IoT architecture for Pentesters – Part II

network 782707 640
IoT pentesting

In this Blog, we will discuss How the IoT works


There are four major layers.


Figure 1: IoT architecture layers

Sensor, Connectivity and Network Layer


Fig 2: Sensor, Connectivity and Network Layer

  • This layer consists of RFID tags, sensors which are an essential part of an IoT system and are responsible for collecting raw data. These form the essential “things” of an IoT system.
  • Sensors, RFID tags are wireless devices and form the Wireless Sensor Networks (WSN).
  • Sensors are active in nature which means that real-time information is to be collected and processed.
  • This layer also has the network connectivity (like WAN, PAN, etc.) which is responsible for communicating the raw data to the next layer which is the Gateway and Network Layer.
  • The devices which are comprised of WSN have finite storage capacity, restricted communication bandwidth and have small processing speed.
  • We have different sensors for different applications – temperature sensor for collecting temperature data, water quality for examining water quality, moisture sensor for measuring the moisture content of the atmosphere or soil, etc.

As per the figure below, at the bottom of this layer, we have the tags which are the RFID tags or barcode reader, above which we have the sensors/actuators and then the communication networks.

Gateway and Network Layer

From the figure below, at the bottom, we have the gateway which is comprised of the embedded OS, Signal Processors, and Modulators, Micro-Controllers, etc. Above the gateway we have the Gateway Networks which are LAN, WAN etc.


Fig 3 : Gateway and Network Layer

  • Gateways are responsible for routing the data coming from the Sensor, Connectivity and Network layer and pass it to the next layer which is the Management Service Layer.
  • This layer requires having a large storage capacity for storing the enormous amount of data collected by the sensors, RFID tags, etc. Also, this layer needs to have a consistently trusted performance in terms of public, private and hybrid networks.
  • Different IoT device works on different kinds of network protocols. All these protocols are required to be assimilated in a single layer. This layer is responsible for integrating various network protocols.

Management Service Layer

  • This layer is used for managing IoT services. The management Service layer is responsible for Securing Analysis of IoT devices, Analysis of Information (Stream Analytics, Data Analytics), Device Management.
  • Data management is required to extract the necessary information from the enormous amount of raw data collected by the sensor devices to yield a valuable result of all the data collected. This action is performed in this layer.
  • Also, a certain situation requires an immediate response to the situation. This layer helps in doing that by abstracting data, extracting information and managing the data flow.
  • This layer is also responsible for data mining, text mining, service analytics etc.

From the figure below, we can see that, management service layer has Operational Support Service (OSS) which includes Device Modeling, Device Configuration and Management and many more. Also, we have the Billing Support System (BSS) which supports billing and reporting.

Also, from the figure, we can see that there are IoT/M2M Application Services which includes Analytics Platform in which Statistical, in motion, predictive, in-memory analysis and data, text mining segmentations are used for overall intelligent analysis.

Data – which is the most important part includes governance, encryption, repo, quality management in order to maintain the quality of the data.

Security which includes Access Controls, Encryption, Identity Access Management, etc. and then we have the Business Rule Management (BRM)  includes rule definitions, modelling, simulation, execution and Business Process Management (BPM) similar function related to processing.


Fig 4: Management Service Layer

Application Layer

Application layer forms the topmost layer of IoT architecture which are responsible for effective utilization of the data collected. Various IoT applications include Home Automation, E-health, E-Government, etc.

From the figure below, we can see that there are two types of applications which are Horizontal Market which includes Fleet Management, Supply Chain, etc. and on the Sector-wise application of IoT, we have energy, healthcare, transportation, etc.


Fig 5: Application Layer

Smart Environment Application Domains


Figure 6: Smart Environment Application Domains

WLAN stands for Wireless Local Area Network which includes Wi-Fi, WAVE, IEEE 802.11 a/b/g/p/n/ac/ad, and so on WPAN stands for Wireless Personal Area Network which includes Bluetooth, ZigBee, 6LoWPAN, IEEE 802.15.4, UWB, and so on.


Figure 7: Smart Environment Application Domains: Service Domain and their Services classified. That’s all for this blog!!

Thanks for visiting us. Join certcube Labs for professional cybersecurity training & IT Security Services.  


Leave a Reply

Your email address will not be published.