Security in IOT: Identify the gateway-based security measures necessary to

mitigate the IOT

By: Saeed Ahmad

A project report submitted in partial fulfilment of the

Degree of MSc [Masters Project]

 Abstract
The Internet of Things is the future of technology; and so, it has grabbed the attention
of everyone related to the technological field. This topic is getting the attention, not just
because of advantages it possesses but also because of the level of difficulty in implementing
it. One of the most crucial implementations in IoT turns out to be its security. Hence, this
thesis focuses on the security issues of IoT. Moreover, it suggests gateway as a technology to
eradicate or overcome this security. The thesis begins with a clear introduction of IoT’s
communication model and its issues. Further, the research context explains the objectives of
the study along with the research questions. In order to identify the solution for these
question the adopted methodology is a literature review and quantitative analysis. Through
the literature review, the study briefs the necessity for IoT gateways, its implementation
types, its architecture, and its layers. Further, the literature review focuses on the security
measures to overcome these security issues. As the research question also focuses on the
organizational barriers to securely maintain the information in IoT systems, the literature
review also briefs on the organizational barriers and their solutions. On the whole, the study
also suggests the policies that can help an organization to maintain the IoT network securely.
These policies further describe the need for network, operational, and security management.
The suggested policies further gain supported with standard policies such as ISO. The ISO
policies related to the IoT security issues clearly describe the ways to eliminate the issues.

1|Page
 Acknowledgement

I have gathered a great knowledge and experience by conducting this research. Conduction
of the research has helped me to improve my knowledge regarding IoT security issues and
gateway based security measures for mitigating the issues. I have gained great help from my
supervisors while conducting this research and therefore, I would like to thank my supervisor
for guiding me throughout the research. I would also like to thank the participants of data
collection process as without their participation I might not be able to complete this research
with best outcome.

Thanks and regards.

Yours Sincerely,

2|Page
 Table of Contents
Chapter 1: Introduction .................................................. Error! Bookmark not defined.

1.1 Background of the study ....................................... Error! Bookmark not defined.

Chapter 2: Research context and question .................... Error! Bookmark not defined.

2.1 Aims of the study .................................................. Error! Bookmark not defined.

2.2 Objectives of the study ......................................... Error! Bookmark not defined.

2.3 Research Questions .............................................. Error! Bookmark not defined.

2.4 Problem Statement ............................................... Error! Bookmark not defined.

2.5 Rationale of the study ........................................... Error! Bookmark not defined.

Chapter 3: Literature review ........................................... Error! Bookmark not defined.

3.1 Preface .................................................................. Error! Bookmark not defined.

3.2 Overview of IoT security issues............................. Error! Bookmark not defined.

3.3 Communication models in Internet of Things ...... Error! Bookmark not defined.

3.3.1 Device-to-device communication: ..................... Error! Bookmark not defined.

3.3.2 Device-to-cloud communication: ...................... Error! Bookmark not defined.

3.3.3 Device-to-gateway communication:.................. Error! Bookmark not defined.

3.3.4 Back-end data-sharing communication: ............ Error! Bookmark not defined.

3.4 Requirement for IOT Gateway .............................. Error! Bookmark not defined.

3.6 IoT Gateway Architectures ................................... Error! Bookmark not defined.

3.7 IoT Gateway Layers ............................................... Error! Bookmark not defined.

3.8 Security Measures................................................. Error! Bookmark not defined.

3.8.1 IoT network security .......................................... Error! Bookmark not defined.

3.8.2 Cryptosystems.................................................... Error! Bookmark not defined.

3|Page
 3.8.3 Access control .................................................... Error! Bookmark not defined.

3.8.4 Firewalls ............................................................. Error! Bookmark not defined.

3.8.5 Secure onboarding ............................................. Error! Bookmark not defined.

3.8.6 Firmware updates .............................................. Error! Bookmark not defined.

3.8.7 Limiting interfaces ............................................. Error! Bookmark not defined.

3.9 Barriers to information security in IoT systems.... Error! Bookmark not defined.

3.9.1 Organizational barriers. ..................................... Error! Bookmark not defined.

3.9.2 Personal barriers. ............................................... Error! Bookmark not defined.

3.9.3 Management barriers. ....................................... Error! Bookmark not defined.

Chapter 4: Research Methodology ................................. Error! Bookmark not defined.

Chapter 5: Findings and analysis.................................................................................... 9

5.1 Quantitative analysis (close end questions) ........................................................ 9

Table 2: Time period involved with internet of things ........................................ 10

Table 3: Opinion about risk related to IoT ........................................................... 11

Table 4: Addressing security issues in IoT ............................................................ 11

Table 5: Security measures for IoT ...................................................................... 12

Table 6: Gateway based security measures for IoT ............................................. 14

Table 7: Impact of IoT gateway security policies ................................................. 15

Table 8: Security policies for IoT .......................................................................... 16

Table 10: Best technique for securing IoT ........................................................... 17

Table 11: Cryptosystem in IoT............................................................................. 18

Table 12: Access control for IoT ........................................................................... 19

Chapter 6: Results and discussion ............................................................................... 20

4|Page
 6.1 Addressing research question 1......................................................................... 20

6.1.1 Network Management Policies ...................................................................... 20

6.1.2 Operational Management Policy .................................................................... 22

6.1.3 Security Management Policies........................................................................ 22

6.1.4 Security Policy Implementation Plan .............................................................. 25

6.1.5 Policy Authoring and Defining ........................................................................ 26

6.1.6 Policy Assignment and Delivery ...................................................................... 26

6.1.7 Filtering Application ........................................................................................ 27

6.1.8 Policy Administration ...................................................................................... 27

6.1.9 Policy Enactment ............................................................................................ 27

6.1.10 Policy Resolver .............................................................................................. 27

6.1.11 Policy Repository .......................................................................................... 28

6.2 Addressing research question 2......................................................................... 28

Discussion ................................................................................................................ 29

Chapter 7: Conclusion .................................................................................................. 32

5.1 Conclusion .......................................................................................................... 32

5.2 Limitation and future scope ............................................................................... 34

References ............................................................................................................... 35

Appendix .................................................................................................................. 39

5|Page
 List of tables

Table 2: Time period involved with internet of things ................................................ 10

Table 3: Opinion about risk related to IoT................................................................... 11
Table 4: Addressing security issues in IoT .................................................................. 11
Table 5: Security measures for IoT .............................................................................. 12
Table 6: Gateway based security measures for IoT ..................................................... 14
Table 7: Impact of IoT gateway security policies ........................................................ 15
Table 8: Security policies for IoT ................................................................................ 16
Table 10: Best technique for securing IoT ................................................................... 17
Table 11: Cryptosystem in IoT ................................................................................... 18
Table 12: Access control for IoT ................................................................................. 19

6|Page
 List of figures

Figure 1. Device-to-device communication model ......... Error! Bookmark not defined.

Figure 2: Device-to-cloud communication model .......... Error! Bookmark not defined.
Figure 3: Device-to-gateway communication model...... Error! Bookmark not defined.
Figure 4: Back-end data-sharing communication model Error! Bookmark not defined.
Figure 5: Using PAN technology to connect to IoT via a gatewayError! Bookmark not
defined.
Figure 6: Nodes directly connect to the Internet ........... Error! Bookmark not defined.
Figure 7: Nodes indirectly connect to the Internet using PAN through
6LoWPAN .................................................................................... Error! Bookmark not defined.
Figure 8: Semantic Gateway as a Service........................ Error! Bookmark not defined.
Figure 9: Intel IoT Gateway Architecture ........................ Error! Bookmark not defined.
Figure 12: Time period involved with internet of things ............................................. 10
Figure 13: Opinion about risk related to IoT................................................................ 11
Figure 14: Addressing security issues in IoT ................................................................ 12
Figure 15: Security measures for IoT ........................................................................... 13
Figure 16: Gateway based security measures for IoT.................................................. 14
Figure 17: Impact of IoT gateway security policies...................................................... 15
Figure 18: Security policies for IoT ............................................................................... 16
Figure 20: Best technique for securing IoT .................................................................. 17
Figure 21: Cryptosystem in IoT .................................................................................... 18
Figure 22: Access control for IoT ................................................................................. 19

7|Page
8|Page
Internet of Things (IoT) is considered as current trend, which extends boundary of Internet in
order to include wide range of computing devices. In addition, connecting several stand-
alone IoT systems by Internet gives introduction to several challenges with security front-and-
center since collected information will be exposed to wide as well as often unknown audience.

Chapter 5: Findings and analysis

In this chapter of research, the researcher tries to concentrate on the accumulation of
information keeping in mind the end goal to break down the effect of implementing gateway
based security measures in order to mitigate security issues in Internet of Things.
Consequently, keeping in mind the end goal to perform such research concentrating on
quantitative information investigation where 15 respondents are selected. Subsequently,
after the determination of respondents, the researcher creates survey questionnaire that is
circulated among them with a specific end goal to develop important information.

With appropriate choice of respondents and the development of information through

quantitative approach consequently helps the researcher in producing quality result, which
later in this researcher helps in prescribing different activities that organizations and end
users need to take for mitigating security issues in using internet of things. Additionally, this
information research segment certainly gives the credibility of research result.

5.1 Quantitative analysis (close end questions)

1. How long you are using and involved with the applications of internet of things?

9|Page
 Options Frequency (%) Total respondents
Less than 6 months 26.67% 15
6 months – 12 20% 15
months
1-2 year 13.33% 15
3-4 years 20% 15
More than 4 years 13.33% 15

Table 2: Time period involved with internet of things

Time period involved with internet of

things

30.00% 26.67%
25.00% 20% 20%
20.00%
13.33% 13.33%
15.00%
10.00%
5.00%
0.00%
Less than 6 6 months – 1-2 year 3-4 years More than
months 12 months 4 years

Figure 12: Time period involved with internet of things

2. How far do you believe use of internet of things is risky as security concerns involved
with it?

Options Frequency (%) Total respondents

Strongly Agree 40% 15
Agree 33.33% 15
Neutral 2.67% 15
Disagree 13.33% 15
Strongly Disagree 10.67% 15

10 | P a g e
 Table 3: Opinion about risk related to IoT

Opinion about risk related to IoT

40%
40% 33.33%
35%
30%
25%
20% 13.33%
15% 10.67%
10%
2.67%
5%
0%
Strongly Agree Neutral Disagree Strongly
Agree Disagree

Figure 13: Opinion about risk related to IoT

3. How far do you believe that is important to address the security issues involved with
internet of things?

Options Frequency (%) Total respondents

Strongly Agree 46.67% 15
Agree 26.67% 15
Neutral 6.67% 15
Disagree 13.33% 15
Strongly Disagree 6.67% 15

Table 4: Addressing security issues in IoT

11 | P a g e
 Addressing security issues in IoT
46.67%
50.00%

40.00%
26.67%
30.00%

20.00% 13.33%
6.67% 6.67%
10.00%

0.00%
Strongly Agree Neutral Disagree Strongly
Agree Disagree

Figure 14: Addressing security issues in IoT

4. What are the security measures you have taken for securing the use of internet of things?

Options Frequency (%) Total respondents

Heterogeneity 20% 15
Security policies 33.33% 15
Encryption key 13.33% 15
management.
Security awareness 20% 15
Authentication 13.33% 15

Table 5: Security measures for IoT

Security measures for IoT

33.33%
35%
30%
25% 20% 20%
20% 13.33% 13.33%
15%
10%
5%
0%

12 | P a g e
 Figure 15: Security measures for IoT
. What vulnerabilities/threats they foresee for setting up IoT projects in your company? Commented [U1]: Meet Question no 1

Options Frequency (%) Total Frequency Total respondents

Denial of service 20% 15 75

attacks

Security issues in 26.67% 20 75

operating system

Lack of security in 26.67% 20 75

communication

protocol

Exposure 13.33% 10 75

Eavesdropping 13.33% 10 75

Table 4: Vulnerabilities/threats for setting up IoT projects

vulnerabilities/threats for setting up

IoT projects
26.67% 26.67%
30%
25% 20%
20% 13.33% 13.33%
15%
10%
5%
0%

Figure 5: Vulnerabilities/threats for setting up IoT projects

13 | P a g e
6. How far you agree that gateway based security measures can be helpful to mitigate your
issues for using internet of things?

Options Frequency (%) Total respondents

Strongly Agree 42.67% 15
Agree 24% 15
Neutral 6.67% 15
Disagree 13.33% 15
Strongly Disagree 13.33% 15

Table 6: Gateway based security measures for IoT

Gateway based security measures for

IoT

50.00% 42.67%
40.00%
30.00% 24%

20.00% 13.33% 13.33%

6.67%
10.00%
0.00%
Strongly Agree Neutral Disagree Strongly
Agree Disagree

Figure 16: Gateway based security measures for IoT

7. How far do you believe that IoT gateway security policies can be helpful to mitigate
security issues in IoT systems?

Options Frequency (%) Total respondents

Strongly Agree 33.33% 15
Agree 33.33% 15
Neutral 2.67% 15
Disagree 20% 15

14 | P a g e
 Strongly Disagree 10.67% 15

Table 7: Impact of IoT gateway security policies

Impact of IoT gateway security

policies

40.00% 33.33% 33.33%

30.00%
20%
20.00% 10.67%
10.00% 2.67%

0.00%
Strongly Agree Neutral Disagree Strongly
Agree Disagree

Figure 17: Impact of IoT gateway security policies

8. Which security policy you think more useful for mitigating security issues in IoT?

Options Frequency Total respondents

(%)
33.33% 15
Network Management Policies

40% 15
Operational Management Policy

26.67% 15
Security Management Policies

15 | P a g e
 Table 8: Security policies for IoT
40%
0.4
33.33%
0.35

0.3 26.67%

0.25

0.2

0.15

0.1

0.05

0
1 2 3 4 5 6

Figure 18: Security policies for IoT

9. Being an IT professional, what is your opinion regarding the best technique of securing
internet of things from an end user?

Options Frequency (%) Total respondents

proxy service 22.67% 15
Enabling firewalls 14.67% 15
LAN gateway 13.33% 15
secure on boarding 25.33% 15
firmware updates 24% 15

16 | P a g e
 Table 10: Best technique for securing IoT

Best technique for securing IoT

30.00% 25.33%
24%
22.67%
25.00%
20.00%
14.67%
13.33%
15.00%
10.00%
5.00%
0.00%
proxy Enabling LAN secure on firmware
service firewalls gateway boarding updates

Figure 20: Best technique for securing IoT

10. How far do you agree that cryptosystem has an important role in securing the
applications of internet of things?

Options Frequency (%) Total respondents

Strongly Agree 26.67% 15
Agree 24% 15
Neutral 14.67% 15
Disagree 16% 15
Strongly Disagree 18.67% 15

17 | P a g e
 Table 11: Cryptosystem in IoT

Cryptosystem in IoT

30.00% 26.67%
24%
25.00%
18.67%
20.00% 16%
14.67%
15.00%
10.00%
5.00%
0.00%
Strongly Agree Neutral Disagree Strongly
Agree Disagree

Figure 21: Cryptosystem in IoT

12. How far do you believe that effective access control can mitigate issues in internet of
things?

Options Frequency (%) Total respondents

Strongly Agree 24% 15
Agree 16% 15
Neutral 13.33% 15
Disagree 20% 15
Strongly Disagree 26.67% 15

18 | P a g e
 Table 12: Access control for IoT

Access control for IoT

30% 26.67%
24%
25% 20%
20% 16%
13.33%
15%
10%
5%
0%
Strongly Agree Neutral Disagree Strongly
Agree Disagree

Figure 22: Access control for IoT

19 | P a g e
 Chapter 6: Results and discussion

6.1 Addressing research question 1

Based on the above research and addressing the first research question. i.e. What gateway-
based mitigation measures should be used to address IoT related security and privacy issues,
following security policies are proposed for organizations that have deployed gateway-based
mitigation measure in order to secure IoT infrastructures. Security is an ongoing endeavor,
organizations are still developing their strategies, additionally, there isn't a winning security
measure or winning standard that has been finalized that fits all verticals. Hence, well planned
policies serve best since, IoT is still it’s early stages. Policies can be continuously revised due
to endless change in threat levels and security landscape.

IoT Gateway Security Policies

Technology has led to the invention of a variety of IoT devices and gateways. These
devices require the implementation of strict policies to ensure a secure IoT network. This
heterogeneity of gateway nodes leads to the broad classification of the security policies which
are as follows.

6.1.1 Network Management Policies

The Internet is available for all. Both the hackers and legitimate users have access to
the information circulating over the internet. Thus, there always exists a security vulnerability
of information theft and data manipulation at communication channel. It is, therefore,
necessary to use secure communication channels for information transfer over the internet.

Securing link layer with IEEE 802.15.4 protocol: The link layer is a protocol layer which
helps transfer the data between the adjacent nodes of a WAN. It divides the outgoing data
into frames and manages acknowledgments from the receiver.

IP security at the network layer: Implementation of IP security protocol suite will help
secure the network. Enforcing end-to end security with authentication and ensuring
confidentiality and integration are the main highlights of the IPsec protocol.

20 | P a g e
 Enable CoAP security for the transport layer: The web protocols such as HTTP and
CoAP requires a more focused security protocol to maintain web security. Implementation of
Transport Layer Security (TSL) and Secure Socket Layer (SSL) is necessary to ensure safe
information transfer over the internet. Since TCP (Transfer control protocol) is not suitable
for the constrained IoT environment, UDP is used which implements the Datagram TLS to
secure the information transfer (Lushey and Munro 2015). The protocol uses cookies to
protect the network from Denial-of-service attacks. CoAP protocol uses DTLS for securing the
IoT network. The protocol ensures the security of the communication channel and reduces
the threat of security breaches.

The quality of service (QoS): The extensive number of IoT devices connected to the
internet for information transfer increases the security vulnerabilities of the network and
requires quality measures to ensure the security of data (Sriram et al 2013). It is responsible
for measuring the error rates, bandwidth, throughput, transmission delays, availability and
most importantly data security. The IEEE 802.15.4 standard used for the link layer security
enables the data rates of 20-250 kbit/second. Additionally, it supports carrier sense multiple
access (CSMA) and acknowledgments for reliability (Lushey and Munro 2015). The security of
the data gets strengthened with the 128-bit AES encryption which makes the data inaccessible
to unauthorized users thereby ensure secure data flow within the IoT network.

Encryption key management helps for establishment of secure communication

between the various IoT system components requires encryption. This encryption gets
facilitated by using a particular key which is responsible for encrypting and decrypting the
data. The transmission of this key is very confidential because if the key gets lost the data can
be easily decoded by any external entity. It is, for this reason, there is a need for secure key
transmission mechanism in the IoT system. It requires a lightweight system which could
confidentially distribute the IoT keys among the IoT devices without consuming much of their
computational power. Security awareness is another security measure which promotes the
growth of the IoT network. It requires that the people using the IoT system are aware of the
security vulnerabilities and take appropriate safety measure at their ends to protect
information in the network. It requires that the users of various IoT devices must implement
the underlying security such as setting up strong passwords and avoid using the default
product passwords. Weak passwords give an opportunity to hackers to enter the network and

21 | P a g e
manipulate the confidential data, harming the integrity of the system. Thus, it is required to
spread proper awareness about h use of various IoT device usage and its security issues to
the people to prevent the security breaches.

6.1.2 Operational Management Policy

Load balancing thresholds: The load balancing policy will enable the service load
management to ensure the there is no breach of any threshold. The threshold will include
networking, computing balance, and the storage resources.

Device and service instance configurations: This policy dictates the services and pre-
configuration devices and services. It defines a uniform template and helps to create an
interoperable environment.

Service attachment: The administrators define this policy, which gets deployed in the
gateway node and gateway instance. This policy can recognize and attach valid services to the
requests of the users.

6.1.3 Security Management Policies

The security multi-tenant isolation concept will host unrelated tenants in the same
infrastructure. This security policy will identify and learn about the incoming request, the
tenants will get identified, and then the request will get rerouted to a selected application.
During this process, the confidential data from both the requestor and application will remain
disclosed. The security policy will get defined within the application (Lushey and Munro 2015).
This definition will ensure the verification and validation of the user’s credentials before
he/she accesses or uses the application (Sriram et al 2013). Moreover, the policy will ensure
that the applications do not access the resources to which they do not have prior
authorization.

As this technology connects numerous of devices over a network, it has given birth to
several security issues over the recent past years. These issues revolve around security of
things such as transmission security for reliable data transfer, perceiving security for
information collection, and application security for secure information handling. Such issues
probably occur because these networks and their structure are becoming all the more

22 | P a g e
complex with time and gets linked with the heterogeneity of the network structure. Thus,
addressing the issues would be helpful to solve the security issues in internet of things.

Integrity is one of the major factors that are critical for identification of the smart
devices over the network. There is almost no universal method to identify the different
identities on the internet. Thus, sharing data that is highly critical for the organization or an
individual is full of risks. Additionally, many organizations employ perimeter protection
defined by the device. The extrinsic security measures are resource intensive and do not
provide strong security measures as required. The user of such devices also has absolutely no
way to determine the collected data and how it is used or reused. Additionally, the security
issues in the Internet of things are said to be prevalent because of its booming demand, an
abundance of availability and applications with a traditional use of the security measures.
Although the IoT companies for the different devices uses different network protocols for
transferring data, each protocol follows a different set of access mechanism and security
measure. Still, the Internet of things lacks one specified security mechanism to protect the
data that flows over the network. Due to its growing network and increased usage, the
classical authorization and authentication methods may fail. Also, a constraint in resources in
Internet of Things restricts the use of complex security mechanisms.

Intrusion detection: The messages among IoT devices remain protected through
various protocols; however, the networks over which the messages get transmitted are still
prone to various attacks that can disrupt the entire network. The firewalls and Intrusion
Detection Systems (IDS) help in averting such vulnerabilities (Bovet and Hennebert 2013). The
characteristics of IoT are similar to that of WSN; hence, the IDS that are suitable for WSN can
undoubtedly fit in the IoT network. In IoT, the IP address helps to identify the nodes globally
(Lushey and Munro 2015). For example, in 6LoWPAN, the 6BR (6LoWPAN Border Router) is
always reachable to connect to its network through the Internet. Therefore, such cases
require end-to-end message security. Hence, after exploiting the characteristics of IoT,
designing IDS for IoT becomes worthy. However, it is difficult to develop an IDS for IoT as it
has resources that are constrained, global accessibility, links that are lossy in nature, and the
usage of varied IoT protocols.

23 | P a g e
 Data security: Typically, the data stored in any storage model lies in the encrypted
state with its cryptographic hash. This encrypted data is decrypted, verified for its integrity,
re-encrypted and its integrity is re-protected before transmitting it to the host, who
requested the stored data. In this way, the operations of cryptography occur twice. Recently,
flash memories have developed, which has empowered the data storage in constrained
devices. Therefore, these memories can help to achieve the goals of energy minimization in
IoT gateways. It also helps to eliminate the double operations of cryptography.

When it comes to the internet of things, the IoT gateways are used to connect these
smart devices bridging the gap between the IT structure and the operations within a business.
It initiates by optimizing the system performance through the operational data. This data is
then gathered and processed in real time at the network edge or in the field. The IoT gateways
can perform various tasks. Promotion of high scalability is helpful. They can collect the
intelligent data from the data center or the cloud and push it to the network edge. The
gateways, themselves have the high processing power, storage, and memory. Thus, the end
point devices do not need them.

Quick Production can be gained with this. Time to market is reduced significantly with
an accelerated and more advanced production line. Reduced Telecommunication Cost is one
of the major benefits of IoT security policies. The basis of gateways is the reduced Machine
to Machine communication. Thus, this infrastructure needs a smaller network and reduced
WAN traffic. The gateways are capable enough to isolate devices and sensors that are
suspicious, or not performing well. It is done to prevent the production lines from bigger
problems in the future. Apart from their high performance, the gateways have their set of
challenges when it comes to security. Here are some of the gateway based security issues the
internet of things faces. These challenges vary as the application areas of the devices changes.
Thus, organizations need to consider all the policies and its advantages while considering the
policies for mitigating security issues.

Security and privacy: These policies focus on the data that gets deliveredto the IoT
network through gateways nodes or instances (Bovet and Hennebert 2013). The policies
cover the activities of people, the flow of processes, and the use of technology. These
components are the means of unwanted activities (Dumay and Cai 2015). Hence, these

24 | P a g e
policies focus on preventing such actions as they might bring huge destruction to the data
transmitted over the IoT network.

The security policies applicable at different layers of the communication channel for
safe information transfer. Use of IEEE 802.15.4 protocol at this layer helps secure the data
transfer in an IoT network. It protects the communication per-hop basis where every node of
the communication path is authenticated using a pre-shared key. Network load balancing
builds clusters which balance loads of the incoming client’s requests. It is one of the most
efficient methods to achieve scalability and availability of the network. It reduces the
response time and reduces the risk of intrusions and breach. Securing the network is very
crucial in IoT. The information transmitting over the internet is prone to many threats of
unauthorized access. Use of efficient policies, protocols, and algorithms helps in securing the
network. It helps in protecting the IoT gateways by shielding them from malicious web data
securing them from hazards.

The operational policy will govern the functioning of the devices, systems, and their
communication. The functionalities of the system will contain the service types that the user
can access according to his/her security credentials. Moreover, the functionalities can also
limit the information that gets shared among the users and different nodes and instances of
gateways. The security management policy will enforce criteria for security that will enforce
secure interoperability and collaboration among the gateway instances and nodes that get
distributed throughout the IoT network. The primary goal of the security policy is to prevent
any unauthorized network within the IoT network through the gateways. The security policy
covers multi-tenant isolation, intrusion detection, and data security.

6.1.4 Security Policy Implementation Plan

The network, operational, and security policies help to protect the IoT gateways and
devices from spy attacks and intrusions. The policies illustrate the respective security
components and the means by which it protects the IoT environment. The security policy
management should primarily focus on policy authoring and defining and policy assignment
and delivery.

25 | P a g e
6.1.5 Policy Authoring and Defining
The security policy will get assigned to a group of end points. It is composite with
baseline policies. These policies get customized to the individual endpoints (Bovet and
Hennebert 2013). Thus, the security policy will eliminate the need to rebuild the entire policy
every time for every endpoint. The security policies formulated must clearly state its behavior
according to the network or organizational policy and translate into the policy settings of the
machine. There are minimum two places, which require simplification of the security policy
for a better understanding of human workforce: policy definition and event analysis (Dumay
and Cai 2015). The policy definition is the process of defining the behaviors in the IoT
environment. The definitions are later translated into security settings and stored in endpoint
machine policy. On the other hand, the beginning of event analysis occurs during the analysis
of the security events in a secure location after sending them from the endpoints. Moreover,
a security policy should remain updated on the basis of the security event analysis.

6.1.6 Policy Assignment and Delivery

In the process of policy management, there occurs a need for security policy definition
for each endpoint (Bovet and Hennebert 2013). Therefore, in order to define the policy across
all the endpoints, a need arises for a coarse-grained mechanism. The reuse of policy elements
across various policies is possible only when a policy has a proper structure with sub-
elements. A policy library can be used to hold various sub-elements of different policies to
avoid the need for redefining policy for minimal changes (Bovet and Hennebert 2013). With
a collection of default sub-elements, the policy definition process becomes easy and does not
require redefining the entire policy. The defined endpoint security policy should be assigned
to single or a group of the endpoint(s). This approach allows proper management of endpoint
management at the atomic level, without the need for an individual policy definition. Apart
from reuse, an automated mechanism is also recommended to deliver endpoint machine
policy (Lushey and Munro 2015). The automated mechanism helps in tracking the policy along
with its sub-elements for each endpoint. This mechanism also provides additional oversight
of the entire security process management. Additionally, this mechanism experiences a
gradual reduction in human errors and scaling in automation.

26 | P a g e
6.1.7 Filtering Application
It is a known fact that enormous information floats over the internet out of which
some data is legitimate and authentic, while other is destructive. Therefore, it becomes
necessary to distinguish between the authentic and the fake information and applications
(Bovet and Hennebert 2013). Thus, a list of authentic application is made which gets matched
to the web application which requests for access. If the application matches the list it is
granted access to the IoT network otherwise it is restricted. This approach of information and
application filtering protects the IoT gateways from spyware and malware attacks.

6.1.8 Policy Administration

An administration is necessary for proper enforcement of the policy framework. It is
the responsibility of the policyadministration to upload and alter the security policies and
applications which are important for IoT protection (Kim et al. 2015). It is back-end interface
designed for admin access. The policy repository is timely updated by the administration, so
that latest security policies get stored in the database, and the old ones get replaced (Lushey
and Munro 2015). The policy mapping module matches the policies from the repository, and
it is the reason for keeping the repositoryupdated, so that latest policyis enforced for filtering
the applications. It improves the security of the network.

6.1.9 Policy Enactment

A gateway is used which implements all the security policies implemented in the IoT
network. It is the responsibility of this gateway to grant or restrict the access to the
application and information (Kim et al. 2015). The gateway accepts the decisions of policy
mapping and accordingly responds to the client’s request. It is a barrier which obstructs the
path of the irrelevant application and does not grant them access to the secure IoT network.
It secures the IoT gateways and devices by making appropriate access control decisions

6.1.10 Policy Resolver

The security policy management must implement a methodology of attribute oriented
security resolution to identify the components that indulge in interactions. The resolver helps
to identify and authenticate the users trying to connect to the IoT network through the
gateway node or instance (Kim et al. 2015). The identity gets validated based on the user’s

27 | P a g e
set of attributes presented. The resolver consists of several sub-components, which validate
the attributes of the users.

Attribute finder. The attribute finder analyses the set of attributes of users. The
attributes get queried from the database, which is used to identify the user attributes.

Attribute resolver. After determining the identity of the user, the attribute resolver
receives a verification request to ensure the validity of the identity. Once the identity is
validated, it gets sent to the policy resolver.

Attribute database. The attribute database is a repository that holds the attributes of
users, which is used to identify the access privileges for the requested resources.

After the process of attribute resolution is complete, the policy resolver grips the user
identity for a temporary period (Kamboj and Rana 2013). The module sends this information
to the decision engine whenever required. The decision engine can perform any task on the
information such as aggregation or validation of the information.

6.1.11 Policy Repository

The security policy repository holds the rules and policies, which the policy decision
engine refers to the decision process. The most critical part of the security policy management
is the decision-making engine (Wiek and Lang 2016). This engine handles all the tasks such as
validation, authorization, authentication, and accessibility. This engine links to all the
subsequent parts of the policy implementation process.

6.2 Addressing research question 2

Manufacturers of IoT are facing big challenges and barriers due its early stage and no
standardization. As it has been examined in the above research in great detail the risk
associated with IoT products, following approaches are recommended for IoT product
manufactures for implementing these technologies in the life cycle.

1- Gain certifications

Manufacturers are advised to gain ISO 27001 and other security related certification
for their newly innovative devices and for the production of IoT devices.

2- Security by design:

28 | P a g e
 Why?

 Changes are much easier to make early in the product life cycle
 Privacy and security is not something that can be added at later stage

How?

 Manufacturer should think like hacker

 Assess magnitude of a compromise
 Evaluate technology components

Some of the core information security concepts for building IoT products includes 1)
Authentication 2) Encryption 3) Data Integrity.

It is proposed that manufactures use the best proven solution for device identity. i.e.
PKI (public key infrastructure). Its application is embedded in variety of protocols standard
including TLS. It allows to enable range of security principles including authentication,
encryption and data integrity.

Manufacturers can overcome barriers of producing insecure devices by using TPMs

(cypto-procoessors) which can perfectly pair with software based PKI to maintain a strong
and secure IoT environment.

Results of implementing hardware based PKI along with software based PKI is security
authentication and private communication, trusted interface for administration and security
firmware updates.

Following benefits can be considered highly possible once hardware and software
based PKI is employed in manufacturing IoT devices for device identity.

- Diversity of devices and processing power

- Size and scale of eco system
- Trust models between device to device or device to gateway implementations

Discussion
The primary focus of this research report is to highlight the need for security policies in the
securing the IoT gateways to prevent information theft. The interconnection of millions of

29 | P a g e
devices defines the Internet of things; however, this extensive network connection is prone
to numerous vulnerabilities and intrusion threats. The IoT network transmits crucial
information across the web and hence it is necessary to secure the network. IoT gateways act
as the barrier between the organizational network and the internet, and therefore there is a
need to secure the gateway to block the entry of unwanted elements into the private
network. The security policies defined in this research project mainly focus on network
protection, operational management, and information security.

Integrity and privacy of the Internet of things are major concerns. With the prominent use of
the Internet of things in homes and workplaces, a lot of data and critical information travels
over the network. The most common and widely used devices that are dominating this field
are the smart phones. Employing a large number of smart phones as a gateway rises hundreds
of privacy issues on the network. It is conceivable that an owner with a peripheral device can
localize a gateway owner by receiving data through that particular gateway from peripherals
at locations that are known. On the other hand, a peripheral device moving through a
collection of gateways that are colliding can be localized. Both these above cases are the
examples of privacy violations

For the wireless network, however, the situation is opposite. This network has numerous
open ends for the attacker. And until and unless a proper security subsystem is installed and
maintained over the wireless links, it becomes quite easy for the attackers to make space for
themselves into the network. The attacks are also dependent on the wireless link layer
protocol properties.

The DNS spoofing with this attack alters the DNS server so that it redirects the users to the
attacker’s server. This attack can occur in more than one ways to directly hit the network.
Here, the DNS server changes the Internet Domain Names to IP addresses relieving the users
from the task of remembering a long series of numbers. The DNS spoofing here can alter the
cache to translate the intended IP address to a different one. Thus, all aspects need to be
considered while using internet of things.

These IoT policies focus on implementing protection at the various network layers to ensure
total safety. Moreover, the study identifies the various security measures that could be put in
place to protect the gateways. It suggests the implementation of firewalls and cryptosystems

30 | P a g e
so that unauthorized access to the organizational network can get prevented. The reason
behind implementing this security measures and safety policies lies in the fact that
organizations face many security barriers such as personal barriers, communication barriers,
management barriers and much more which increase the network vulnerability. Additionally,
there exist various gateway problems like denial of service attacks, spyware, and malware
attack which need to get prevented for secure information transmission. Thus, to prevent all
such network attacks and security barriers the enforcement of the network policy is
mandatory.

The operational policy derived from the research explains the working of the IoT
devices, systems, and its various programs. It highlights that operation security ensures the
safety of all the operational components including the utility programs, operating systems,
and other systems. It implements security measures such as secure on boarding, firmware
updates and limiting interfaces to ascertain that firm’s hardware and software remains
updated so that its vulnerability gets reduced. Moreover, it increases the life of the
organizational network. It ensures that all the backdoors for hacker’s intrusion get closed so
that the information transfer within the organization becomes safe. It overcomes the gateway
problems and barriers. These policies guide the proper operations of the information system.

The security policy demonstrates the information security need for any IoT network.
It explains that data is always vulnerable in a network. There always exist threats of data theft
and data manipulation. Hence, it is necessary to implement policies to attain data integrity
and confidentiality. The policy guideline devised in this research lays stress on multi-tenant
isolation, intrusion detection, data security and data privacy. These policy measures sync with
the standard ISO security policy which talks about implementing physical and cryptographic
security on the data to secure it from unauthorized attack. The enforcement of security
measures such as the cryptosystems and access control helps control unwanted access to the
information thereby protecting crucial organization data. The main aim of these policies is to
ensure data safety and safe communication within the IoT network. It provides that the IoT
devices transfer authentic and correct information and saves data from being stolen.

The policies suggested in the document resolves the research question of information
security and privacy issues. Furthermore, it suggests guidelines for addressing the barriers to

31 | P a g e
information security. It explains that information is the primary asset in an organization and
its safety can never get compromised. Therefore, in the case of IoT networks which works
entirely on information transmission policies are necessary for securing the data. The gateway
security policies ensure that IoT gateways transmit safe information in and out of the network
thereby assuring data integrity.

Chapter 7: Conclusion

5.1 Conclusion
Internet of things is a hot topic in the field of technology, policy, and engineering. It is
expected to enhance the ways people live. The experts expect it to change not only people’s
lifestyle but all organization’s way of working. It has both supporters as well as predictors.
This thesis clearly introduces the communication models. It focusses on device-to-device
communication, device-to-cloud communication, device-to-gateway communication, and
back-end data –sharing communication. Moreover, the thesis also introduces the issues
related to the Internet of Things. The issues related to privacy, interoperability, emerging
economies, legal and regulation rights, and security. The privacy issues such as data collection,
surveillance and many more issues are focused. The thesis sheds light on the interoperability

32 | P a g e
of the service and products. It highlights the issue of vendor lock-in and ownership
complexity. Moreover, the emerging economies will need to address IoT issues to exploit its
benefits. Additionally, the legal section also has an effect on the IoT. The implementation of
IoT will have to consider the legal and regulation rights related to data, civil, security, personal
and many other aspects. One of the major issues is the security, upon which the paper
focusses. The paper discusses several security challenges for implementing IoT. The
communication in such technologies requires cryptographic confidentiality, authentication,
and integrity. However, despite such secure communication, they are still prone to security
issues such as interface debugging, side channel attack, and DoS attack. With the help of side
channel attack, the users can gain access to the physical aspects of the system and directly
collect the data from them. Moreover, as IoT work completely over the network the risk of
DoS attack is enormous. These issues are a very important point of consideration, as many
applications associate with IoT. Some of such application include smart homes and offices,
logistics and transports, and industries such as entertainment, banking, environmental
sciences, healthcare, dining, sports and fitness, retail, telecommunication, hospitality,
science, manufacturing, education, and more. Such wide scope of IoT raises the
responsibilities of manufacturers and developers to secure the network and data associated
with it. Manufacturers compromise the security in most of the case just to make it cheap or
to meet other requirements. Sometimes due to the use of mobile applications used as a
gateway for the IoT devices might also have insufficient IoT implementation. Therefore, the
paper discusses the wide scope of IoT, its threats, vulnerabilities, and privacy issues.
Moreover, it suggests the measures to mitigate security vulnerabilities through IoT gateways.
The paper fulfills its objectives of identifying the gateway-based security measures and
recommendation of best practices to enhance the security features of IoT.

Lastly and most importantly, Security is never a single person’s responsibility, no one
person will understand full scope of the environment. It’s a team game. Security is not a
product rather it is a process, attackers continue to find vulnerabilities to attack and industry
endlessly prevents attackers by securing their infrastructure.

It’s going to be very hard for manufactures to secure their products 100%. Burden of
security comes to security experts in order to security the environment where IOT is being
installed and used.

33 | P a g e
5.2 Limitation and future scope
With a specific target to investigate the effect of gateway based security based
measures for moderating security issues, the researcher has dissected extensive variety of
literary works and in addition broke down crude information in type of suppositions of IT
experts. Along these lines, future researcher may have the capacity to utilize this examination
as a wellspring of additional information to investigate on a similar point. As the researcher
has contrived methods for enhancing representative maintenance, this research may be
useful for management of various organizations to enhance pick up learning with respect to
use of internet of things and mitigating issues with the help of gateway based security
measures.

Despite the fact that the research gives wide future conceivable outcomes, the
researcher has confronted challenges while directing the research. Because of the absence of
sufficient money and time, the researcher has relied upon the restricted materials for
literature review while couple of members was taken for raw information accumulation.
Additionally, it is likewise critical that because of close-ended questionnaires, the IT
professionals have provided erratic answers, which bothers the unexpected stream of the
research and in this manner controlled the exploration result to some degree.

34 | P a g e
References

Aleshunas, J. (2010). Firewalls. [ebook] Webster University, pp.2-12. Available at:

http://mercury.webster.edu/aleshunas/COSC%205130/Chapter-22.pdf [Accessed 28
Jun. 2017].
Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M. and Ayyash, M. (2015). Internet of
Things: A Survey on Enabling Technologies, Protocols, and Applications. IEEE
Communications Surveys & Tutorials, 17(4), pp.2347-2376.
Ballano Barcena, M. and Wueest, C. (2015). Insecurity in the internet of things. [ebook]
Mountain View: Symantec. Available at:
https://www.symantec.com/content/en/us/enterprise/fact_sheets/b-insecurity-in-
the-internet-of-things-ds.pdf.
Banafa, A. (2016). IoT standardization and implementation challenges. [online] Iot.ieee.org.
Available at [Accessed 7 Jun. 2017].
Barnaghi, P., Wang, W., Henson, C. and Taylor, K. (n.d.). Semantics for the internet of things:
early progress and back to the future. [ebook] Guildford: Centre for communication
systems research, university of surrey. Available at: http://ai2-s2-
pdfs.s3.amazonaws.com/fa11/0ddb525702ebd6b501216d7f3dbce365d529.pdf.
Blanter, A. and Holman, M. (n.d.). Internet of things 2020: A glimpse into the future. (n.d.).
ATKearny. Available at:
https://www.atkearney.com/documents/4634214/6398631/A.T.+Kearney_Internet+
of+Things+2020+Presentation_Online.pdf/af7e6a55-cde2-4490-8066-a95664efd35a
[Accessed 7 Jun. 2017].
Bouij-Pasquier, I., El Kalam, A., Ouahman, A. and De Montfort, M. (2015). A Security
Framework for Internet of Things. Cryptology and Network Security, pp.19-31.
Bowers, D. (n.d.). Physical access control. [ebook] Randallstown. Available at:
http://www.ittoday.info/AIMS/DSM/8305101.pdf [Accessed 24 Jun. 2017].
Braun, W. and Menth, M. (2014). Software-Defined Networking Using OpenFlow: Protocols,
Applications and Architectural Design Choices. Future Internet, 6(2), pp.302-336.
Bull, P., Austin, R., Popov, E., Sharma, M. and Watson, R. (2016). Flow based security for IoT
devices using an SDN gateway. 2016 IEEE 4th international conference on future
internet of things and cloud (FiCloud).

35 | P a g e
C.P, V. (2016). Security improvement in IoT based on software defined networking (SDN).
International journal of science, engineering and technology research, [online] 5(1).
Available at: http://ijsetr.org/wp-content/uploads/2016/01/IJSETR-VOL-5-ISSUE-1-
291-295.pdf.
Desai, N. (2016). What is an IoT gateway and how do i keep it secure?. [online]
Globalsign.com. Available at: https://www.globalsign.com/en/blog/what-is-an-iot-
gateway-device/.
Desai, P., Sheth, A. and Anantharam, P. (n.d.). Semantic gateway as a service architecture for
IoT interoperability. [ebook] Available at: https://ai2-s2-
pdfs.s3.amazonaws.com/36c3/477502ac9df418f2c6c6304e820ad344ce56.pdf
[Accessed 14 Jun. 2017].
Dhanjani, N. (2015). Abusing the internet of things. 1st ed. "O'Reilly Media, Inc.", p.216.
Dinh, T. and Kim, Y. (2016). An efficient interactive model for on-demand sensing-as-a-
servicesof sensor-cloud. Sensors, 16(7), p.992.
Fife, C. (2015). Resurrecting Duckling - A model for securing IoT devices. [online] Citrix Blogs.
Available at: https://www.citrix.com/blogs/2015/04/20/resurrecting-duckling-a-
model-for-securing-iot-devices/ [Accessed 29 Jun. 2017].
Fife, C. (2015). Securing the IoT gateway. [online] Citrix Blogs. Available at:
https://www.citrix.com/blogs/2015/07/24/securing-the-iot-gateway/ [Accessed 29
Jun. 2017].
Folkens, J. (2014). Building a gateway to the Internet of Things. [ebook] Dallas: Texas
Instruments, pp.2-5. Available at: http://www.ti.com/lit/wp/spmy013/spmy013.pdf
[Accessed 14 Jun. 2017].
Gilchrist, A. (2017). IoT security issues. 1st ed. Walter de Gruyter GmbH & Co KG, 2017.
Hossain, M., Fotouhi, M. and Hasan, R. (2015). Towards an Analysis of Security Issues,
Challenges, and Open Problems in the Internet of Things. 2015 IEEE World Congress
on Services.
Information technology logical access control guideline. (2007). [ebook] Virginia information
technologies agency. Available at:
https://www.vita.virginia.gov/uploadedfiles/vita_main_public/library/logicalaccessc
ontrolguideline04_18_2007.pdf [Accessed 24 Jun. 2017].

36 | P a g e
Information technology — Security techniques — Information security management systems
— Requirements. (2005). 1st ed. [ebook] Switzerland, pp.13-29. Available at:
http://webcache.googleusercontent.com/search?q=cache:http://minf.vub.ac.be/ma
rc/EHI-614/iso27001.pdf&gws_rd=cr&ei=dTyUWYj0FcXSvwSbiqWgBw [Accessed 16
Aug. 2017].
ISO/IEC 27001:2005(E) A.10.6 Network security management 16(7), p.26.

Intel IoT Gateway. (n.d.). [ebook] Intel. Available at:

https://www.intel.com/content/dam/www/public/us/en/documents/product-
briefs/gateway-solutions-iot-brief.pdf [Accessed 14 Jun. 2017].
Janak, J., Nam, H. and Schulzrinne, H. (2012). On access control in the internet of things.
[ebook] Columbia university. Available at:
http://www.cs.columbia.edu/~hn2203/papers/1_1_ietf_2012.pdf [Accessed 24 Jun.
2017].
Jones, B. (1992). Improving security in the FDDI Protocol. [ebook] Naval Postgraduate School,
pp.16-21. Available at: http://www.dtic.mil/dtic/tr/fulltext/u2/a257546.pdf
[Accessed 29 Jun. 2017].
Jungo, C. (2015). Integrity and trust in the internet of things. [ebook] Swisscom Ltd. Available
at:
https://www.swisscom.ch/content/dam/swisscom/en/about/responsibility/digital-
switzerland/security/documents/integrity-and-trust-in-the-internet-of-
things.pdf.res/integrity-and-trust-in-the-internet-of-things.pdf.
Kim, J. (2015). Requirement of security for IoT application based on gateway
system. International Journal of Security and Its Applications, [online] 9(10), pp.201-
208. Available at: http://www.sersc.org/journals/IJSIA/vol9_no10_2015/18.pdf.
Lin, H. and Bergmann, N. (2016). IoT Privacy and Security Challenges for Smart Home
Environments. Information, [online] 7(3), p.44. Available at:
http://www.mdpi.com/2078-2489/7/3/44/pdf [Accessed 7 Jun. 2017].
Man In the middle attack. (n.d.). [ebook] p.1. Available at:
http://site.iugaza.edu.ps/nour/files/lab4-MITM1.pdf.
Mason, J. (2002). Qualitative researching. 2nd ed. London: SAGE publications ltd.

37 | P a g e
Pal, A. and Purushothaman, B. (2016). IOT technical challenges and solutions. 1st ed. Artech
House, p.83.
Panasenko, S. and Smagin, S. (2011). Lightweight cryptography: Underlying principles and
approaches. International Journal of Computer Theory and Engineering, [online] 3(4),
pp.516-518. Available at: http://www.ijcte.org/papers/360-JG527.pdf.
Park, J., Chen, S. and Choo, K. (2017). Advanced multimedia and ubiquitous engineering. 1st
ed. Springer, p.253.
Park, N. and Kang, N. (2015). Mutual authentication scheme in secure internet of things
technology for comfortable lifestyle. Sensors, 16(1), p.20.
Proxy Server. (n.d.). [ebook] Tutorialspoint. Available at:
https://www.tutorialspoint.com/internet_technologies/pdf/proxy_servers.pdf
[Accessed 24 Jun. 2017].
Reddy, A. (2017). Safeguarding the Internet of Things. [ebook] pp.10-11. Available at:
https://www.cognizant.com/whitepapers/safeguarding-the-internet-of-things-
codex2465.pdf [Accessed 24 Jul. 2017].
Research skills. (2010). [ebook] University of leicester. Available at:
https://www2.le.ac.uk/projects/oer/oers/ssds/oers/research-
skills/Research%20skillscg.pdf.
Rose, K., Eldridge, S. and Chapin, L. (2015). The internet of things: An overview. Internet
Society, pp.1-18. Available at:
https://www.internetsociety.org/sites/default/files/ISOC-IoT-Overview-
20151014_0.pdf [Accessed 7 Jun. 2017].
Russell, C. (2002). Security awareness - implementing an effective strategy. [ebook] SANS
institute. Available at: https://www.sans.org/reading-
room/whitepapers/awareness/security-awareness-implementing-effective-strategy-
418 [Accessed 29 Jun. 2017].
SDN architecture overview. (2014). [ebook] Palo Alto: Open networking foundation, p.6.
Available at: https://www.opennetworking.org/images/stories/downloads/sdn-
resources/technical-reports/TR_SDN-ARCH-Overview-1.1-11112014.02.pdf
[Accessed 24 Jun. 2017].

38 | P a g e
Shu, Z., Wan, J., Li, D., Lin, J., Vasilakos, A. and Imran, M. (2016). Security in Software-Defined
Networking: Threats and Countermeasures. Mobile Networks and Applications, 21(5),
pp.764-776.
Stankovic, J. (2014). Research Directions for the Internet of Things. IEEE Internet of Things
Journal, 1(1), pp.3-9.
The Royal Literary Fund. (2017). Literature reviews. [online] Available at:
https://www.rlf.org.uk/resources/why-write-a-literature-review/.
Treadway, J. (2016). Using an IoT gateway to connect the "Things" to the cloud. [online] IoT
Agenda. Available at: http://internetofthingsagenda.techtarget.com/feature/Using-
an-IoT-gateway-to-connect-the-Things-to-the-cloud [Accessed 7 Jun. 2017].
Yousuf, T., Mahmoud, R., Aloul, F. and Zualkernan, I. (2015). Internet of Things (IoT) security:
Current status, challenges and countermeasures. International Journal for
Information Security Research, [online] 5(4), pp.608-616. Available at:
http://www.aloul.net/Papers/faloul_ijisr15.pdf.
Zachariah, T., Klugman, N., Campbell, B., Adkins, J., Jackson, N. and Dutta, P. (2015). The
internet of things has a gateway problem. Proceedings of the 16th international
workshop on mobile computing systems and applications.

Appendix

Survey questionnaire:

1. How long you are using and involved with the applications of internet of things?

Options
Less than 6 months

39 | P a g e
 6 months – 12 months
1-2 year
3-4 years
More than 4 years
2. How far do you believe use of internet of things is risky as security concerns involved
with it?

Options
Strongly Agree
Agree
Neutral
Disagree
Strongly Disagree
3. How far do you believe that is important to address the security issues involved with
internet of things?

Options
Strongly Agree
Agree
Neutral
Disagree
Strongly Disagree
4. What are the security measures you have taken for securing the use of internet of things?

Options
Heterogeneity
Security policies
Encryption key
management.
Security awareness
Authentication
5. How far you agree that gateway based security measures can be helpful to mitigate your
issues for using internet of things?

40 | P a g e
 Options
Strongly Agree
Agree
Neutral
Disagree
Strongly Disagree
6. How far do you believe that IoT gateway security policies can be helpful to mitigate
security issues in IoT systems?

Options
Strongly Agree
Agree
Neutral
Disagree
Strongly Disagree
7. Which security policy you think more useful for mitigating security issues in IoT?

Options

Network
Management Policies

Operational
Management Policy

Security Management
Policies

8. How far do you believe that software-defined networking has an important role in this
aspect?

Options

41 | P a g e
 Strongly Agree
Agree
Neutral
Disagree
Strongly Disagree
9. Being an IT professional, what is your opinion regarding the best technique of securing
internet of things from an end user?

Options
proxy service
Enabling firewalls
LAN gateway
secure on boarding
firmware updates
10. How far do you agree that cryptosystem has an important role in securing the
applications of internet of things?

Options
Strongly Agree
Agree
Neutral
Disagree
Strongly Disagree
11. How far do you believe that effective access control can mitigate issues in internet of
things?

Options
Strongly Agree
Agree
Neutral
Disagree
Strongly Disagree

42 | P a g e
43 | P a g e
44 | P a g e