Baghel
Institute
Baghel
Institute
Baghel
Institute
DOAP
DOAP
DOAP
Diploma In Office Automation & Publishing
DURATION 1 YEAR
Eligibility 10th / 12th
SEMESTER - 1
-
Computer Concept & Fundamentals
-
Operating System
-
MS-Office (MS-Word, MS- Excel, MS-PowerPoint, MS-Access)
-
HTML & Front Page
-
Lab-I
SEMESTER - 2
-
Basics of Financial Accounting
-
Computerized Accounting Through Tally
-
D.T.P. (Page Maker, Corel Draw, Photoshop)
-
Computer Network & Internet
-
Lab-II
Diploma In Office Automation & Publishing
DURATION 1 YEAR
Eligibility 10th / 12th
SEMESTER - 1
-
Computer Concept & Fundamentals
-
Operating System
-
MS-Office (MS-Word, MS- Excel, MS-PowerPoint, MS-Access)
-
HTML & Front Page
-
Lab-I
SEMESTER - 2
-
Basics of Financial Accounting
-
Computerized Accounting Through Tally
-
D.T.P. (Page Maker, Corel Draw, Photoshop)
-
Computer Network & Internet
-
Lab-II
Diploma In Office Automation & Publishing
DURATION 1 YEAR
Eligibility 10th / 12th
SEMESTER - 1
-
Computer Concept & Fundamentals
-
Operating System
-
MS-Office (MS-Word, MS- Excel, MS-PowerPoint, MS-Access)
-
HTML & Front Page
-
Lab-I
SEMESTER - 2
-
Basics of Financial Accounting
-
Computerized Accounting Through Tally
-
D.T.P. (Page Maker, Corel Draw, Photoshop)
-
Computer Network & Internet
-
Lab-II
Chapter 5: Security and Future of IoT Ecosystem
5.1 Introduction to IoT Security
• IoT Security: Safeguards connected devices and networks in the Internet of Things (IoT).
• IoT connects devices like computers, machines, animals, or people, each with a unique identifier.
• Devices exchange data over the internet, exposing them to potential vulnerabilities.
• Vulnerabilities: Weaknesses in a system allowing:
• Execution of unauthorized commands.
• Data breaches.
• Denial-of-Service (DoS) attacks: Attempts to make a system or resource unavailable.
Example: A smart home device like a thermostat being hacked due to weak security measures.
5.2 IoT Security Measures
• Security: Ensuring devices and networks are inaccessible to unauthorized users.
• Example: Data exchange happens only between authenticated sender and receiver.
• Key Vulnerabilities:
1. Communication Attacks: Target data transfer between devices.
• Solution: Use cryptography to secure information.
2. Lifecycle Attacks: Exploit ownership changes (manufacturer to user).
• Solution: Update passwords frequently.
3. Software Attacks: Disrupt normal device functions by exploiting software flaws.
• Example: Malware targeting outdated software.
4. Physical Attacks: Directly access device hardware to extract sensitive data.
Example: Removing a microSD card to steal embedded passwords.
5.3 Cyber Security
• Cyber Security: Protects IT systems, networks, and data from unauthorized access.
• Protects digital equipment and information from theft, hacking, and data breaches.
• Key Areas of Focus:
• Data Security: Encryption of sensitive information during transmission.
• Access Control: Limiting user access based on authentication.
• Software Updates: Regularly patching vulnerabilities.
5.4 Best Practices for IoT Security
• Use strong, unique passwords for every device.
• Enable firewalls and network security tools to block unauthorized traffic.
• Regularly update device firmware and software.
• Monitor devices for unusual activity, such as unauthorized logins or data spikes.
• Use Multi-Factor Authentication (MFA) for extra security.
MCQs
1. Which of the following describes a Denial-of-Service (DoS) attack?
A. Unauthorized access to sensitive data.
B. Making a system unavailable to users.
C. Encrypting user data without consent.
D. Monitoring device communication.
Answer: B. Making a system unavailable to users.
2. What is the purpose of cryptography in IoT?
A. To prevent physical attacks.
B. To secure data transmission.
C. To disable unauthorized devices.
D. To enhance device performance.
Answer: B. To secure data transmission.
3. Which vulnerability exploits device ownership changes in IoT?
A. Software attacks.
B. Communication attacks.
C. Physical attacks.
D. Lifecycle attacks.
Answer: D. Lifecycle attacks.
4. What is the primary role of Multi-Factor Authentication (MFA) in IoT security?
A. To block malware.
B. To ensure firmware updates.
C. To provide an extra layer of user authentication.
D. To encrypt device communication.
Answer: C. To provide an extra layer of user authentication.
5. Which of the following is an example of a physical attack on IoT devices?
A. Malware targeting outdated software.
B. Intercepting data during transmission.
C. Extracting data from device hardware.
D. Using weak passwords for access.
Answer: C. Extracting data from device hardware.
​
5.4 Need for Security in IoT
• We live in a digital world where everything is interconnected, from internet banking to government infrastructure.
• Sensitive data (e.g., intellectual property, financial data, personal information) stored on devices can be targeted by hackers.
• Security breaches can:
• Cause financial losses.
• Endanger the global economy.
• Enable hackers to perform criminal activities like:
• Monitoring live feeds.
• Changing device settings.
• Authorizing unauthorized users.
Examples of IoT Security Issues
1. Connected Cars: Hackers can:
• Take control of the entertainment system.
• Unlock doors or shut down the car while in motion.
2. Wearable Devices: Hackers can:
• Steal data using motion sensors in smartwatches.
• Access health information from fitness apps.
3. Home Control Hubs:
• Attackers can tamper with heating, lighting, and locks.
4. Industrial Systems:
• Hack wireless networks to manipulate sensors.
The CIA Triad of Security
• The CIA Triad forms the foundation of security measures:
1. Confidentiality:
• Ensures data is only accessible to authorized users.
• Example: Data encryption prevents unauthorized access.
2. Integrity:
• Protects data from unauthorized modifications.
• Example: Ensuring the source of data is genuine.
3. Availability:
• Guarantees reliable access to information by authorized individuals.
• Example: Protection against Denial-of-Service (DoS) attacks.
5.5 Types of Cyber Attacks
5.5.1 Web-Based Attacks
1. Injection Attacks:
• Inject malicious code into applications (e.g., SQL Injection, Cross-Site Scripting).
• Can cause data theft, loss, or system compromise.
2. DNS Spoofing:
• Corrupts DNS data to redirect users to malicious websites.
• Prevention: Avoid clicking on suspicious links and scan devices for malware.
3. Session Hijacking:
• Hackers control browser elements like homepages and search bars.
• Users are redirected to malicious websites.
4. Phishing:
• Trick users into revealing sensitive information (e.g., passwords, credit card details).
• Prevention Tips:
• Verify email senders.
• Avoid clicking suspicious links.
• Check for spelling errors in emails.
5. Brute Force Attacks:
• Hackers guess passwords using trial-and-error.
• Prevention:
• Use strong passwords.
• Limit login attempts.
• Enable two-factor authentication.
5.5.2 System-Based Attacks
1. Viruses:
• Replicate themselves to infect programs and data.
• Can steal sensitive information, slow systems, and display fake pop-ups.
2. Worms:
• Self-replicating programs that spread without user interaction.
• Cause damage by consuming disk space and memory.
3. Trojan Horses:
• Appear as useful programs but perform malicious actions like stealing data.
• Spread through email or software downloads.
4. Bots:
• Automated programs that perform tasks (e.g., sending spam, crawling websites).
• Malicious bots can compromise security and spread malware.
5.6 IoT and Cybersecurity Challenges
• Security is often overlooked during product design due to cost and time constraints.
• Challenges include:
1. Blockchain Revolution:
• Blockchain ensures secure and transparent transactions.
• Used in banking, healthcare, and finance to prevent tampering.
2. Ransomware:
• Encrypts data until a ransom is paid.
• Spread through malicious emails or insecure devices.
3. IoT Threats:
• IoT devices are prone to attacks affecting confidentiality, integrity, and availability.
• Devices need efficient security protocols despite limited resources.
4. Serverless Apps Vulnerability:
• Quickly deployed apps may have security loopholes.
• Risk of data interception during network transit.
MCQs
1. What is the purpose of the CIA Triad in IoT security?
A. To ensure device compatibility.
B. To secure confidentiality, integrity, and availability.
C. To reduce device costs.
D. To simplify network design.
Answer: B. To secure confidentiality, integrity, and availability.
2. Which of the following is an example of an injection attack?
A. DNS spoofing.
B. SQL Injection.
C. Brute force attack.
D. Phishing.
Answer: B. SQL Injection.
3. How can ransomware spread to devices?
A. Through session hijacking.
B. Via malicious spam emails.
C. Using web crawlers.
D. By injecting DNS spoofing scripts.
Answer: B. Via malicious spam emails.
4. What is the main characteristic of a worm?
A. It requires user interaction to spread.
B. It is self-replicating without user intervention.
C. It alters browser settings.
D. It encrypts system data.
Answer: B. It is self-replicating without user intervention.
5. What does Blockchain technology primarily ensure?
A. Confidential and immutable transaction records.
B. Automatic data deletion.
C. Real-time device updates.
D. Wireless data sharing.
Answer: A. Confidential and immutable transaction records.
​
5.7 Privacy for IoT-Enabled Devices
Importance and Use of IoT
• IoT devices are now everywhere, such as:
• Fitness trackers.
• Vehicles and home appliances.
• These devices:
• Track sleep patterns.
• Allow remote control of coffee machines, air conditioners, etc.
• Impact on industries:
• Manufacturing, energy, agriculture, and construction use IoT to optimize processes, saving time and money.
• Healthcare advancements:
• IoT enables devices for heart monitoring, asthma management, and even cancer treatment.
• Doctors can use apps to track if patients take prescribed medications.
Challenges with IoT Devices
1. Difficult to Encrypt:
• IoT devices often have weak hardware, limited memory, and low processing power, making encryption difficult.
2. Lack of Experience:
• Many new manufacturers lack experience in IoT device programming.
3. Lack of Standards:
• Security standards for IoT devices are still under development by organizations like NIST and IoTSF.
4. Third-Party Vulnerabilities:
• IoT devices often rely on third-party components, making them vulnerable to security exploits.
5.8 Major IoT Leaks
Examples
1. Mirai Botnet:
• Cybercriminals used IoT devices to launch DDoS attacks.
• Affected services included Amazon, Netflix, Twitter, and others.
2. Hackable Cardiac Devices:
• Vulnerable heart devices allowed attackers to reprogram them, potentially endangering patients.
3. Casino Fish Tank Hack:
• In 2017, hackers accessed a casino database through an internet-connected fish tank thermostat.
4. VPNFilter Malware:
• In 2018, malware infected over 500,000 routers in 50+ countries.
• It stole data, blocked network traffic, and collected sensitive information.
5.9 Security for Consumer Devices
Risks in IoT Devices
• Potential risks include:
1. Unauthorized Access:
• Hackers can misuse personal data.
2. System Attacks:
• IoT devices can be exploited to attack other systems.
3. Safety Risks:
• Threats to personal safety due to compromised devices.
Security Measures for IoT Devices
• Minimize Data Collection:
• Only collect and store necessary data.
• Build Security into Design:
• Conduct risk assessments and test security measures before launching products.
• Monitor Security:
• Implement patches and updates throughout the device lifecycle.
• Train Employees:
• Provide proper security training to ensure best practices are followed.
Tips for Consumers
1. Change default passwords and credentials.
2. Regularly apply software updates.
3. Choose devices that meet high security standards.
MCQs
1. Why is encryption challenging for IoT devices?
A. Limited memory and weak hardware.
B. Lack of internet connectivity.
C. High processing power.
D. Strong security protocols.
Answer: A. Limited memory and weak hardware.
2. What was targeted in the Casino Fish Tank hack?
A. Customer payment data.
B. Casino’s database via the thermostat.
C. IoT manufacturing units.
D. Fitness trackers.
Answer: B. Casino’s database via the thermostat.
3. What is the primary function of VPNFilter malware?
A. Encrypting user data.
B. Blocking network traffic and stealing data.
C. Improving router performance.
D. Enhancing IoT connectivity.
Answer: B. Blocking network traffic and stealing data.
4. Which organization is working on IoT security standards?
A. NASA
B. NIST
C. WHO
D. WTO
Answer: B. NIST
5. How can consumers enhance IoT security?
A. Use default passwords.
B. Avoid software updates.
C. Demand secure devices and update credentials.
D. Collect unnecessary data.
Answer: C. Demand secure devices and update credentials.
​
5.10 Security Levels
Types of Attacks in IoT
• IoT faces active attacks and passive attacks, which can disrupt functionality and compromise security.
1. Active Attacks
• These involve direct interference with communication, such as:
• Modifying transmitted messages.
• Capturing authentication sequences.
• Creating false messages.
• Challenges:
• Difficult to prevent as all communication facilities must be protected continuously.
• Recovery is possible after detecting disruptions.
• Categories:
1. Internal Attacks: Initiated by someone within the system.
2. External Attacks: Carried out by outside intruders.
2. Passive Attacks
• Involves listening to or sensing communication without physically interfering.
• Example: Eavesdropping on patient data in a medical system.
Threat Levels in IoT
• Attacks are categorized based on their impact:
1. Low-Level Attack:
• Attack on the network that fails to cause significant damage.
2. Medium-Level Attack:
• Intruder listens to communication but does not alter data integrity.
3. High-Level Attack:
• Intruder alters or modifies transmitted data, affecting its integrity.
4. Extremely High-Level Attack:
• Unauthorized access leads to illegal operations, such as:
• Sending bulk messages.
• Jamming the network.
• Rendering the system unavailable.
5.11 Protecting IoT Devices
Core IoT Security Measures
1. Built-in Security:
• Design systems with security as a foundation.
• Include encryption, authentication, and rigorous data verification.
2. Secure Software and Firmware:
• Ensure firmware integrity to protect against tampering.
• Use dynamic testing for identifying vulnerabilities.
3. Public Key Infrastructure (PKI):
• Manage encryption keys and secure data exchanges.
4. API Security:
• Protect data integrity during communication with backend systems.
5. Hardware Security:
• Make devices tamper-proof and resilient in harsh environments.
6. Strong Encryption:
• Encrypt data both at rest and during transit using cryptographic algorithms.
• Example: BitLocker encryption in Windows IoT.
7. Network Security:
• Secure ports and block unauthorized IP addresses.
• Use firewalls, anti-malware, and intrusion detection systems.
Consumer and Developer Responsibilities
• For Developers:
• Avoid hardcoded credentials; require updates before device use.
• Regularly release firmware updates and patches.
• For Consumers:
• Change default credentials.
• Apply regular software updates.
• Use devices that meet high-security standards.
5.12 Future of IoT Ecosystem
Impact of IoT on Future
• IoT will redefine living styles and business models, enabling:
• Communication between devices and people at any time and place.
• Integration of any network and service for optimal conditions.
Applications of IoT
• Smart objects, smartphones, and intelligent devices will rely on technologies like:
• RFID (Radio Frequency Identification).
• QR codes.
• Wireless communication protocols.
Advantages of IoT Ecosystem
• Enhanced Efficiency:
• Forecast trends, improve supply chain management, and mitigate risks.
• Improved Security Protocols:
• IoT networks will need robust privacy protocols to ensure:
• Confidentiality.
• Authentication.
• Access control.
• Data integrity.
Main Goal:
• To create a superior world for humanity by integrating physical objects into an intelligent and interconnected ecosystem.
MCQs
1. Which type of attack involves listening without interfering physically?
A. Active Attack
B. Passive Attack
C. High-Level Attack
D. Extremely High-Level Attack
Answer: B. Passive Attack
2. What is the primary focus of PKI in IoT security?
A. Enhancing hardware performance.
B. Managing encryption keys and secure communication.
C. Reducing firmware updates.
D. Blocking unauthorized IP addresses.
Answer: B. Managing encryption keys and secure communication.
3. Which threat level involves network jamming and bulk messaging?
A. Low-Level Attack
B. Medium-Level Attack
C. High-Level Attack
D. Extremely High-Level Attack
Answer: D. Extremely High-Level Attack
4. Which technology encrypts data in Windows IoT?
A. Secure Boot
B. BitLocker
C. API Security
D. PKI
Answer: B. BitLocker
5. What is the main goal of IoT in the future?
A. To reduce hardware costs.
B. To connect people and devices seamlessly.
C. To promote individual networks.
D. To prevent all cyber-attacks.
Answer: B. To connect people and devices seamlessly.
​
5.13 Need for a Powerful Core to Build Secure Algorithms
Key Points:
• IoT data must be protected during storage (data at rest) and transmission (data in transit) using cryptographic algorithms.
• Strong encryption is essential for securing communication between devices.
• Key lifecycle management is crucial to ensure data security and privacy.
5.13.1 What is Cryptography?
• Cryptography is the science of securing information.
• It involves:
• Cryptology: Mathematics used in creating algorithms.
• Cryptanalysis: Analyzing ciphers to find weaknesses.
• Main processes:
1. Encryption: Converting plain text into unreadable ciphertext.
2. Decryption: Converting ciphertext back into readable plain text.
• Cryptography methods include:
• Microdots.
• Combining text with images.
• Encryption and decryption.
5.13.2 Cryptographic Algorithms
• Used for:
• Data encryption: To ensure confidentiality.
• Authentication: To verify the identity of users.
• Digital signatures: To ensure integrity and non-repudiation.
• Categories:
1. Symmetric Key Cryptography:
• Same key is used for encryption and decryption.
• Faster but less secure.
2. Asymmetric Key Cryptography:
• Uses a pair of keys (public and private).
• Public key encrypts; private key decrypts.
5.13.3 Securing Data with Cryptographic Algorithms
1. Encryption Algorithms:
• Provide data confidentiality.
• Example: AES, RSA.
2. Signature Algorithms:
• Authenticate the sender and ensure data integrity.
• Example: Digital signatures.
3. Hashing Algorithms:
• Create unique “digital fingerprints” for data.
• Example: MD5, SHA.
4. Cipher Types:
• Stream Ciphers: Encrypt data bit by bit; faster.
• Block Ciphers: Encrypt data in blocks; more secure.
5.14 Examples of New Trends
Artificial Intelligence (AI) and IoT Integration
• AI Capabilities:
• Machines learn, think, and make decisions like humans.
• Applications: Climate modeling, industrial automation, consumer behavior analysis.
• IoT Capabilities:
• Combines AI, sensors, and networking for automation and analytics.
• Example: A coffee machine reorders beans automatically when low.
5.15 Artificial Intelligence (AI)
Definition
• AI enables machines to perform tasks requiring human-like intelligence.
• Coined by John McCarthy in 1950.
5.15.1 Applications of AI
1. Gaming: AI designs strategic games like chess.
2. Natural Language Processing (NLP):
• Enables interaction with computers in human language.
• Examples: Email spam detection, virtual assistants.
3. Expert Systems: Solve complex problems using if-then logic.
4. Vision Systems: Analyze visual data for mapping or spatial analysis.
5. Speech Recognition:
• Understand and respond to spoken language.
• Examples: Siri, Alexa.
6. Handwriting Recognition:
• Converts written text into editable formats.
7. Robotics:
• Perform human-like tasks using sensors.
• Examples: Factory automation, disaster management.
5.15.2 Advantages of AI
1. Reduces Human Error:
• Precise and accurate when coded correctly.
2. Takes Risks:
• Performs dangerous tasks like bomb disposal.
3. Available 24x7:
• Operates continuously without fatigue.
4. Handles Repetitive Tasks:
• Automates routine jobs efficiently.
5. Faster Decisions:
• Processes information quickly and without emotion.
6. New Inventions:
• Assists in medical surgery and neurological disorder detection.
5.15.3 Disadvantages of AI
1. High Costs:
• Expensive hardware, software, and maintenance.
2. Laziness:
• Over-reliance on AI reduces human effort.
3. Unemployment:
• AI replacing repetitive jobs leads to job loss.
4. Lack of Emotions:
• Machines lack moral judgment and creativity.
5. Limited Thinking:
• Cannot think beyond programmed tasks.
Types of AI
1. Weak/Narrow AI:
• Performs specific tasks.
• Example: Siri, image recognition.
2. General AI:
• Hypothetical; capable of all human-like intellectual tasks.
3. Super AI:
• Hypothetical; surpasses human intelligence.
Future Trends
• Machine Learning:
• Enables systems to learn from experience.
• Natural Language Processing (NLP):
• Improves interaction with machines.
• Vision Systems:
• Enhanced visual analysis using AI.
• Robotics:
• Used in healthcare, agriculture, and policing.
• Autonomous Vehicles:
• Self-driving cars, buses, and drones.
​​
5.16 Machine Learning (ML)
What is Machine Learning?
• Machine Learning (ML) is a data analysis method that automates the building of analytical models.
• It enables systems to learn from data, identify patterns, and make decisions with minimal human intervention.
• The target is defined, and the machine learns the steps to achieve it through training.
5.16.1 Elements of Machine Learning
Machine Learning has three main approaches:
1. Supervised Learning:
• The process of teaching a machine using labeled data (examples).
• Example: A model trained to detect pictures of dogs will only recognize dog images. If shown a cat image, it won’t respond appropriately.
2. Unsupervised Learning:
• Works with unlabeled data, identifying patterns and relationships independently.
• Example: E-commerce recommendation systems where similar items often bought together are identified.
3. Reinforcement Learning:
• A process where an agent learns to perform tasks based on feedback (rewards or penalties).
• Example: Self-driving cars rewarded for staying on the road.
5.16.2 Advantages of Machine Learning
1. Easily Identifies Trends and Patterns:
• Can process vast amounts of data to discover trends not easily noticed by humans.
• Example: Amazon understanding user behavior to recommend relevant products.
2. Automation:
• Once trained, ML systems make decisions independently without human intervention.
• Example: Antivirus software learning to detect new threats automatically.
3. Continuous Improvement:
• ML algorithms improve their accuracy and efficiency as they gain experience.
• Example: Weather prediction systems becoming more precise over time.
4. Handles Multi-Dimensional Data:
• Effective at analyzing data with multiple dimensions and complexities.
5. Wide Applications:
• Used in various fields such as e-commerce, healthcare, banking, and retail to improve efficiency and drive growth.
5.16.3 Disadvantages of Machine Learning
1. Data Requirements:
• Requires large volumes of high-quality, unbiased data for effective training.
• Poor or incomplete data can lead to inaccurate results.
2. Time and Resources:
• Training and developing ML models is time-consuming and resource-intensive.
3. Interpretation Challenges:
• Results generated by algorithms can be difficult to interpret.
• Choosing the right algorithm for a task is critical.
4. Error Susceptibility:
• Mistakes during training or poor-quality data can lead to significant errors.
• Identifying and rectifying these errors can be time-consuming.
Machine Learning vs. Artificial Intelligence (AI)
Artificial Intelligence (AI) Machine Learning (ML)
-AI creates intelligent systems that can. -ML is a subset of AI that focuses on
simulate human thinking and behavior. learning from data.
-Broad scope, including reasoning, -Narrower scope, designed for
planning, and problem-solving. specific tasks.
-Aims to create systems that can -Trains machines to perform tasks
perform complex tasks. based on data.
-Examples: Chatbots, humanoid robots, -Examples: Spam detection,
chess-playing programs. recommendation systems.
5.16.4 Robotic Process Automation (RPA)
• Definition:
• RPA uses AI and ML to automate high-volume, repetitive tasks that require human effort.
• Examples:
• Customer service: Verifying e-signatures and processing documents.
• Accounting: Handling operational accounting and budgeting.
• Healthcare: Managing patient records.
• Banking: Automating credit card applications and loan processing.
5.17 AI Penetration into IoT
1. AI and IoT Integration:
• IoT devices collect large amounts of data.
• AI processes this data to generate actionable insights and improve decision-making.
• AI enhances IoT devices’ intelligence through automation, analysis, and data integration.
2. Applications of AI and IoT:
• Collaborative Robots (Cobots):
• Robots designed to work alongside humans in shared environments.
• Examples: Robots assisting in surgeries or helping patients with mental health issues.
• Drones:
• Pilotless aircraft used in hazardous areas like offshore operations, mines, and war zones.
• Smart Cities:
• Sensors in city infrastructure monitor energy efficiency, air pollution, traffic, etc.
• Smart Retailing:
• AI analyzes customer behavior and provides real-time offers in stores.
• Automated Vacuum Cleaners:
• Robotic devices like iRobot Roomba use AI and IoT to clean efficiently.
​