Briskinfosec - Global Cybersecurity Service Providers

Stay Connected:

Layer Wise Analysis of Security in IOT | Briskinfosec

Layer Wise Analysis of Security in IOT


  • Introduction
  • Types Of Layers
  • Physical Layer Attacks
  • Removing Malicious Contents From The Node
  • Sybil Attacks
  • Software Attacks
  • Network Layer Attacks
  • Encryption Attacks
  • Conclusion
  • How Briskinfosec Can Help You?
  • Curious To Read Our Case Studies?
  • Last But Not The Least
  • You May Also Be Interested In


In this digital era, IoT devices plays a predominant role of helping humans to communicate with surrounding devices. This advancement in internet paved way for Industry 4.0 IoT and IIoT (Industrial Internet of Things) implementations. This obviously leads to security concerns in IoT.

Types Of Layers:

Based on the vulnerabilities in layers, we can categorize them into 4 types:

  • Physical attacks
  • Software attacks
  • Network attacks
  • Encryption attacks

But before knowing these, we need to know the number of layers available in IoT. From the below representation, we can get an idea about how the vulnerabilities are distinguished, based on layers.

Physical Layer Attacks:        

Physical layer attacks usually involve the radio layer and hardware. Here, the intruder should be in close contact with the device or needs to lay hands on the hardware. But to attack a Wireless Sensor Network (WSN) wherein the deployment of devices isn’t accessible, the intruder needs to test the network in both, the wireless and the hardware layer.

This leads to the below classes of attacks:

  • Malicious node injection
  • Sensor node behaviour

Malicious Node Injection:

Before beginning with attacks, we must have an idea about where the attack starts and ends. So, we can start from the Received signal strength, otherwise known as Received Signal Strength Intensity (RSSI).

The signal usually gets transmitted from the transmitter but when reaching the receiver, we may not know if it’s the actually transmitted signal from the transmitter. Hence, we can use LIKELIHOOD RATIO TEST (LRT) to discover the signal abnormalities and interferences. Likelihood Ratio Test is the statistical validity test for thresholding the incoming data.

Sensor Node Behaviour:        

As said above, the signal also varies due to the malfunction of the sensors. Here in the case of a sensor, we can distinguish into two following categories. They are

  • Broken sensor
  • Non-functioning sensor.

The Broken sensor does not disrupt the overall signal. Instead, it disrupts the power quality of the signal. Its main objective is to detect the sensor abnormalities and fix it.

The Non-functioning sensor refers to the jamming of sensor. In most simple words, the sensor fails to operate.

Removing Malicious Contents From The Node:

So before getting into the malicious content, we need to know about the CYBER-PHYSICAL SYSTEM. In cyber-physical system, when we make changes in the radio layer, it affects the system physically.

To prevent this, let us consider that there are 5 systems connected to a network in which 2 are servers, 3 are clients, and the entire system is affected with an intrusive device. To identify which nodes are infected, we need to remove the nodes one by one where the system causes a penalty. In-order to overcome this, we can use the concepts of RSSI and LRT.

Sybil Attacks:

Sybil attack is another type of attack that’s performed in the physical layer. These attacks are performed in peer-to-peer networks by the use of multiple distinct nodes. For example, consider there are 8 users connected to a network. To infiltrate into the network, the user needs to gain access to all the users. If unable to do so, then the attack can’t be performed. So, let us assume that the intruder cracked 7 users and can’t gain access to the remaining one. Hence, this uncracked user performs a selfish behaviour.

Based on the behaviour profile, we use Trust Matrix to calculate the trust values for a period of time. Trust matrix is a M*N matrix which holds the weight of the nodes and their trust value. It’s processed in LRT. Here, the nodes with Low trust value are discarded and the packets are re-routed to a trusted network. Hence, the network with highest traffic is identified as the sybil attacked network. Hence, we conclude that sybil attacks can be identified by the above behaviour model.

Software Attacks:

Software attacks are usually performed by the intruder by injecting malware content either through the website access or by adware.

But before performing the above tasks, the attacker needs to gain access to the private details of the user. It’s done through e-mail spoofing or by creating a false webpage that would yield the desired outcome. The second main content that’s used by the intruder to gather information is by adware and email attachments. The intruder monitors and randomly injects the malicious contents in various forms where the worm has the capacity of proliferating without human involvement.

How To Prevent It?

The above attacks can be prevented by:

  • Using proper and latest security defences
  • Being cognizant against adware’s
  • Preventing files download from an unauthorised webpage.

Network Layer Attacks:

These types of attacks occur in the network layers whenever the devices are connected to the network. This makes much easier for the intruder to access the device information, if we fail to provide proper authentication. Hence to understand this clearly, we can use the concept of RFID (Radio-Frequency Identification) card mostly in case of access.

In most of the cases, RFID intrusion is done by the following methods:


Rfid Spoofing:

It captures the transmitted information from the RFID tag using NFC (Near-Field Communication). Now, the intruder gains access to the unauthorized area which is restricted for the intruder/3rd party sources. Here, the major drawback is, it even accepts the wrong data.

Rfid Cloning:

This part is entirely different from the spoofing part. In this, the intruder needs an RFID card in hand so that he can reverse the hardware from that card and can clone a similar type to that. Once done, it could be used to add this as a user to the network in which the original card is connected. Finally, by using the cloned card, the intruder can gain the entire access.

Rfid Unauthourized Access:

This is the final stage of attack. This occurs only when the device connected to this is either authorized freely (without credentials) or weakly authorized (default passwords) by the user. If the intruder gains access to this device via network, adding and removing the users from the node can be done. This results in adversity for the employees. Also, many confidential data can be leaked over the network which would add fuel to the fame.

Encryption Attacks:

Encryption attacks occur whenever the attacker breaks the encryption keys. This usually occurs when the encryption standard isn’t properly followed. It can also occur due to cryptographic effects from the user end.

Side Channel Effects:

In this case, the attacker uses the information that is emitted by the encrypted device. The encryption may be a plaintext or a cipher text that contains information about the power, frequency and time taken to perform an operation. Attackers can use such information to decrypt the key.

Simple and differential power analysis:

In simple differential power analysis, the attacker notes the timings of the encrypted key for understanding purpose. For example, let’s say the time taken to encrypt an alphabet is 0.1 micro seconds, to encrypt a special character is 0.12 microseconds and to encrypt a number is 0.3 microseconds. The attacker examines and notes down all these timings taken to encrypt a key and also notes down the keystroke timings. Through this, the intruder figures out the decryption key and decrypts the encrypted password.

Cryptography Effects:

This type of attack is performed whenever the attacker can’t perform Monkey Style attacks i.e., random attacks done without intention. To begin with this type of attack, the attacker should have immense knowledge in mathematics as this process involves full of problems. At first, the attacker needs to monitor the listener activities. Then, the attacker needs to calculate the R=y mod n where

  • ‘n’ is public
  • ‘y’ can be obtained from the listener
  • ‘x’ must be the secret key.

The intruder first calculates various values for the y x mod n where ‘y’ and ‘n’ are the estimation time and ‘x’ remains the same. Then, intruder takes some time for doing speculative calculation. After finding, the intruder can perform the attack.


The user needs to maintain equal time for typing all the keystrokes. But, the saddest part is, it’s truly a difficult one.


There are certain things that you can’t take for granted. To be more upfront, you can never take them for granted. One such thing is cybersecurity. You sleep with the complacency of having absolutely secured data today, you’ll wake up as a hacking victim tomorrow. Further, securing your security environment consistently with the right practices is mandatory. Hence, a proper and complete security assessment on all these layers should be regularly done.

How Briskinfosec Can Help You?

Briskinfosec security professionals have a vast experience in providing best security assessments for securing the entire IoT surfaces. Apart from automated and manual scanning techniques, we use our indigenous tools that gives the best security available in the security market. We also help you to understand the possible attacks that you may encounter in all these security layers by providing live practical demonstrations. This obviously gives you a crystal-clear clarity on what is what. To know further, kindly reach us out anytime.

Curious To Read Our Case Studies?

Each and everything happens for a reason and we firmly believe in it. Similarly, there’s also a reason for us to have achieved our name in the “India Book of Records” as well, being listed as “One among the top 20 most promising cybersecurity providers.” It’s because of our successful security assessment strategies used to eliminate the vulnerabilities in all our client’s applications and devices. Check out our case studies to know the way it’s done.

Last But Not The Least:

  • There’s a hacking attempt for every half-a-minute.
  • About 4 million data records are being tampered/manipulated every day globally.
  • Most of the cyberattacks happen due to lack of human awareness.

Well, all these statistics to be acknowledged is truly shocking. The prime reason is, many people still believe that firewall, antivirus and other basic security mechanisms is more than sufficient to stay secured. But, they don’t realize that technological evolution parallelly leads to the evolution of hacking and cyberthreats. Also, many aren’t aware about what kind of cyberattacks have happened globally, what’re the losses they’ve caused to companies, how they’ve infiltrated into the organisation’s databases/servers and much more. Taking this into concern, Briskinfosec prepares Threatsploit Adversary reports on a monthly basis, to help people know about all these things at ease. Also, the best mitigation measures are suggested to stay secure. Instead, of wandering here and there in search engines and websites to know about them, just a single click on our report is enough. You’ll genuinely feel good with what’s in it!

You May Also Be Interested On:   



Balaji T N

Security Engineer

He is an active researcher in the area of automotive penetration testing.Apart from this he is actively working on different ways to hack a non-traditional connected devices.

Add Your Comments

Your Comments*