUnifiedArchitecture
ConstrainedApplicationProtocol
MessageOrchestrationSummary
Applications
Summary
Chapter5:ConnectivityTechnologiesforIoT
EthernetTime-SensitiveNetworking
LegacyEthernet-BasedConnectivityinIndustrialApplications
KeyBenefitsofTSN
TSNStandards
TSNProfiles
OPC-UAOverTSN
OverviewofWirelessConnectivityTechnologies
ConsiderationsforChoosingWirelessTechnologiesforIoT
Wi-Fi
Bluetooth
Zigbee
NFC
GPS/GNSS
Cellular
5GCellular
LPWAN–Low-PowerWideAreaNetworks
ACaseStudy–SmartHomes
Summary
References
Chapter6:IoTVerticalApplicationsandAssociatedSecurityRequirements
CommonDomainRequirementsandtheSecurityMVP
SomeCommonThreats
RetailSolutions
SecurityObjectivesandRequirements
Threats
Standards–RegulatoryandIndustry
TransportationSolutions
ConnectedVehicleInfrastructure
SecurityObjectivesandRequirements
Threats
Mitigations
Standards–RegulatoryandIndustry
IndustrialControlSystem(ICS)andIndustrialIoT(IIoT)
SecurityObjectivesandRequirements
Threats
Standards–RegulatoryandIndustry
DigitalSurveillanceSystem
SecurityObjectivesandRequirements
Threats
Standards–RegulatoryandIndustry
Summary
Appendix:Conclusion
EconomicsofConstrainedRoots-of-Trust
IoTFrameworks–NecessaryComplexity
HardwareSecurity–MoreThanaToolbox
IOTSoftware–BuildingBlockswithGlue
EthernetTSN–Everybody’sCommonChoice?
SecurityMVP–TheChampionWithinaFracturedIoTEcosystem
TheWayForward
Index
AbouttheAuthors
SunilCheruvu
isaPrincipalEngineerinthePlatformEngineeringDivisionofInternetofThingsGroup
(IOTG)atIntelCorporationandhasbeeninvolvedinarchitectingcomplexembeddedsystems
involvingHW/FW/SWforalmost27yearsonIntel/ARM/MIPS/PowerPCarchitectures.At
Intel,heisthechiefIoTSecurityarchitectandleadstheend-2-endsecurityarchitecturefor
embeddeddevicesincludingthescalingofsecurity(frombelowAtomtoXeonproducts)on
multipleoperatingsystemsincludingRTOS.HeisthesubjectmatterexpertforIOTGsecurity
acrossIntelandindustry.Hefrequentlyinteractswithmanycustomersinarchitect-2architectcapacityfrommultipleIoTsegmentsincludingIndustrial,DigitalSurveillance
Systems,Retail,Transportation,Medical/Healthcare,Gaming,PrintImaging,and
Military/Aerospace/Government.DuetotheuniquenessofIoTdeicelifespanandthe
requiredrobustness,hedrivesarchitecturalinitiativessuchasPostQuantumreadiness,
physical&side-channelattackmitigations,andalternative/configurablerootsoftrust(via
FPGA,ASIC/IP,etc.)forIOTG.InpreviousrolesatIntel,heownedthecontentprotection&
system-levelarchitectureofconditionalaccessandtrusteddatapath(end-to-endpremium
contentprotectionwithinaSoC).HealsoleadtheBIOS/UEFIdevelopmentonIOTG’sfirstSoC
andprogrammedVBIOS/UEFIGOP&embeddedpre-OSgraphicsdriversinembeddedgroup.
AtMicrosoftasaSWDesignEngineer,hewasthetechleadforvehiclenetworking(CAN,
KLINE,MOST)onARMbasedplatforminvolvingtheNDISbusandprotocoldriverstacks.He
tookthesestacksthroughthethreatmodelingandimplementedtheresolutionsinwhatwas
releasedastheWindowsMobileforAutomotive(WMfA)platform.AtConexantSystemsasa
seniorSWstaffengineer,hedesignedandimplementedthecodeforSCDMA&secureNAND
FlashdriverinARMbasedDOCSIS2.xcompliantCableModems.At3comCorporation,as
seniorSWengineer,heimplementedthecodeforTelcoreturnNTkernelmodedrivers,
embeddedROMwebserver,andBaselinePrivacysecurityinDOCSIS1.xcompliantcable
modems.
AnilKumar
isaPrincipalEngineerinthePlatformEngineeringDivisionofIOTGatIntelCorporationand
isresponsiblefortheConnectivityPlatformArchitectureacrossIOTG.Inthisrole,heleadthe
effortwiththeplanningteamtocreateIOTG’sfirsteverroadmapforconnectivitysolutions.
Heiscurrentlydrivingplatformandchip-levelintegrationofseveralkeyconnectivityand
communicationtechnologieswhicharecriticalforcyber-physicalsystems.AniljoinedIntelin
2007asadesignengineerinDigitalHomeGroup.HeservedasaPlatformArchitectfor
severalIntelArchitecture–basedMediaProcessorsforTVandSet-TopBoxapplications.As
thePlatformArchitectinIntelMediaGroup,Anilhasledseveraldesignsthatresultedin
award-winningconsumerelectronicdevicedesignsatCES.Theworld’sfirstGoogleTV
deviceswerebasedonreferencedesigneffortsledbyAnilaswell.PriortojoiningIntel,Anil
helddesignengineeringpositionsatmultinationalcompaniessuchasFujitsuandAlcatel.He
wasinstrumentalintakingseveraldesignsfromconcepttoproductionthroughouthiscareer.
NedSmith
isaPrincipalEngineerintheOpenTechnologyCenter(OTC)teamintheSystemSoftware
ProductsgroupatIntelCorporation.Heisresponsiblefordefiningsecurityarchitectureand
standardsforInternetofThingsandEdgeComputingtechnologies.Hecontributed
significantlytotheOpenConnectivityFoundation(OCF)securityspecificationsandchaired
theInternetProtocolSmartObjects(IPSO)Alliancesecurity,privacyandidentityworking
group.Nedco-chairstheRemoteAttestationProcedures(RATS)workinggroupintheIETF.
NediseditoroftheDeviceIdentityCompositionEngine(DICE)LayeringArchitectureand
DICEAttestationArchitecturespecificationsintheTrustedComputingGroup(TCG).
NedjoinedIntelLabsin1995wherehehelpeddefinetheCommonDataSecurity
Architecture(CDSA)thatwasstandardizedbytheOpenGroup.HechairedtheInfrastructure
Workgroup(IWG)intheTrustedComputingGroup(TCG)fromitsinceptionuntil2006.The
IWGmaybestbeknownforitsworkonNetworkAccessControl(NAC)standardsthatlater
becametheTrustedNetworkConnect(TNC)workinggroupwithintheTCG.TheTNC
standardswereadoptedbyamajorityofnetworksecurityvendorssupplyingNACproducts.
NedhasbeenhighlyinfluentialwithinIntel,havingcontributedtoalonglistofenterprise
securitytechnologiesincludingIntelIdentityProtectionTechnology,IntelAnti-Theft
Technology,IntelActiveManagementTechnology,IntelConvergedSecurityEngine,Intel
TrustedExecutionTechnology,IntelInsider,IntelVirtualizationTechnology,IntelDeep
Defender,IntelPlatformTrustTechnology,IntelSoftwareGuardExtensions,andnumerous
othersecurity,privacy,identity,andaccessmanagement–relatedprojects.
NedisaprolificinventorhavingreceivedIntel’sTopFilerawardin2014and2015.He
receivedIntel’sTopInventerawardin2016.In2018hewasrunneruptoIntel’sDistinguished
Inventoraward,Intel’shighestrecognitionforinventors.Hehasmorethan150USpatents
and350worldwidepatents.
DavidM.Wheeler
isaSeniorPrincipalEngineerinthePlatformSecurityDivisionofIAGSatIntelCorporation
andhas30years’experienceinsoftware,security,andnetworking.Inhiscurrentrole,Daveis
responsibleforresearchanddevelopmentofnewcryptographicalgorithmsandprotocols,
securityAPIs,andlibrariesacrossIntelincludingforIoTplatforms,performssecurityreviews
onIntel’scryptographicimplementations,andrepresentsIntelattheIETF.Withinthe
InternetofThings,DavehascontributedtoIntel’sSoftware-DefinedIndustrialSystems
architectureandIOTG’sHealthApplicationPlatform.PriortoIntel,Daveheldvariouslead
softwareandsystemsarchitecturepositionsatMotorola,HoneywellBull,GeneralDynamics,
aswellashisownconsultingfirm.Davehasdesignedandbuiltseveralhardwaresecurity
engines,includingaType2securitycoprocessorforasoftware-definedradioandtheIntel
WirelessTrustModule,ahardwarecryptographiccoprocessorontheIntelXScaleprocessor.
Hehasimplementedseveralcryptographiclibrariesandprotocollayers,includinganIPSectypeimplementationforanSDRradio;headercompressionprotocollayersforIP,TCP,and
UDPovermulticast;aconnectionlessnetworklayerprotocol;two-factorauthentication
verificationoverRADIUSforafirewallVPN,PPPforserial;aninstantmessagingprotocolover
Bluetooth;andmanyothers.Davehasbeenakeycontributortootherfull-stackproduct
implementationsincludingIntel’sBlueRiverNetworkapplianceandseveralcompletepublic
InternetapplicationsinPHP,JavaScript/Sails,andevenVBScript.Davehasalsoworkedon
smartcardsecurityforbankingandgamingapplicationsatastartup,TouchTechnology.
WhileatMotorolain1992,Daveauthoredthe"SecurityAssociationManagementProtocol"
fortheNationalSecurityAgencyandsubsequentlyspokenationallyaboutkeymanagement
andkeymanagementprotocols.Hehasledclean-roomimplementationsforISAKMP,IKEv2,
andacustomnetwork-keyingprotocol.Dave’sextensiveexperienceinsecurity,networking,
software,andhardwareisleveragedacrossabroadsegmentofIntel’sInternetofThingsto
makeIntel’sproductsandsoftwareprojectssecure.
Footnotes
1 www.gartner.com/en/newsroom/press-releases/2017-02-07-gartner-says-8-billion-connectedthings-will-be-in-use-in-2017-up-31-percent-from-2016
2 www.gartner.com/newsroom/id/3869181
3 www.idc.com/getdoc.jsp?containerId=prUS43994118
4 />
5 CommonVulnerabilityScoringSystem(CVSS): />
6 />form_type=Basic&results_type=overview&query=IoT&search_type=last3years
7 www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
©TheAuthor(s)2020
S.Cheruvuetal.,DemystifyingInternetofThingsSecurity
/>
1.ConceptualizingtheSecureInternetofThings
SunilCheruvu1 ,AnilKumar1,NedSmith2andDavidM.Wheeler3
(1) Chandler,AZ,USA
(2) Beaverton,OR,USA
(3) Gilbert,AZ,USA
Inthischapterwerelateseveraliconicattacksoncyber-physicalIoTsystemstoillustratethe
cleverwaysattackersareabletoachievetheirobjectives.Thephysicalityofcyber-physical
systemsandresourcelimitationsofconstrainedIoTdevicespresentnewchallenges,bothfor
attackersandsystemsdesigners.Thischapterexploressecuritytrade-offconsequences
resultingfromdesigndecisionsaimedatreducingdevicecost.Weadvocatemoreenlightened
perspectivesthatconsiderthevalueofthedeviceintermsofthebroadernetworkandsystem
value.Thesecurityfrontlineoftenisaconstraineddevicerequiringworld-classsecurity
capabilitiessuchashardwareunderpinningsforcryptography,integrityprotection,storage,
andattestation.Devicesthatdon’tprovidethebasicbuildingblocksofsecurityaretheweak
linksinthesystem–whichsystemsdesignersaimtoquarantine.
TheBadUSBThumbDrive
In2014KarstenNohlandJacobLellpresentedproof-of-conceptmalicioussoftwareatBlack
HatUSA20141thatdemonstratedhowUSBisfundamentallybroken.Themalwareinfects
USBfirmwareratherthansimplyplacingmaliciousapplicationsonthestoragearea.USB
firmwareistrustedbymosteveryUSBcontrollertobehaveproperly,asdefinedbytheUSB
Consortiumspecifications.2However,aslongasUSBfirmwareworkswithintheframework
definedbythestandard,malwarecancausetheUSBcontrollertogivetheUSBfirmware
unintendedaccesstothehostcomputer.Thisisunfortunateasthelackofattentiongivento
securityimpliesapotentialforexploitsthatincludeskey-logging,privilegeescalation,data
exfiltration,identityandaccessmisdirection,sessionhijacking,anddenial-of-service.
KarstenandJacobnotonlypublishedtheirfindingsbutalsopublishedthemalwareonan
opensourcerepositoryknownasGitHub.3Thismeansvirtuallyanyonecanconstructtheir
ownUSBattackdeviceandevenimproveupontheoriginaldesign.Therehaveevenbeen
“how-to”publications4thatstepthereaderthroughtheprocess,makingiteasierthanever
foreventhosewithoutpriorknowledgeofUSBarchitectureandimplementationto
successfullybuildanattackdevice.
Subsequently,the“makercommunity”5haspickeduponBadUSBbycreatingabusiness
aroundhardwareplatformsthathaveBadUSBpreintegratedcalled“MalDuino”6–aplayon
wordsinvolvingapopular“maker”platformnamedArduino.7UsingMalDuinoasa
developmentplatform,itispossibleforattackerstointegrateotherinterestingmalware
designedtofurtherinfiltratethevictimcomputerornetwork.Oftenanattackerexploitsa
vulnerabilityinordertostageanattackonanothervulnerability.Attacklethalitycanbe
amplifiedbylinkingseveralexploitsthatexposelargerattacksurfacesandallowtheattacker
tomarshalmoreresourcesforthenextattack.Anattackthatbeganasacompromiseof
somethingwithoutnetworkconnectivitymaymorphintoacompromiseofresourceswith
networkconnectivity–thatbroadenstheattacker’sreachandlethality.
Air-GapSecurity
Someofthemostsecurenetworksrelyon“air-gap”securityasawaytopreventthespreadof
malwarethroughinterconnectednetworks.Air-gapisanisolationtechniquethatensures
therearenowiredorwirelessconnectionsbetweenahighlysensitivenetworkandonethatis
commonlyaccessibletoeveryone,suchastheInternet.Thesecurityprinciplebehindairgappingistoestablishphysicalisolationsuchthatinordertomoveinformationbackand
forthbetweenthesecurenetworkandothernetworks,thereneedstobeamechanicalsystem
inplace–euphemisticallytermeda“sneaker-net.”Theideaisthatonlytrustworthypeople
wouldhavephysicalaccesstotheair-gapandwouldfollowappropriatesecuritypracticesand
proceduresthatensuresensitivenetworksdonotfallvictimtothemanyattackscenarios
foundonpublicnetworks.
However,air-gapsrelyontheuseofelectronicmediato“sneaker-net”informationtoand
fromair-gappednetworks.ThisofteninvolvestheuseofUSBconnectedperipherals.The
assumptionisthatadevicethatisn’tcapableofsendingorreceivingelectromagnetic
emanationsissafetocrossanair-gap.Thefallacyofthisassumption,ofcourse,istheyare
notsafeasevidencedbyBadUSB.
Air-gapsecurityhasasignificantusabilitydownsideinthatitiscostlytodeploy,doesn’t
scalewell,andisn’tforwardlooking.ThenextgenerationofindustrialIoTlookstoother
networksecuritymechanismssuchasVLANsthatsegmentnetworksthatisolate
manufacturingequipmentbehindrouters,static/dynamicwhitelisting,and
zoning/quarantiningusingnetworkfirewalls.
Thelessonlearnedbyair-gapsecurityisthatattentiontousabilitycannotbeignored.
Securitymechanismsmustbedesignedwithallothersystemrequirementstakeninto
considerationtofindthesecuritymechanismsthatoptimizetrade-offs.
Stuxnet
“Stuxnet”8isthenamegiventoamalwarefoundtohavesuccessfullyinfiltratedatopsecurity
nuclearresearchfacilityinIraninJune2010.TheNatanzuraniumenrichmentfacility
employedair-gapsecuritymechanismsduetothesafetycriticalaspectoftheuranium
enrichmentprocess.Furthermore,uraniumenrichmentprocessesrelyonSCADA
(SupervisoryControlAndDataAcquisition)systemsthatarecommonlyusedforindustrial
controlbecauseoftheirabilitytopreciselycontrolphysicalmachineryandremainresilientin
thefaceofphysicalsystemfailures,butalsoincorporatepopularinformationmessaging
protocolssuchasMQTT(MessageQueuingTelemetryTransport),AMQP(AdvancedMessage
QueuingProtocol),andDDS(DataDistributionService).
SCADAsystemsmayuseprogrammablelogiccontrollers(PLCs)andavarietyofother
sensorsandactuatorsthatcanbecustomizedtosuittheneedsoftheparticularmechanical
operationsinaplantorfactory.PLCsoftenhaveUSBinterfacesforuploadingthecontrollogic
executedbythePLC,butalsosupportserialbusinterfacesandprotocolssuchasModbusor
4-20mAcurrentloopsthattransferinformationreliablyandwithlesswiringandsetup.
Unfortunately,thesetechniquesdidnotanticipatesecurityoraresimplyincapableof
stoppingattackerswhohavephysicalaccess.
Stuxnetemployedavarietyoftechniques,someseeminglydesignedasalternativeattack
strategiesincasesomeotherstrategyfailedtopanout.Amongthemincludedastrategyto
propagatetheStuxnetmalwareusingInternet“Futbol”–themedwebsites.Ultimately,Stuxnet
foundawaytoprogramUSBthumbdrivesthatwereusedtoupdatePLCsusedforuranium
enrichmentcentrifuges.
Stuxnetultimatelywasabletocausephysicaldamagetocentrifugesbyworkingwithinthe
tolerancespecificationsofthecontrolsystem,butstealthilycontrollingthecentrifugesto
spinfasterthanusualforlongerthanusualortoadjusttherateofaccelerationand
decelerationinwaysthatexceededthemechanicaldesigner’sexpectedusecasescenarios.
AlthoughtherestillremainscontroversyoverwhocreatedStuxnetandwhetheritwas
targetingIraniannuclearenrichmentornot,statisticsgatheredbySymantec9suggestthere
wereunintendedconsequencesintheformofcompromiseto“friendly”oruntargeted
installations.Whilethemajorityofinfections,58.85%,occurredinIran,theremaining
41.15%affectedothercountries;8.31%occurredinIndia,18.22%inIndonesia,and1.56%in
theUnitedStates.13.05%occurredinotherpartsoftheworld.
Stuxnetisinterestingbecauseitdemonstratesthepossibilityforinformationsystemsto
crossovertooperationalsystemsinsuchawaythatphysicalsystems,infrastructure,the
environment,andultimatelyhumanlifecanbeharmedusingonlycommonlyavailable
inexpensiveelectronicsandsoftware.
ItmarksthefusionofInformationTechnology(IT)withOperationalTechnology(OT).The
acronymInternetofThings(IoT)takesonanadditionalandaproposmeaningof
InformationalandOperationalTechnology(IOT).
DesigningSafeandSecureCyber-PhysicalSystems
Theprecedingattackscenariossuggestweneedtorevisitpastassumptionsthatelectronic
equipmentis“secure”becauseofphysicalandair-gapisolationisincorrect.Thepresenceof
electronic“things”maybesufficientforsomeformof“networking”tobeimplemented
involvingtheexchangeofelectronicthingsandthereforetheexchangeofmalwarethatcan
transformtotakeadvantageofdifferentattackvectors.AmoreenlightenedviewofIoTmay
betheideathattheinterconnectionofallnetworks–includingtheexchangeofphysical
thingscontaininginformation–istheInternet.
ApplyingthisviewoftheInternet,therearetwoadditionallayerstoclassesof
computers10thathistoricallyfitintothreecategories:(1)cloudserverslargelycomposedof
mainframesandsupercomputers;(2)minicomputerssuchasworkstationsanddepartment
orteamservers;(3)microcomputerssuchasPCs,laptops,tablets,andsmartphones.
IoTmorecommonlyreferstoafourthlayerconsistingofsmartcars,drones,wearable
computing,andpervasivecomputing.However,afifthlayerconsistsofeverythingelsethatis