**3.1 Basic concept of IoT**

The domain of smart home environments is regarded and considered as a major factor and element for the future Internet. As a lot of homes are becoming smarter and smarter by using sensor and technology based on IoT, we can improve home security, energy efficiency, availability and comfortability. Consequently, to realize the future technology applicable to the smart home, we have to consider and treat with privacy into IoT environments. It can be identified and regarded as one of the major barriers and flaws. Because of the nature of the IoT environment, the appropriate security functions for secure and trustworthy smart home service would be applied extensively and considered importantly because the security threats will be increased and impact of security threats will be likely expanded. Jin-Hee Han et al. analyzed the requirement of security consideration for enhanced security and trustworthy mechanism in smart home system based on IoT environment [21]. As sensor nodes are widespread and utilized under ubiquitous environment, the security attacks on embedded device is increasing. The major factors include in the field of attacks such as crypto-analysis, physical, side channel, environmental, software and networks. Vijay Sivaraman et al. illustrated network-level security and privacy control for devices in smart home based on IoT. They proposed that software defined networking technology would be used to dynamically block and quarantine devices. It is based on their network activity [22]. The major security concerns for IoT system are summarized and included factors such as user identification, tamper resistant, secure S/W execution, secure content, secure data communications, identity management and secure storage. As a results of a risk and security analysis for a smart home automation system, it can be developed in collaboration with new schemes for leading industrial factors. They summarized the first steps and models of privacy and security for smart home applications. It is regarded as support and necessity for enforcing system security and user privacy, and it can help to realize the potential power in smart home environments. The typical architecture in IoT application can be divided and classify into three layers as following description [23]:


Many applications provide middleware technology, computing technology and network processing in each layer. The main devices in perception layer include RFID, Zigbee and all kinds of sensors. Basic architecture of IoT service is shown **Figure 2**.

They are highly vulnerable to attacks. Several common attacks are included node capture, fake node and malicious data, denial of service attack, timing attack, routing threats, reply attack, side channel attack and mass node authentication problem. Network layer security problems have critical problems such as traditional security problem, compatibility problem, cluster security problems and privacy disclosure. In application layer, its security issues are different and more complex because of different industry or environment. The following elements should be solved with data access control, identification, data protection and recovery, authentication, ability of dealing with mass-data and software vulnerabilities in application layer. The IoT system has a particular restriction, constraints and limitation in terms of computational power, small memory and power. It makes significantly different from existing distributed systems. It can be recognized in real world that the existence of tiny computing devices is very much vulnerable to different security attacks as mentioned above. Security in level and requirement is shown in **Figure 3**.

Sye Loong Keoh et al. gave an overview of the efforts and demands in the IEFT (Internet Engineering Task Force) to standardize security solutions for IoT ecosystem. They provided a detailed review with communication security solutions for IoT. Especially, they used to conjunct with standard security protocols to be applied in the CoAP (Constrained Application Protocol), and application protocol to adapt the constraints IoT devices [24]. Pranay P. Gaikwad et al. presented the architecture of IoT related to attacks model. Smart home network can be operated with household devices and home appliances. It could monitor and control remotely with different connection and control ways. When these kinds of household devices in smart homes are connected with wire or wireless Internet under standard protocols. The whole system is so called as smart home network and can be realized in loT environment or smart homes based on IoT devices. They presented the problems and challenges which is occurred in loT and smart home applications. Some solutions that they proposed overcome and solve some problems and challenges in real solution matters [25]. The security design can be adapted with these kinds of diverse deployment scenarios. The representative ideas have a concise set of cryptographic, single security policy framework, security mechanisms, and configuration parameters with policy-dependent. These kinds of requirement and consideration in terms of system perspectives should take into account for entire system. In spite of IoT devices are constrained with limited resources, it can be deployed with easy steps and still has a vulnerability problem. Therefore, the traditional and conventional security mechanism and algorithms cannot be straightforward realized in smart things and sensor nodes. The major and representative limitation and constraints are shown in **Table 1** [26].

**Figure 3.** *Level and requirement for security.*

*Analyses of Open Security Issues for Smart Home and Sensor Network Based on Internet… DOI: http://dx.doi.org/10.5772/intechopen.97851*


**Table 1.**

*Major security constraints of IoT devices.*

**Figure 4.** *Basic component of security architecture.*

We analyzed the key element of security architecture with relation to sensor protocol, security demands and ISO7 layer as shown in **Figure 4**. There are many application layer protocol such as CoAP (Constrained Application Protocol), XMPP (Extensible Message and Presence Protocol) and MQTT (Message Que. Telemetry Transport), AMOP (Advance Message Queuing Protocol) [27]. Hee-jeong Kim and Jeong Nyeo Kim proposed end-to-end message security protocol based on ultraweight cipher algorithm. This algorithm can increase security level and lower security overhead in resource limited communication [28].

## **3.2 Application of IoT services**

The representative issues and services are included a lot of mechanisms. The main topics consist of end-to-end security, fault tolerance, key management, energy efficient security, trust management, IoT big data and it's forensic and so on. We also presented requirements of IoT System including basic principles as well as challenges and barriers.

	- Use standard and its application protocols.
	- Detail protection and defense from malicious attacks.
	- Secure algorithm is embedded in the system and realized with lightweight Algorithm.
	- Secure hardware platform is required and exploited.
	- Complicated security design can be solved a cheap and mass production in silicon devices.
	- A lot of vulnerable devices are revealed and plethora in the real world.
	- Individual and collective risk can be monitored and assessed.
	- Shared and distributed framework can be formulized and analyzed by decision making technique.
	- Self-validating framework for monitoring and reasoning.
