(SEM VII) THEORY EXAMINATION 2023-24 IOT SECURITY

KOT071 – IOT SECURITY

B.Tech (SEM VII) – Theory Examination
Time: 3 Hours | Max Marks: 100

SECTION A

(Attempt all questions in brief – 2 × 10 = 20 marks)

a. Why is there need of IoT Security?

IoT security is needed to protect connected devices and data from cyber-attacks, unauthorized access, data theft, privacy breaches, and system manipulation, as IoT devices are widely distributed and often resource-constrained.

b. Define Fault Tree.

A fault tree is a graphical analytical model that represents the logical relationship between system failures and their causes, used to analyze security and reliability risks.

c. What is Digital Signature?

A digital signature is a cryptographic technique used to verify the authenticity, integrity, and non-repudiation of digital messages or documents.

d. Define Cipher text and Plain text.

Plain text: Original readable data or message.

Cipher text: Encrypted, unreadable form of the plain text.

e. Define Authorization and Authentication.

Authentication: Verifying the identity of a user or device.

Authorization: Granting permission to access specific resources after authentication.

f. Explain IAM.

Identity and Access Management (IAM) is a framework that manages digital identities, authentication, authorization, and access control for users and IoT devices.

g. Explain IoV.

Internet of Vehicles (IoV) is a network where vehicles communicate with other vehicles, infrastructure, pedestrians, and the cloud to enhance safety, traffic efficiency, and driving experience.

h. Two practical steps to enhance privacy in personal IoT applications

Use strong passwords and enable encryption

Regularly update firmware and software

i. Name two Cloud Services.

Infrastructure as a Service (IaaS)

Platform as a Service (PaaS)

j. State IoT security control needed for cloud.

Access control, data encryption, secure authentication, intrusion detection, and regular security monitoring are required for cloud-based IoT systems.

SECTION B

(Attempt any three – answers provided for ALL)

2(a). Explain several attacks that are specifically targeted at IoT.

IoT-specific attacks include device hijacking, botnet attacks (e.g., Mirai), firmware attacks, denial of service (DoS), data interception, spoofing, and physical tampering. These attacks exploit weak authentication, limited processing power, and insecure communication protocols.

2(b). Cryptographic controls integrated into IoT messaging and communication protocols

Cryptographic controls ensure secure communication by using encryption, authentication, and integrity mechanisms. Protocols like TLS, DTLS, AES, RSA, ECC, and hashing techniques are integrated into MQTT, CoAP, and HTTP to protect data confidentiality and prevent unauthorized access.

2(c). Explain all Access Management solutions for IoT.

Access management solutions include device authentication, role-based access control (RBAC), attribute-based access control (ABAC), certificate-based authentication, OAuth, and IAM systems. These ensure that only authorized devices and users can access IoT resources.

2(d). Privacy measures for WBSN and participatory sensing applications

Individuals can improve privacy by encrypting sensor data, disabling unnecessary data sharing, using anonymization techniques, controlling application permissions, and avoiding public Wi-Fi networks.

2(e). Interconnection between cloud and IoT architecture

IoT devices collect data and send it to the cloud for storage, processing, analytics, and decision-making. The cloud provides scalability, centralized management, AI integration, and security services, making it an essential component of IoT architecture.

SECTION C

3(a). Internet of Things (IoT): definition, components, and example

IoT is a network of physical objects embedded with sensors, software, and connectivity to exchange data over the internet.

Essential components:                       Sensors and actuators

Embedded processors                          Communication modules

Cloud platform                                      User interface

Example: Smart thermostat.

3(b). Why is security essential for IoT and methods to ensure it?

Security is essential to protect data, privacy, and system integrity. Methods include encryption, authentication, secure booting, firmware updates, intrusion detection, and access control.

4(a). Encryption techniques used for IoT security

Common encryption techniques include:      Symmetric encryption (AES)

Asymmetric encryption (RSA, ECC)                Lightweight cryptography

Hashing (SHA-256)                                      These techniques secure data during storage and transmission.

4(b). Explain Digital Signature, Hash, and IoT node authentication

Digital Signature: Ensures authenticity and integrity
Hash: Converts data into fixed-length value for integrity checking
IoT node authentication: Verifies device identity using keys, certificates, or tokens

5(a). Authorization in Publish-Subscribe schemes

Authorization in publish-subscribe systems ensures that only permitted publishers can send messages and only authorized subscribers can receive them, using access control policies.

5(b). Components of IoT IAM infrastructure

Components include identity registry, authentication service, authorization engine, policy management, credential storage, and monitoring systems.

6(a). Lightweight privacy protection in smart buildings

Lightweight schemes reduce computation while ensuring privacy using data minimization, encryption, anonymization, secure gateways, and access control to prevent vulnerabilities.

6(b). Social features for location privacy in IoV and ethical issues

Social features like trust-based sharing and anonymized communication improve privacy. Ethical concerns include consent, data misuse, surveillance, and transparency.

7(a). Security architecture for enterprise IoT in cloud

Enterprise IoT security architecture includes secure devices, encrypted communication, IAM, secure gateways, cloud security controls, monitoring, and compliance management.

7(b). On-device security and privacy of IoT cloud

On-device security includes secure boot, hardware root of trust, encryption, and access control. IoT cloud privacy ensures secure data storage, access control, and compliance with privacy regulations.