Towards a Secure and Scalable IoT Infrastructure: A Pilot Deployment for a Smart Water Monitoring System

: Recent growth in the Internet of Things (IoT) looks promising for realizing a smart environment of the future. However, concerns about the security of IoT devices are escalating as they are inherently constrained by limited resources, heterogeneity, and lack of standard security controls or protocols. Due to their inability to support state-of-the-art secure network protocols and defense mechanisms, standard security solutions are unsuitable for dynamic IoT environments that require large and smart IoT infrastructure deployments. At present, the IoT based smart environment deployments predominantly use cloud-centric approaches to enable continuous and on-demand data exchange that leads to further security and privacy risks. While standard security protocols, such as Virtual Private Networks (VPNs), have been explored for certain IoT environments recently, the implementation models reported have several variations and are not practically scalable for any dynamically scalable IoT deployment. This paper addresses current drawbacks in providing the required ﬂexibility, interoperability, scalability, and low-cost practical viability of a secure IoT infrastructure. We propose an adaptive end-to-end security model that supports the defense requirements for a scalable IoT infrastructure. With low-cost embedded controllers, such as the Raspberry Pi, allowing for the convergence of more sophisticated networking protocols to be embedded at the IoT monitoring interface, we propose a scalable IoT security model integrating both the IoT devices and the controller as one embedded device. Our approach is unique, with a focus on the integration of a security protocol at the embedded interface. In addition, we demonstrate a prototype implementation of our IoT security model for a smart water monitoring system. We believe that our modest ﬁrst step would instill future research interests in this direction.


Introduction
An unprecedented recent expansion in the digital environment is attributed to the advanced use of the internet leveraged by smart devices (e.g., sensors, actuators, smartphones, smart appliances, wearables) that have grown rapidly [1,2]. This paradigm shift, termed as the internet of Things (IoT), connects people (end-users) to everything, including systems, machines, and devices with more and more internet-based IoT applications becoming available in everyday life [3,4]. This seamless connectivity allows remote control of devices, as well as data acquisition from various physical sensor devices, to better understand data patterns for intelligent decision-making in both personal and business domains [5]. With exponential growth in IoT devices expected to reach more than 50 billion in 2020, intelligent applications are being developed and deployed for the future realization of findings and unique contribution of this research work as compared to the current trends in IoT technologies. Finally, we conclude in Section 8, along with future research directions.

Related Work and Research Contribution
Literature surveys conducted over the past decade on IoT have identified the need for end-to-end security [9,21,22,25,26]. With an internet connection, a MITM attack has the possibility to gain access and control the IoT networks that could result in hacking several IoT based smart environments [27,28]. IoT technology comes with an inherent trade-off between convenience and control that can affect the critical factors of security and privacy. Attackers tend to scan the internet looking for a specific IoT device vulnerability to steal any personal information that could be misused for eventually resulting in an adverse impact on a large-scale IoT infrastructure [29][30][31].
Recently, the most emerging communication technology for large-scale IoT infrastructure is Low-Power Wide Area Network (LPWAN), which is a wireless technology that can support large-scale coverage with low bandwidth, long battery life, and long communication distance at a low cost. Among the many competing LPWAN technologies that are predominantly proprietary, LoRa (Long Range), SigFox, and Narrowband-IoT (NB-IoT) are gaining wide acceptance despite having non-standard technical differences [32,33]. However, recent studies in the literature provide details of underlying security mechanisms of each of these LPWAN technologies along with their vulnerabilities and possible attacks.
NB-IoT consists of three layers, perceptron layer, transmission layer, and application layer with complicated network deployment and inherent characteristics of the high capacity battery, and high cost. They work on licensed cellular frequency band, inheriting authentication and encryption of existing cellular infrastructures by mobile operators and have security threats, such as access to high capacity NB-IoT terminals and open network environment [33]. While Sigfox is one of the most secure LPWAN technologies, Sigfox devices predominantly operate offline with a unique symmetrical authentication key given during manufacturing. They may not be well-suited for real-time applications, and the Sigfox application payload is not encrypted [34]. On the contrary, LoRa exhibits open-standards with a unique 128-bit encryption key shared between the end-device and network server, and another unique 128-bit key is shared end-to-end at the application level of a LoRaWAN. Hence, LoRaWAN is the most promising wireless radio access technology that supports long-range communication at low data rates, low power consumption, and end-to-end security using application and network keys. However, LoRa nodes have different levels of vulnerabilities, and compromise of LoRa end-devices by an attacker with physical access, as well as wormhole attacks, are possible using two types of devices that are sniffer and jammer [34,35]. A recently reported security risk analysis of LoRaWAN reveals vulnerabilities against end-device physical capture, rogue gateway, and replay attacks that pose important practical threats [36]. Hence, there is a call for future research directions requiring particular attention by developers and organizations to address relevant security threats while implementing LoRa networks. Overall, various survey-based studies highlighting the vulnerabilities in LPWAN communication technologies have identified an urgent need for secure and uninterrupted communication between an end-device and the gateway for secure and effective IoT networks for large-scale IoT deployments. While there is greater potential in the emergence of software-defined network (SDN) architecture for security in IoT, the protocols in SDN are still under development [37,38].

1.
Recent related works have studied the IoT security problem with the main focus of addressing the information leak of different IoT devices in smart environments, such as healthcare medical devices, home/office consumer devices, and educational toy devices [21,39,40]. Other categories of security studies have focused on anomaly detection by monitoring and fingerprinting IoT networks using machine learning techniques, and these solutions are resource-intensive and impractical for large-scale smart environments [41][42][43]. Further, research studies on secure smart environments are very much focused on specific application domains. One study in the literature proposed a security architecture for smart water management systems that relate to the real-world case scenario of this research work [44]. However, it ensures secure booting, secure communications, and secure firmware updates of IoT devices in that specific environment. In addition, it adopts cryptographic hash functions that are complex and resource extensive, making such solutions not practically viable for large-scale IoT deployments. Existing security models are complex for resource-constrained IoT and are not generic enough nor dynamically adaptable for a scalable IoT environment. These gaps in existing literature form the main motivation for this research, which is to propose a simple, interoperable, and adaptive security model for large-scale IoT infrastructure.

2.
The main goal of this research is to propose a lightweight security model using a simple architecture of VPN suitable for a large-scale IoT deployment. We believe this is an important step in the realm of IoT and Industry 4.0 towards realizing the smart cities of the future. While there are several methods to use VPN in IoT as a common engineering practice, performance and latency are inherent issues with VPN for large-scale deployments in real-world environments [5,24]. Another important aspect to consider in the practical world is its increasing cost and complexity associated with scalability. High administrative time and resources required to manage the network infrastructure could have an impact on the practical viability of a security model. A self-managed IoT infrastructure is warranted for successful adoption in large-scale IoT based smart environments. There is a need for an end-to-end practical solution with an easy-to-use remote device management system that is secure and compatible with the distributed and heterogeneous networks of IoT.

3.
IoT devices connected via leading cloud service providers, such as Amazon Web Services (AWS), could be considered as an essential security infrastructure to provide large-scale support for data storage, data processing, and data sharing. However, security challenges posed by each layer of the IoT architecture should be addressed by the cloud service providers to enforce security protocols and privacy standards [45]. The sensor data sent to the edge, fog, and then to the cloud require a network protocol with trusted measures, such as point-to-point encryption, and security certificates. Further, such systems require a paid account with a cloud service provider to have full access to the security certificates, encryption keys, and other resources for achieving cloud-based authorization and authentication mechanisms. A recently proposed model consisting of AWS cloud as master cloud, Raspberry Pi 4 as Edge Node, and Virtual Machines as IoT devices was implemented with an AWS paid account as a proof-of-concept [46]. However, the authors also suggest future studies to be performed on cryptographic security methods that are much more capable of operating on resource-constrained IoT devices (Light Weight Crypto). Further, a replay attack is a major threat towards the cloud infrastructure that raises privacy and security concerns for cloud service adoption for IoT networks [47]. Another recent work proposes a two-factor authentication for IoT security that could restrict unauthorized access to sensitive data communicated by sensors and nodes in an IoT network [48]. Our approach is more suitable for large-scale secure IoT deployments that require an IoT security model to support a simple, extremely low-cost, and self-managed IoT infrastructure.

4.
Overall, the main contributions are three-fold: (i) The proposed unique and simple end-to-end IoT security model low-cost leverages off-the-shelf technologies for implementing a large-scale IoT infrastructure, (ii) the practically viable solution has the advantages of an adaptive, interoperable and secure IoT deployment for any smart environment, and (iii) the implementation of our IoT security model within a smart water monitoring system demonstrates its application to any real-world case scenario. The novelty of the proposed solution is in the unique method of integrating the security protocol, such as VPN with the IoT devices, and the controller as one embedded device to establish secure connectivity without having to invest on high-cost proprietary solutions. Our solution also integrates various technologies to provide secure VPN client access to manage, monitor, and control IoT devices in a large-scale smart environment with a user-friendly mobile data analytics capability. This study could instill academic and practical interest in this dynamically challenging IoT security domain with provisions for future research in studying the solution implementation in various large-scale smart environments.

Research Design
In this work, a pragmatic research approach is adopted to explore the security requirements for connecting IoT devices to each other and the internet in addressing the research problem of a scalable IoT security model for any large IoT infrastructure of today. The research design is adopted with the aim to propose a simple, cost-effective end-to-end security model for deploying a scalable and secure smart IoT environment. This section presents the research design, including the epistemological foundation and the rationale in selecting the research methodology for developing a practical security model for a large IoT infrastructure.
In a pragmatic research approach, the focus is more on researching the problem and applying a workable research framework to develop knowledge in finding a solution to the problem [49]. With such a pragmatic lens of "what works", we utilize a qualitative research approach to understand and solve the research problem without touching on any aspect of quantitative research philosophy [50]. This research study aims at developing a security model for cost-effective deployment of a smart IoT environment to seamlessly connect, control, and managing several low-cost IoT devices via the internet. Hence, an interpretive epistemological approach of qualitative research methodology would be applied for achieving this objective as it is suitable for an exploration of the typical security requirements that are warranted within the IoT context of a real-world smart environment [51,52]. We adopt a case study methodology within our workable qualitative research design that aligns well with our research aim. The basic guidelines from the literature [53,54], as summarized below, are adopted to ensure the quality of our research framework: Research philosophical consideration-we consider an interpretive epistemology as the choice of the research philosophical paradigm [55][56][57]. We identify the IoT security viewpoints based on literature by identifying the inherent vulnerabilities in each of the four basic layers of the IoT architecture (presented in Section 4). These viewpoints serve as theoretical and practical knowledge forming the basis for proposing an effective solution for the research problem.
inquiry technique consideration-we adopt an inquiry technique that is qualitative in nature employing descriptive data that is interpretive in nature [58]. We propose a practically viable end-to-end lightweight security model through developing network security reference architectures, which is typically design-oriented research that aims at solving the IoT security problem (presented in Section 5). Similar to other IoT related qualitative studies reported in the literature [59,60], we describe the proposed IoT security model with an interpretive approach and establish the credibility, conformability, transferability, and dependability of the solution through practical solution deployment. (c) research logic consideration-we adopt an abduction logic to infer the application of the proposed secure IoT infrastructure within a single case setting using well-established guidelines [61]. For illustrating a practical use of the proposed secure IoT infrastructure, we include a working prototype in a real-world smart environment. Data analytics and visualization of the data collected via a secure and smart water monitoring system is demonstrated for the research logic consideration in the case scenario (presented in Section 6).

5.
Overall, the research contribution is the development of an adaptive end-to-end security model for large-scale IoT infrastructure with essential features of simplicity and scalability. Further, in this study, the pilot deployment of our IoT security model in a real-world case scenario of a smart water monitoring system serves as a starting point for "model testing" within our deductive research journey. In future research, the IoT security model will be applied to other smart environments as part of an inductive research study. Such an approach of our research design would facilitate to iteratively finetune and evolve with a generalized end-to-end security model that would become applicable for any large-scale IoT deployment.

Security Requirements of IoT Architecture
A typical IoT ecosystem consists of sensors, actuators, a processing unit with firmware that operates with constrained resources, and wireless communication infrastructure to receive the sensed data and send them to any location via the IoT gateway and the internet [60,62]. IoT devices are embedded into larger real-world applications that are emerging towards establishing a smart environment with a paramount emphasis on precision and intelligence [63,64]. Innovative IoT applications are being witnessed in healthcare systems, weather forecasting, agriculture monitoring, traffic management, and in many more domains for realizing smart homes and smart cities of the future [21,39,65]. However, in such a heterogeneous operating environment, the IoT network with constrained resources is faced with significant security and privacy challenges. IoT devices with highly primitive security features are susceptible to attacks as they become entry points to infiltrate into critical infrastructures via the connected networks [38,41]. There is an escalation of new IoT threats and security risks, due to the inherent vulnerabilities in each of the four basic layers of the IoT architecture: In this section, we identify the potential risks and the key security requirements in each IoT layer from reported studies to form the key security requirements for our research problem [29,42,66,67]. We summaries our findings of IoT vulnerabilities and security risks in each layer of IoT architecture below.

(a) Device or Perception Layer
The Device or Perception Layer works with two of the IoT components [68,69]: (i) sensors that sense data pertaining to human and environment parameters, such as temperature, humidity, motion, location, etc.; (ii) actuators that control the physical device, such as air conditioner, vehicle transport, irrigation pump, pacemaker, etc.
This layer not only assists in identifying various device sensors and actuators, but also monitors them and takes necessary action for further data processing and data routing to the Network Layer. The low-cost and low-speed wireless personal area network (WPAN) protocol of this layer requires communication via IoT gateway to transmit enormous amounts of sensed data to the cloud storage. Attacks are possible to jam the communication between the device and IoT gateway (jamming attacks) by exploiting the frequency used in WPAN. An adversary having access to the device could tamper the device, including the firmware, by injecting malicious code. Such code injection attacks could physically damage a specific device or even compromise the entire IoT communication network [41,70]. There is a need for core security functionality, such as: (i) Authentication-verifies the provenance of IoT devices, (ii) Authorization-allows only valid users to access the device and services, (iii) Integrity-ensures unauthorized users do not modify the device firmware or data, and (iv) Confidentiality-enforces privacy in locating the IoT device and the data transmitted via the network. The Network or Transmission Layer manages the device communication in the IoT infrastructure using the nodes, gateways, and the firmware [71]. Device data could be transferred using wired or wireless transmission technologies, such as 6LowPan, Bluetooth, or Zigbee [72]. Due to the limited processing and power energy resources of IoT devices and Wireless Sensor Nodes (WSN), an adversary gaining access to the nodes/gateways could launch MITM attacks, spoofing, and distributed denial of service (DDoS) attacks [73][74][75]. User and device credentials could be stolen resulting in physically compromised nodes/gateways while the device is in sleep mode. This could further lead to code injection, where attackers could take control of the IoT network infrastructure and even the entire network domain. Practical security solutions are required to cater to the heterogeneity of IoT network infrastructure and to support lightweight features using edge-intelligence and decentralized management.

(c) Middleware or Service Layer
The layer that bridges between the Network Layer and the Application Layer is the Middleware or Service Layer. This layer is responsible for processing the data for each vendor-specific service of various IoT devices. It deals with the pre-processing of IoT data for different third-party applications. It makes use of machine learning and intelligent data mining, for facilitating automatic actions with real-time response requirements in critical environments, such as traffic or health care systems [62,63]. Hence, further data processing required in the Application Layer depends on the security and trust of the Middleware Layer for enforcing the integrity of IoT data [23]. The level of security very much depends on third-party application platforms. With the IoT data predominantly stored in the cloud servers, the IoT infrastructure is posed with various malicious attacks and threats. Unauthorized access to open ports of services and other backdoors could be used by malicious attackers to affect the security of the IoT infrastructure. Hence, the IoT security requirements should include good identity management to support the integration of various services across different devices, users, and different platforms, including cloud servers [76]. In addition, the security architecture should support the scalability of the IoT infrastructure to interoperate with new middleware applications and services [77].

(d) Application or Business Layer
The topmost layer of the IoT architecture is the Application or Business Layer, which has the role in processing the transmitted data further using machine learning and other intelligent models to result in smart IoT device actions. Applications in this layer include third-party Apps, websites, portals, and other smart software solutions for various enterprises with different suitable business models. The User Datagram Protocol (UDP) is one of the core IoT protocols. Though web infrastructure is available for IoT devices, internet-specific protocols, such as TCP, come with overheads and are not suitable for most IoT applications [78]. Other lightweight protocols, such as CoAP and MQTT-SN, for sensor networks, are designed to use UDP [79]. IoT supports many more protocols than the web, which are yet to demonstrate reliability and standards. Hence, scripting attacks are possible through application-based control of IoT devices via mobile Apps. Much similar to web application layer vulnerabilities, phishing, and buffer overflow attacks are possible in the IoT infrastructure. In addition, side-channel attacks capitalize on constrained resources of IoT, such as shorter encryption keys and power consumption analysis of IoT devices.
Overall, a set of key security requirements for IoT communication through the various layers of IoT architecture are (i) interoperability for traversing through different domains that support varied security technologies; (ii) simple, lightweight end-to-end security; (iii) highly-flexible security model to cater to various changes in the IoT infrastructure, due to the dynamically joining and leaving of IoT devices, users, services and applications; and (iv) low-cost and practically viable solution for any large-scale IoT deployment.

Proposed Security Model for a Scalable IoT Infrastructure
The security requirement based on the four layers of IoT architecture discussed above highlights that an IoT device needs to support the TCP/IP protocol stack, as well as some environmental support function (a switch, sensor, or actuator). The processing capabilities of resources constrained IoT devices to support such security protocols, including the well-accepted VPN or IPv6, have not been practically viable for a large IoT infrastructure deployment where low-cost is the dominating attribute. Technological developments with devices, such as Raspberry Pi, to support sensor and actuator management at the local level have shown promise in accommodating the required security protocols [80,81]. However, they were originally designed to be more expensive and were not readily viable with end-to-end security requirements for large-scale deployments. More recently, advanced versions of such devices (Raspberry Pi4) along with cloud services for supporting the essential security required in large-scale IoT infrastructure were explored [46,47]. However, privacy threats, security attacks, and risks of multi-tenant cloud platforms form gaps in the literature. In addition, the technological viability of currently available low-cost embedded controllers, such as the Raspberry Pi, form the key motivation for our novelty to propose the integration of a secure protocol at the embedded interface for a scalable IoT security model. The aim is to develop the convergence of more sophisticated networking protocols to be embedded at the IoT monitoring interface by integrating both the IoT devices and the controller as one embedded device that would minimize privacy and security risks.
We propose a security model to off-load the security functions, such as VPN and IPv6, the protocol to an internet-facing device, and cluster the IoT sensory environment behind a firewall using Network Address Translation (NAT) to access the IoT using IPv4. However, there are many VPN-based security solutions reported in the literature as each development model varies with the application environment and is not a simple and straightforward solution [10,11,24]. Recently, even in the IoT context, many different ways of implementing the VPN technology are reported [25,26]. Each research work has been developed with a different real-world context, and our aim is to propose a simple, low-cost, end-to-end IoT security model that can be easily applied to any context of a self-managed scalable IoT infrastructure, such as a smart water monitoring system.
In our proposed IoT security model, we consider OpenVPN as the VPN technology for the integration of the secure protocol at the embedded interface. Here, we describe in detail the development of our security model based on our ongoing research with VPN technology developments and how integrating both the IoT devices and the controller as one embedded device can be achieved. An OpenVPN client running on a Raspberry Pi 4 can be deployed to do the forward internet-facing using IPv6, and the IoT devices sitting behind the firewall can be port forwarded to appear on the internet using NAT and port forwarding. In this way, the IoT devices appear on the internet, but can only be accessible to other devices on the VPN server. An OpenVPN server can also be deployed on a Raspberry Pi, and these issues IPv4 addresses to the VPN clients, behind which numerous IoT devices may reside. The VPN server may reside behind a firewall on another network. However, its IP address is known to the VPN clients. A possible configuration that we have deployed is to have the VPN server behind a firewall, and it is port forwarded via network address translation such that it appears on the network. The internet forward-facing router IP address must be known to the VPN clients. This can be achieved using a static IP address on the network if the ISP allows this or if there is a dynamic IP address to which a label is applied, and this label is registered with a DNS service. The authors used a service from a dynamic DNS (DynDNS) to achieve this. The VPN clients then establish a VPN connection with the Label of the VPN Server. The VPN Server establishes the VPN connection and issues valid IP addresses to the VPN clients. Any devices on the same VPN network can now communicate with each other. Low cost, off the shelf routers which support OpenVPN in both Client and Server modes are readily available, and our deployment was done using ASUS RT-AC66U. This has a VPN configuration interface which can be configured as a Server or a Client. Devices, such as Raspberry Pi, can be attached via the RT-AC66 USB ports or through NAT on the wired LAN ports (4) or the Wi-Fi network.
To achieve an end-to-end security model, we consider a Session Initiation Protocol (SIP) based VoIP adapter at a remote location, and include the VoIP adapter into the "VPN Client-Side Device" on one end with "VPN Server-Side Device" on the other end. Adapting from the OpenVPN standard protocols [82], we establish two connections to the router: (i) To receive the "tunneled" data, and (ii) to send the unencrypted data back onto the local network from the VoIP adapter. Several different IoT devices could be connected on the Client-Side in this manner. In earlier work, the authors provisioned secure VoIP using UDP packet protocols (Patented) [83]. The UDP protocol affords some packet loss and does not provide acknowledgment of packets received. Whilst this is satisfactory for VoIP implementations, the UDP protocol is not well suited to IoT implementations where packet loss may lead to a loss of monitoring and/or control messaging. In this paper, we advance further by using the TCP/IP protocol for deploying a secure IoT infrastructure.
A common practice for enterprises of today is to make use of one of the two deployment models to reduce MITM attacks as given below: (i) On-premise networks isolating their systems to enforce utmost security; (ii) External VPN providers to create secure encrypted tunnels rather than public networks. However, both these deployment approaches exhibit disadvantages of performance, latency, and high complexity and cost with large scale IoT implementation and configuration in real-life. In order to incorporate the security features of a VPN with seamless configuration and deployment, we do not use an external provider for a VPN. Our implementation involves a VPN server behind a firewall, which is port forwarded to a NAT address behind the firewall. By running this as a dynamically assigned IPV6 internet address using DYNDNS servers, it allows the provision of a dynamically assigned IPv6 internet-facing address. This provides a robust security model for remotely configuring, controlling, and self-managing IoT devices over an encrypted end-to-end connection.
In 2008, an irrigation system was developed, which could be operated over the internet with end-to-end security [83]. This was prior to the IoT becoming mainstream. The system involved several ZigBee devices controlled from a central ZigBee master that was connected to a 3G router. Access to the remote system was established using a simple Windows XP remote desktop session via port 3389. However, many security exploits were developed for port 3389, and the system though robust and reliable, was vulnerable to unauthorized access. This system was further extended by Overmars in 2009 [84]. We develop the concept further by keeping in mind the security requirements essential in the recent IoT landscape towards the realization of smart homes and cities.
The vulnerabilities of IoT devices are because they are generally small microcontrollers that are not able to run the full TCP/IP protocol stack. Moreover, since the current and future IoT infrastructure is likely to have billions of devices, the media access control (MAC) layer will be required to implement TCP/IP v6 addresses. This additional processor burden is generally well beyond the capacity of most 8-bit or 16-bit processors of IoT devices. The architecture outlined in [85] proposed that the security and the TCP/IP protocol stack should be off-loaded to a mobile router with a 3G data interface and that all the peripheral devices, now known as IoT devices, are required to be network address translation (NAT) via a TCP/IP v4 address range or via a Bluetooth connection. These network stacks could be optimized to provide the very minimum of interface processing. This would allow more central processing unit (CPU) capability for the device's environment monitoring and system control, and thereby reduce the overall system cost.
The deployment of our proposed model allows the OpenVPN clients to be either fixed or mobile, while the OpenVPN server is fixed in one location and can be provisioned with an uninterruptible power supply. OpenVPN clients can support 252 IoT hubs limited by the NAT protocol. Each of these hubs supports a single IoT device mapped on each of the I/O ports. According to RFC 793, the port range is 0-65,535. A registered port is one assigned by the internet corporation for assigned names and numbers (ICANN) to a certain use. Each registered port is in the range 1024-49,151. Therefore, about 48,000 IoT devices can be assigned to one IPv4 address. The available IPv4 subnet addresses are assigned to each of the OpenVPN clients (of which there can be up to 252). Further, each of these clients can support up to 48,000 IoT devices. The practical limitations are shown in Table 1. Our proposed model recognizes that the mobile phone platform is well suited in providing the necessary interface hardware (3G, 4G, 5G) adaptively for upstream internet data connection, whilst acting as a local gateway providing NAT to the locally distributed IoT devices. These local devices could then be connected via Wi-Fi or Bluetooth or ZigBee. Further, mobile phones with the OctaCores are now operating with CPU speeds of more than 2GHz and can provide relatively inexpensive "gateways".
With the massive advancements in wireless technologies, mobile phones are now capable of offering secure client sessions to remote servers via VPN or IPSec tunnels, using the always open port 500 on all network routers and switches. Further, these secure upstream client sessions could be simply integrated into the phones' operating system or the customizable solutions that are available via their respective App stores. More recently, configuring the phone to be a downstream hotspot providing Wi-Fi and Bluetooth is also becoming rudimentary and part of both Android and Apple operating systems. The upstream server infrastructure, which provides the IPSec and VPN services, are also off-the-shelf, and many Linux offerings are both secure and open-source. A patented work [86] also showed that open-source routers, such as OpenWRT, could easily be reconfigured as both VPN/IPSec servers or clients and offer a diverse number of IoT device configurations, via Wi-Fi TCP/IPv4 or USB with ZigBee or Bluetooth adaptors. These open-source routers are well suited to a multitude of tasks. Performing patching and updates in device drivers for many I/O devices is nowadays automatic. Further, we adapted the secure IoT model to remote farm locations with applications in solar power/water distribution, as well as to mobile vehicular environments.
In this research, we visualize our proposed a scalable IoT security model deployable on-farm infrastructure for a water tank monitoring system, as shown in Figure 1. The on-farm IoT Raspberry Pi device manages both the environment (the water tank) and creates the VPN tunnel to the VPN server with the integrated VPN client. The Raspberry Pi also has a Wi-Fi link that connects directly to the Access Point (AP). The AP then connects to the internet. The VPN tunnel created by the Raspberry Pi, bypasses the AP through port 500 (always open) and connects directly to the VPN server, which exists in a remote location.
infrastructure for a water tank monitoring system, as shown in Figure 1. The on-farm IoT Raspberry Pi device manages both the environment (the water tank) and creates the VPN tunnel to the VPN server with the integrated VPN client. The Raspberry Pi also has a Wi-Fi link that connects directly to the Access Point (AP). The AP then connects to the internet. The VPN tunnel created by the Raspberry Pi, bypasses the AP through port 500 (always open) and connects directly to the VPN server, which exists in a remote location. We walk-through how our proposed solution establishes end-to-end secure connectivity among all the entities, such as mobile App, VPN client, VPN server, AP, gateway, and IoT devices, using Raspberry Pi, as follows. Remote access to the Raspberry Pi is achieved securely through an App running on a mobile phone. This is achieved by the mobile device first establishing a secure connection to the VPN server using a VPN client on the mobile device. Once a VPN secure connection is established between the VPN server, and the VPN client on the mobile device, the VPN server issues an IP address to the mobile phone as if it was on the same subnet as the Raspberry Pi. The application on the mobile phone can now access the IoT with the end-to-end security established for monitoring and controlling the application running on the Raspberry Pi. Both the Raspberry Pi and the mobile device are now connected on the same subnet via the VPN server, and the VPN server is the gateway controller issuing NAT addresses to both the Raspberry Pi and the mobile device. The VPN server appears as 192.168.  We walk-through how our proposed solution establishes end-to-end secure connectivity among all the entities, such as mobile App, VPN client, VPN server, AP, gateway, and IoT devices, using Raspberry Pi, as follows. Remote access to the Raspberry Pi is achieved securely through an App running on a mobile phone. This is achieved by the mobile device first establishing a secure connection to the VPN server using a VPN client on the mobile device. Once a VPN secure connection is established between the VPN server, and the VPN client on the mobile device, the VPN server issues an IP address to the mobile phone as if it was on the same subnet as the Raspberry Pi. The application on the mobile phone can now access the IoT with the end-to-end security established for monitoring and controlling the application running on the Raspberry Pi. Both the Raspberry Pi and the mobile device are now connected on the same subnet via the VPN server, and the VPN server is the gateway controller issuing NAT addresses to both the Raspberry Pi and the mobile device. The VPN server appears as 192.168.1.1, and the Raspberry Pi and the mobile device appear as 192.168.1.2 and 192.168.1.3, respectively.
In summary, our proposed model is a low-cost end-to-end secure deployment for any large IoT infrastructure. The main contribution is our unique deployment approach to consider scalability and easy-to-use implementation as key factors for its practical viability. In our solution, ASUS routers are configured as VPN servers and clients to establish a VPN network. On the other hand, other state-of-the-art solutions are implemented through higher cost VPN servers, such as CISCO, devices. Further, the advantage of our cost-effective deployment model is that our implementation in the large-scale real-world applications can use low-cost devices, such as Raspberry Pi 4 devices, which allow for VPN servers and clients using OpenVPN running in a Linux Kernel. The integration of OpenVPN with the environmental controller allows for IoT devices to offer VPN client access, as well as to deploy their environmental control functionalities. The OpenVPN Server provides the downstream security by provisioning OpenVPN clients with an internal IP address, which then provides distributed IoT devices with a secure method of interconnection between each other over a virtually secure private network in accordance with the VPN standard. Each client can then communicate with each of the other clients on the network. Each client router supports several IoT devices as peripheral devices on each of the client's subnets. In this way, IoT devices pertaining to a client's subnet can be interrogated and/or manipulated in their respective control environments.
Next, we describe the implementation of our proposed IoT security model in real-world applications with a case scenario as an illustration.

IoT Security Model Deployment-A Case Scenario of Smart Water Monitoring System
In this section, we describe a case scenario as an illustration for deploying a secure IoT infrastructure using our proposed model to monitor and control remote water tanks in a smart "on-farm" environment. We consider a farm that harnesses rainwater in addition to regular town water supply for the case study. Since the level of water in each tank can change dynamically based on the amount of rainfall, monitoring the level of water for efficient use and distribution in the farm. Depleted tank levels occur when the utilization rate exceeds the resupply. Alternatives to town water or scheduled trucked in water could be better managed with rainfall measurement and prediction. Remote monitoring of these resources using the level measurement of each tank via a user-friendly mobile device, facilitates decisions for an optimal and economic rainwater /town water resource balance.
We developed a prototype water tank with a water level monitoring device using a simple conduction sensor, as shown in Figure 2. We applied our proposed IoT security model to the case scenario to implement smart water monitoring and management with end-to-end security. For our proof-of-concept pilot implementation, two tanks were monitored, a household greywater system (2000 L), and an on-farm tank in another location (45,000 L). These were fitted with ultrasonic sensors, valve solenoids, and pressurizing pumps. Figure 3 shows an illustration of the deployment of our end-to-end security model using OpenVPN with one of the water tanks. The levels of the individual tanks can then be checked remotely, and refilling can be automated based on parameters, such as time of day, low-level minimum values, or by remote manual intervention. An ultrasonic tank level sensor with a Sentryrobotic Wi-Fi transmitter is adopted for this case scenario based on the SMART water tank monitor system [87] and the pi-tank-watcher [88].      Table 1 provides a typical set of IP address configuration using our proposed end-to-end IoT security model accommodating up to 10 VPN servers and 250 water tanks per server, facilitating a scalable and larger deployment of a total of 2500 water tanks. This implementation is deployable on a per farm basis. It is not intended to be for a city-based water board, though it may be sufficient for a small municipality.   Table 1 provides a typical set of IP address configuration using our proposed end-to-end IoT security model accommodating up to 10 VPN servers and 250 water tanks per server, facilitating a scalable and larger deployment of a total of 2500 water tanks. This implementation is deployable on a per farm basis. It is not intended to be for a city-based water board, though it may be sufficient for a small municipality.

Implementation of Our Proposed IoT Security Model
Our proposed IoT security model ensures that the security measures are first enforced with OpenVPN optimization, and tuning before deploying the IoT enabled devices for the smart water monitoring system. We provide details on how the OpenVPN connecting the IoT enabled nodes establishing the end-to-end security protocols are implemented. Figure 4 demonstrates the authenticated OpenVPN connection established using a simple user-interface. The Open VPN server creates the OVPN script, a script file with extension .ovpn, which is shared securely with the OpenVPN clients. This is used by the clients to establish a secure connection to the server. Figure 5 provides an illustration of running the OVPN script for generating Rivest-Shamir-Adleman (RSA) keys, and Figure 6 shows the creation of a VPN certificate using SSL security protocol successfully. Once a secure connection is established, the server issues a Dynamic IP address using Network Address Translation (NAT) protocols. Once a NAT address has been issued to the client, the client is free to communicate with all other clients in the VPN network. Currently, there are two types of clients in the VPN network. One has the IoT devices associated with it in an integrated Raspberry Pi acting as a discrete element. The other device is the remote monitor, which is implemented on a mobile phone. Further, we adopt the authentication method for the nodes with the admin having read and write access, while other users are limited to read access only.
Address Translation (NAT) protocols. Once a NAT address has been issued to the client, the client is free to communicate with all other clients in the VPN network. Currently, there are two types of clients in the VPN network. One has the IoT devices associated with it in an integrated Raspberry Pi acting as a discrete element. The other device is the remote monitor, which is implemented on a mobile phone. Further, we adopt the authentication method for the nodes with the admin having read and write access, while other users are limited to read access only.   Address Translation (NAT) protocols. Once a NAT address has been issued to the client, the client is free to communicate with all other clients in the VPN network. Currently, there are two types of clients in the VPN network. One has the IoT devices associated with it in an integrated Raspberry Pi acting as a discrete element. The other device is the remote monitor, which is implemented on a mobile phone. Further, we adopt the authentication method for the nodes with the admin having read and write access, while other users are limited to read access only.   For our smart water monitoring system case scenario, the water level in each tank is measured periodically based on the water depth reading of the sensor, and its rate of outflow determines the valve opening rate. The pressure of the mains is likely to vary, and the rate of filling versus the rate of outflow determines the valve is opening duration. The controller makes the decision of how long the valve should be kept open based upon the rate of refilling. The tank sensing and filling are on one sub-system, and the decision control is separate. These sub-systems are on different networks. The decision control and monitoring are performed using a mobile app. A secure connection using our proposed security model is established among the IoT devices, such as the tank sensor, tank valve, and the controller. Figure 7 shows a prototype of Raspberry Pi and the water sensor connected with a breadboard for our pilot implementation and testing. For our smart water monitoring system case scenario, the water level in each tank is measured periodically based on the water depth reading of the sensor, and its rate of outflow determines the valve opening rate. The pressure of the mains is likely to vary, and the rate of filling versus the rate of outflow determines the valve is opening duration. The controller makes the decision of how long the valve should be kept open based upon the rate of refilling. The tank sensing and filling are on one sub-system, and the decision control is separate. These sub-systems are on different networks. The decision control and monitoring are performed using a mobile app. A secure connection using our proposed security model is established among the IoT devices, such as the tank sensor, tank valve, and the controller. Figure 7 shows a prototype of Raspberry Pi and the water sensor connected with a breadboard for our pilot implementation and testing. the valve should be kept open based upon the rate of refilling. The tank sensing and filling are on one sub-system, and the decision control is separate. These sub-systems are on different networks. The decision control and monitoring are performed using a mobile app. A secure connection using our proposed security model is established among the IoT devices, such as the tank sensor, tank valve, and the controller. Figure 7 shows a prototype of Raspberry Pi and the water sensor connected with a breadboard for our pilot implementation and testing. A process flow diagram for the operation of water sensors and valves is given in Figure 8. The "Calculate Percentage" node calculates the percentage of water level based on the data from the water sensor, and the result is transferred to the "Water Level" dashboard node to display the output on the mobile app dashboard for the monitor and control of water level remotely. An illustration of the output is shown in the dashboard is given in Figure 9. To perform an auto refill of water with "Valve l", a rule is set, such as "if the water level is less than 15% of tank capacity, turn ON the valve; if the water level is greater than 80%, turn OFF the valve". Valve 1 is then connected to a valve switch control "Water In" node that triggers the action accordingly with the status, "Statute" which is set to communicate "Water is refilling" if Valve 1 is ON, or "Water is ready to use" if Valve 1 is OFF. A process flow diagram for the operation of water sensors and valves is given in Figure 8. The "Calculate Percentage" node calculates the percentage of water level based on the data from the water sensor, and the result is transferred to the "Water Level" dashboard node to display the output on the mobile app dashboard for the monitor and control of water level remotely. An illustration of the output is shown in the dashboard is given in Figure 9. To perform an auto refill of water with "Valve l", a rule is set, such as "if the water level is less than 15% of tank capacity, turn ON the valve; if the water level is greater than 80%, turn OFF the valve". Valve 1 is then connected to a valve switch control "Water In" node that triggers the action accordingly with the status, "Statute" which is set to communicate "Water is refilling" if Valve 1 is ON, or "Water is ready to use" if Valve 1 is OFF.    Further, as shown in Figure 10, dashboards for Raspberry Pi mobile devices are designed to monitor resource overheads and utilization, such as memory and CPU load, including the CPU temperature. We considered the design of such a dashboard for future power consumption minimization and optimization as it is intended that these devices would eventually be running from solar power resources. To illustrate the monitoring of water level trends over a longer time interval, we provide from publicly available resources [87,88], the outputs of data analytics using software tools in Figure 11. Such graphical trends would provide data insights for making an informed decision for remotely operating the water tank sensors with a user-friendly mobile App. In addition, using a cross-reference against weather data, many predictive models could be employed to make decisions on the usage of water. For instance, when the water level drops, adjustments to water consumption could be programmed to water the farm appropriately. Similarly, data from weather forecasts and rain patterns could be correlated with the water tank data. For instance, the correlation Further, as shown in Figure 10, dashboards for Raspberry Pi mobile devices are designed to monitor resource overheads and utilization, such as memory and CPU load, including the CPU temperature. We considered the design of such a dashboard for future power consumption minimization and optimization as it is intended that these devices would eventually be running from solar power resources. To illustrate the monitoring of water level trends over a longer time interval, we provide from publicly available resources [87,88], the outputs of data analytics using software tools in Figure 11. Such graphical trends would provide data insights for making an informed decision for remotely operating the water tank sensors with a user-friendly mobile App. In addition, using a cross-reference against weather data, many predictive models could be employed to make decisions on the usage of water. For instance, when the water level drops, adjustments to water consumption could be programmed to water the farm appropriately. Similarly, data from weather forecasts and rain patterns could be correlated with the water tank data. For instance, the correlation between the water tank level and the weather condition could be determined. With such data analytics, more informed and intelligent decisions could be made for both water storage and water usage. Various trends on water inflow and outflow of rainwater and town water tanks could provide useful data insights to identify correlations among the control parameters. between the water tank level and the weather condition could be determined. With such data analytics, more informed and intelligent decisions could be made for both water storage and water usage. Various trends on water inflow and outflow of rainwater and town water tanks could provide useful data insights to identify correlations among the control parameters.  Our case scenario using a smart water monitoring system mainly illustrates the application of our proposed security model for a scalable IoT deployment as a case study. Any security breach resulting in MITM attacks in such a scenario can affect the integrity of the water readings of the tanks. The attacker could misuse the automated controls leading to disastrous outcomes for the farm. The focus of this paper is not towards addressing the limitations of the VPN protocol, but mainly on the proposal of a novel method to integrate a secure protocol at the embedded controllers, such as Raspberry Pi devices. For this case scenario, we have implemented our proposed IoT security model using VPN as an illustration. Our model is highly flexible and scalable than any security protocol  between the water tank level and the weather condition could be determined. With such data analytics, more informed and intelligent decisions could be made for both water storage and water usage. Various trends on water inflow and outflow of rainwater and town water tanks could provide useful data insights to identify correlations among the control parameters.  Our case scenario using a smart water monitoring system mainly illustrates the application of our proposed security model for a scalable IoT deployment as a case study. Any security breach resulting in MITM attacks in such a scenario can affect the integrity of the water readings of the tanks. The attacker could misuse the automated controls leading to disastrous outcomes for the farm. The focus of this paper is not towards addressing the limitations of the VPN protocol, but mainly on the proposal of a novel method to integrate a secure protocol at the embedded controllers, such as Raspberry Pi devices. For this case scenario, we have implemented our proposed IoT security model using VPN as an illustration. Our model is highly flexible and scalable than any security protocol Our case scenario using a smart water monitoring system mainly illustrates the application of our proposed security model for a scalable IoT deployment as a case study. Any security breach resulting in MITM attacks in such a scenario can affect the integrity of the water readings of the tanks. The attacker could misuse the automated controls leading to disastrous outcomes for the farm. The focus of this paper is not towards addressing the limitations of the VPN protocol, but mainly on the proposal of a novel method to integrate a secure protocol at the embedded controllers, such as Raspberry Pi devices. For this case scenario, we have implemented our proposed IoT security model using VPN as an illustration. Our model is highly flexible and scalable than any security protocol could be applied in the future. Thus, in this paper, we establish the value cocreation process using a smart water tank monitoring case scenario to illustrate the practical application of our proposed IoT security model. Further, our proposed practical and self-managed IoT security model paves the way for future empirical studies for large-scale secure IoT deployments in various other smart environments

Discussion and Current Trends
In the real-world, an industrial smart IoT deployment solution requires high levels of scalability to support a large number of heterogeneous entities within a dynamically changing IoT ecosystem. In addition, due to their information exchange among different multiple systems and technologies, current IoT technologies most often use mediators or translators via the cloud that are posing more security and privacy risks. A security breach in a smart IoT environment can result in damage to the information assets, people, and infrastructure-leading to huge financial loss [6,7,20].
Recently, LPWAN poses to be the fast-growing communication technology for IoT, as discussed in Section 2. There are several competing standards and vendors, such as LoRaWAN, NB-IoT, and Sigfox, which allow thousands or millions of sensors to be integrated into an application [26,88]. For instance, DASH7 is a low latency, bi-directional firmware standard that operates over multiple LPWAN radio technologies, including LoRa (Long Range), a proprietary, chirp spread spectrum (CSS) radio modulation technology. Ultra-Narrowband (UNB) is a modulation technology used for LPWAN by various companies, including Sigfox, for specific situations. These are some of the many competing proprietary standards and are not interoperable with all types of IoT devices that are being manufactured every day. Furthermore, recent surveys and research studies comparing such LPWAN technologies have reported various security infiltrations and vulnerabilities [34][35][36]. An IoT irrigation system was implemented on the 3G network more than a decade back, forming a patent [84]. The 3G IoT irrigation network implemented in the mid-2000s was not secure with the introduction of new malicious network attacks. Recent work considers NB-IoT to be the standard for large-scale IoT deployments [31]. However, as discussed in Section 2, there are security and privacy risks in adopting LPWAN, as well as cloud platforms, particularly for large-scale IoT deployments, such as the smart water monitoring system considered in this study [33,36,45,47]. Our emphasis is on the provision of a low-cost and secure IoT infrastructure that can be self-managed with the least cost, overheads, and complexity. This paper has demonstrated how a secure IoT network can be implemented using standard VPN protocols over TCP/IP with existing APNs to establish VPN tunnels to VPN servers. Through this method of having the VPN server to authenticate access over the standard infrastructure networks, we can even have an 3G/4G access via mobile phones to be enabled. Hence, recent research focus has shifted in catering to interoperability and scalability of low-cost security solutions for IoT deployments. Using a low-cost router (or Raspberry Pi) to run OpenVPN, we established secure communications among a cluster of IoT devices for a real-time water monitoring system. In this research, we have adopted a proof-of-concept approach, which is quite complementary to existing related studies [24,25,80,81]. Each existing research work has been developed with a different application context, and our paper is the first of its kind to propose a simple, low-cost end-to-end security model configured to the unique context of a scalable smart water monitoring system using IoT infrastructure. In our distinguishing solution, we have addressed the high overheads, and complex configurations of OpenVPN reported in these existing works.
In summary, many IoT network solutions exist-however, many of them are proprietary. It is not the intention of this paper to compare the merits of the many standards and proprietary IoT technologies, but rather to provide a demonstration of what can be done with open-source platforms. Our aim in the proposed solution was to cater to scalability, security, and interoperability for a large-scale IoT deployment. In our solution applied to a large-scale water monitoring system, we used TCP/IP access points available on-site and created VPN tunnels to a remote VPN Server via the on-board VPN Client. These are standards that are well known, and many open-source libraries exist that allow for easy, transparent, and non-proprietary implementations in any operating system, including Linux. Overall, this paper has proposed a unique solution specific to IoT and demonstrates how this is implemented as a convergence of IoT devices, VPN client/server security, and mobile phone apps to configure, monitor, and control an IoT environment in a secure manner. Little work is available that takes advantage of these three readily available technologies in proposing a practically novel approach to address the main security concerns in a large-scale IoT environment. We strongly believe that our proposed IoT security model and its unique implementation in a large IoT infrastructure, such as a smart water monitoring system, would be of practical and academic value for a secure IoT deployment in the present and future smart environments.

Conclusions and Future Work
Despite the rapid advancement of IoT technologies, security and privacy threats continue to hamper the benefits of IoT based smart environments ranging from domestic to industrial deployments. Current IoT technologies and device vendors lack insights into the requirement of scalability, interoperability, and end-to-end security of dynamically changing large IoT environments.
Firstly, this paper uncovered the vulnerabilities in the IoT architecture by identifying the security attacks possible in each of the four layers, namely, Device or Perception Layer, Network or Transmission Layer, Middleware or Service Layer, and Application or Business Layer. We identified the security requirements of IoT architecture by differentiating the unique characteristics of IoT networks as compared to internet networks. Secondly, with the aim of meeting the baseline IoT security requirements for smart environments of the future, we proposed a simple, adaptive, and scalable end-to-end security model for a large IoT infrastructure. Our model with low-cost advanced Raspberry Pi controllers provisioned for the convergence of more sophisticated networking protocols embedded at the IoT monitoring interface. We employed a unique configuration of VPN servers and clients with Raspberry Pi as the IoT gateway to establish a low-cost VPN to connect several IoT devices securely. Thirdly, a pilot implementation of the proposed security model for a large IoT infrastructure, was successfully demonstrated with a prototype as a case scenario. We illustrated the seamless integration of a secure IoT infrastructure connecting various sensors of a water tank system to remotely control and monitor the smart environment via user-friendly mobile Apps. We provided the implementation details with sample use case visual illustrations to gain IoT data insights based on water level readings, water usage, and other data analytics.
This paper provided the conceptual prototype design and implementation of our proposed model, and for future work, it would be beneficial to assess and validate the model effectiveness with security metrics and simulated malicious attacks from different access points of the IoT network. Future research would also involve studying large-scale secure IoT deployment in other real-world case scenarios.