IOT Communication Protocols

Today we are going to discuss on types  of communication protocols used in IOT devices and also its security aspects.

What is the internet of things..?

Internet of Things is nothing but the device which is connected with internet and sharing or receiving the data directly or indirectly called internet of things.

Internet of things Communication protocols..?

The term of internet of things (IoT) communication offered by Internet protocols (Internet Architecture Board (IAB) RFC 7452). Many of the devices often called as smart objects operated by humans as components in buildings or vehicles, or are spread out in the environment. Following the theme “Everything that can be connected will be connected”, engineers and researchers designing smart object networks need to decide how to achieve this in practice. Internet Architecture Board (IAB) RFC 7452

Communication types

  • Device-to-Device Communications
  • Device-to-Cloud Communications


Device-to-Device Communications:

The device-to-device communication model represents two or more devices that directly connect and communicate between one another, rather than through an intermediary application server. These devices communicate over many types of networks, including IP networks or the Internet. Often,however these devices use protocols like Bluetooth-Wave, or ZigBee to establish direct device-to-device communications.


D2D Communication Protocols 

Below Chart explains the details about the protocols :



NFC UWB ZigBee Z-Wave Bluetooth Wi-Fi Direct LTE
Transmission Distance 0.2m 10m 10m 30m 100m 200m 500m
Data rate 424 kb/s 480 Mb/s 250 kb/s 9.6/40 Kb/s 24 Mb/s 250 Mb/s 13.5 Mb/s
Modulation ASK PPM/OOK/


Discovery Radio-frequency identification Manual pairing ID broadcast or coordinator assistant ID broadcast or coordinator assistant Manual pairing ID broadcast and embed soft access point Service broadcast
Application Contactless payment systems location and tracking systems, auto radar Home Automation , smart grid & Remote control Home Automation , security Object exchange, peripherals connection Content sharing, group gaming Content sharing, local advertising

Attack Surfaces on Device to Device Communication:

  • credentials stealing from the firmware
  • Sensitive information disclosure
  • No proper updating mechanism of firmware , it may cause RCE attacks etc
  • DoS Attacks
  • Bufferoverflow attacks

Best Practices for securing Device to Device Communication:

  • Don’t use hardcoded passwords and/or IP addresses. Instead, enable and enforce the changing of default credentials
  • Evaluate hardware components, firmware, software, communications protocols and compatible conduits.
  • Try to Make the signed Firmware, software and hash your binaries.
  • Follow the OWASP Security Measurements for developing the Device
  • Implement the machine to machine authentication securely.
  • Get the feedback from the clients to improve the device security levels

Device-to-Cloud Communications:

In a device to cloud communication model, the IoT device connects directly to an Internet cloud service like an application service provider to exchange data and control message traffic. This approach frequently takes advantage of existing communications mechanisms like traditional wired Ethernet or Wi-Fi connections to establish a connection between the device and the IP network, which ultimately connects to the cloud service.


Device to Cloud protocols 

Below Chart explains the details about the protocols :

Message pattern Publish — Subscribe Publish — Subscribe Point — Point

Publish –Subscribe by extension

Request – Response
Security TLS, SASL SSL,

Best Practices




Attack Surfaces on Device to Cloud Communication:

  • SQL injection , Cross-site scripting , Cross-site Request Forgery possible attacks on cloud application interfaces
  • Username and password enumeration attacks
  • MITM attacks
  • Man in the Cloud (MiTC) attacks
  • Owasp top 10 cloud

 Best Practices for securing Device to Cloud Security:

  • Check all cloud interfaces are reviewed for security vulnerabilities (e.g. API interfaces and cloud-based web interfaces)
  • Make sure cloud-based web interface not having weak passwords
  • Ensure that any cloud-based web interface has an account lockout mechanism
  • Implement two-factor authentication for cloud-based web interfaces
  • Maintain transport encryption
  • Ensure that any cloud-based web interface has been tested for XSS, SQLi and CSRF vulnerabilities.




Veerababu Penugonda , is an information security enthusiast working has information security consultant @ ISECURION and interested on IoT security and network security

One thought on “IOT Communication Protocols

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.