Understanding IoT Security Concepts and Terminology

Posted on Dec 10, 2025 in Information Consulting and Management

Lectures 1–3

IoT (Internet of Things) – interconnected physical devices exchanging data.

MMU (Malfunction Management Unit) – hardware failsafe.

Invariant – rule defining safe system states.

NTCIP – network protocol for traffic signal controllers.

DoS / DDoS – denial of service (resource flooding).

Replay Attack – reuse of old valid data packets.

Eavesdropping – intercepting communication.

Injection Attack – unauthorized commands/data inserted.

Tampering – altering transmitted or stored data.

CIA Triad – Confidentiality, Integrity, Availability.

STRIDE – Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation of Privilege.

FHSS (Frequency Hopping Spread Spectrum) – changing frequencies to avoid interference.

Wearable IoT Layers – Device → Hub → Cloud.

Adversary Model – defines attacker capabilities and scope.

IoT Communication & Platforms (Lectures 4–6)

  • Eavesdropping (Passive Attack) – listening without altering data.

  • Impersonation (Active Attack) – attacker pretends to be a legitimate user/device.

  • Jamming – blocking signals by flooding the wireless channel.

  • Compromised Device – legitimate node taken over by an attacker.

  • TAP (Trigger-Action Programming) – “If this, then that” logic for IoT automation.

  • IFTTT (If This Then That) – online TAP platform using OAuth.

  • OAuth 2.0 – authorization without password sharing.

    • Phases: Signup, User Authentication, Token Exchange, API Access.

  • Overprovisioning – granting too many permissions in OAuth.

  • Pub/Sub Model – publisher sends → broker → subscribers receive.

  • MQTT (Message Queuing Telemetry Transport) – lightweight publish/subscribe protocol.

    • QoS 0 – At most once (no ACK).

    • QoS 1 – At least once (ACK, duplicates possible).

    • QoS 2 – Exactly once (safe, slowest).

  • Broker – routes MQTT messages based on topic.

  • Client-Server Model – request/response architecture.

  • Publish-Subscribe (Pub/Sub) – decoupled message delivery via broker.

🏭 Industrial IoT & SCADA (Lectures 7–9)

  • SCADA (Supervisory Control and Data Acquisition) – remote control systems.

  • ICS (Industrial Control System) – automation and process control.

  • CPS (Cyber-Physical System) – computer plus physical interaction.

  • IIoT (Industrial IoT) – industrial version of IoT.

  • PLC (Programmable Logic Controller) – rugged microcontroller for automation.

  • DCS (Distributed Control System) – controls within a local facility.

  • Modbus / DNP3 – common SCADA communication protocols.

  • Freshness – ensuring data is current (not replayed).

  • Safety Priority – SCADA emphasizes uptime and human safety over confidentiality.

  • Stuxnet Worm – first cyberweapon targeting ICS/PLCs.

  • Zero-Day Exploit – unknown vulnerability used in an attack.

  • Attribution – linking attacks to responsible entities.

  • Olympic Pipeline Incident – SCADA failure causing an explosion.

🔐 Encryption & Hashing (Lectures 10–12)

  • Encryption – converting plaintext to ciphertext for confidentiality.

  • Decryption – reversing encryption using a key.

  • Symmetric Encryption – same key for encrypting/decrypting (AES).

  • Asymmetric Encryption – public/private key pair (RSA, ECC).

  • AES – Advanced Encryption Standard (block cipher).

  • RC4, SEAL – stream ciphers (encrypt bit-by-bit).

  • RSA – asymmetric encryption and signature algorithm.

  • Diffie-Hellman (DH) – key agreement (shared secret over insecure channel).

  • ECC (Elliptic Curve Cryptography) – modern asymmetric scheme (faster than RSA).

  • Confidentiality vs Integrity – confidentiality hides data; integrity ensures it’s untampered.

  • MAC (Message Authentication Code) – integrity and authenticity check.

  • HMAC – hash-based MAC (keyed hash using SHA).

  • AE (Authenticated Encryption) – provides both confidentiality and integrity.

    • GCM (Galois/Counter Mode)

    • CCM (Counter Mode + CBC-MAC)

  • SHA-2 Family – SHA-256, SHA-384, SHA-512 (secure hashes).

  • Broken Hashes – MD5, SHA-1, CRC.

  • Preimage Resistance – hard to find x for given H(x)=y.

  • Second Preimage – hard to find x′≠x with the same hash.

  • Collision Resistance – hard to find any two inputs with the same hash.

  • Encrypt/MAC Orders:

    • MAC→Encrypt (TLS).

    • Encrypt→MAC (IPSec).

    • Encrypt+MAC (SSH).

  • AEAD (Authenticated Encryption with Associated Data) – includes unencrypted metadata.

✍️ Digital Signatures & Key Management (Lecture 13)

  • Digital Signature – proves message origin and integrity.

  • Sign(SK, H(M)) / Verify(PK, sig, H(M))

  • Non-repudiation – sender can’t deny authorship.

  • TTP (Trusted Third Party) – issues session keys between nodes.

  • Session Key (Kab) – temporary symmetric key for communication.

  • Nonce (Na/Nb) – random number used once to ensure freshness.

  • RSA Key Exchange – exchange random challenges to derive Kab = h(na⊕nb).

  • Diffie-Hellman MITM – attacker inserts own public keys; must use certificates.

  • Certificate – digital identity bound to public key, signed by CA.

  • CA (Certificate Authority) – trusted organization signing public keys.

  • PKI (Public Key Infrastructure) – framework managing certificates and key trust.

  • Certificate Chain – trust path from root CA to entity.

  • CA Compromise – fake certificate issuance.

📲 Bluetooth & Secure Pairing (Lectures 14–16)

Legacy Pairing

  • PIN – user-entered number to start pairing.

  • Kinit (Initialization Key) – derived from PIN, BD_Addr, and Rand.

  • Kab (Link Key) – derived from exchanged randoms LK_Rand_a/b.

  • AU_Rand / SRES – used for authentication challenge.

  • Brute Force Risk – short PINs easily guessed.

  • Jamming Attack – force re-pair to capture traffic.

Secure Simple Pairing (SSP)

  • ECDH (Elliptic Curve Diffie-Hellman) – computes shared DHKey.

  • Four SSP Modes:

    1. Numeric Comparison – user confirms matching numbers; protects against MITM.

    2. Passkey Entry – enter displayed code on device; protects against MITM.

    3. Just Works – no user check; only eavesdrop protection.

    4. OOB (Out-of-Band) – uses NFC/Wired; best MITM protection.

  • SSP Phases:

    1. Public Key Exchange.

    2. Authentication (mode-specific).

    3. Verification.

    4. Link Key and Encryption.

  • DHKey – shared ECDH-derived value.

  • Commit Values (H(PKa, PKb, Na/Nb)) – used to confirm matching secrets.

  • MITM Protection – only if user/device verification step exists.

👂 Bluetooth Eavesdropping

  • BLE (Bluetooth Low Energy) – 40 channels (37 data, 3 advertising).

  • Access Address – connection identifier.

  • CRCInit – 24-bit seed for packet integrity check.

  • Hop Interval – time per channel (ms).

  • Hop Increment – channel step size.

  • Hop Cycle Formula: Cycle = 37 × 1.25 × HopInterval (ms).

  • Whitening – XOR-based randomization to reduce interference.

  • Frequency Hopping – avoids jamming and tracking.

  • Eavesdropping Requirements: must determine Access Address, CRCInit, Hop Interval, Hop Increment.

🧩 General Security & Attack Terms

  • MITM (Man-in-the-Middle) – attacker relays between two victims.

  • Replay Attack – resend old valid data.

  • Nonce (Number Used Once) – prevents replay.

  • Freshness Check – validates new session.

  • Integrity Check – verify message unchanged.

  • Confidentiality – prevents data leakage.

  • Authenticity – confirms sender identity.

  • Non-repudiation – prevents sender denial.

  • Brute Force – systematic key guessing.

  • Entropy – randomness strength in keys.