IoT involves sharing of data among users and objects or among objects themselves. In this environment, certain security requirements should be implemented.
The Basic IoT framework is shown in Figure and the security at each layer is mandatory.
Device Layer Security:
The device layer includes objects, places, and things can be simple devices like a light bulb or complex devices like medical equipment.
IoT security should be considered during the design itself, and appropriate encryption should be made to maintain integrity and privacy. Devices should be designed to be tamperproof and the required software updates should be done constantly.
Gateway layer security:
Gateway layer security indicates the messaging between the Internet-enabled devices and other services. The gateway layer has to consider security when communicating over protocols and has to ensure confidentiality and integrity.
Service Layer Security:
The service layer security represents the IoT management activities like policies and rules, and automation of devices.
It has to focus on role-based access control and audit trail of changes done by devices or users. Data monitoring should be done to identify compromised devices during abnormal behavior.