Print Module
© 2017 University of Derby Online Learning
Unit 4 End User Participation in IOT
After studying this unit, you will have an understanding of:
Different approaches for the end users to participate in the growth of IoT.
User participation models like User-cantered Design, Open Source Development, End-user Programming,
Crowdsourcing, and Living Labs.
Innovations to users via toolkits.
Hardware-based toolkits and examples.
Software-based toolkits and examples.
The unit should take approximately 20 hours over one week to study.
There are a number of end-user programming tools available today but this idea is relatively new in the field of
Internet of Things. Some examples of this approach are d.tools and Pachube. In addition to these tools, there are
some other platforms for such applications that include Web2.0, Mash-ups, Twitter and Facebook. Hardware
concepts and solutions are another level of development support. Some examples of hardware support include
Arduino, barcodes, Violet, etc. Systems can be transformed and their effectiveness can be multiplied by
appropriate user programmability. The tools designed for end-user programming empower them and allows them
to participate in the domain of Internet of Things.
The scientists and manufacturers face big challenges while developing and designing new solutions, even if they
are for simple, everyday objects. (Kramer et al. 2000). In general, solutions are based on observations and
usability calculations when a new product is being designed. Once a product reaches the market, the situation
becomes completely different. Designers try to find uses for the tools and deploy the coolest features but they
forget that their primary focus should be in the interest of the end users. This results in confusion and
dissatisfaction of the product usability in the real world environment because of the different types of end users,
usage conditions and scenarios.
This situation can be overcome by the concept of personalisation. Even if the designer is working on the
personalisation task, he can still make the classic error of putting the needs of end users behind the technology.
(Kramer et al. 2000)
These observations led to a new idea that involves the end users into the development process.
User-centred Design
User Centred Design (UCD) is a term that describes a philosophy of design and a variety of methods. UCD places
the needs and wants of the end users in the centre of the stage of the design process. UCD is different from other
approaches because it does not force the users to change their working habits in order to comply. Instead, UCD
tries to optimise the solutions depending on the way the users want to use them. UCD involves the users in
different stages of the design process including:
Gathering functional requirements.
Usability testing.
Direct involvement in development process.
6CC551 The Internet of Things Units 4-6
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
1 of 33 01/08/2018, 15:28
Involving end users in the development process resulted in more safer, effective and efficient products.
Principles and Activities of UCD:
International organization of standardization (ISO) defines an international standard: human-centred design
process (ISO 13407 1999). This standard describes a development life-cycle for involving human-centred
activities.
There are four principles of UCD described in ISO 13407.
Users should be involved actively.
Function to system and to user should be appropriately allocated.
Multi-disciplinary design.
Iteration of design solutions.
ISO 13407 also describes four UCD activities.
Requirements gathering.
Requirements specifications.
Design.
Evaluation.
These activities go through the iteration process to satisfy the objectives.
UCD led to the acceptance of a participatory design (PD) that focused on the participation of end users in the
development process.
Participatory Design (PD):
Participatory applications have different perspectives and areas of concerns. PD is an approach in which people,
for which the systems are designed, play a significant role in designing and also in the decision-making process. It
can also be said that the users co-design the systems.
A lot of differences can arise between the designers and the users because the users cannot always understand
the language of the designers. For this purpose, the innovative tools and techniques were developed that became
the main focus of the PD projects. PD techniques include informal presentations, visualisations, prototypes,
toolkits, etc. These techniques enable the users to participate in the technology design.
Technology has become a part of our everyday lives. This poses a challenge to PD to accept the fact that the
technology cannot be developed in isolated systems any longer. Instead, the community base development has
become the new and emerging trend. This idea produced new techniques in the development processes like
open-source programming, end-user programming, crowdsourcing, living labs, etc.
Activity 4.1: User-centred Design
Read about User-centred Design from the following resource:
IoT User-centre Design – https://www.interaction-design.org/literature/topics/user-centered-design (UCD
2017) and identify benefits of user-centred design in mobile design. You would need to reflect on your findings
in the Discussion Board of Unit 4.
The scientists and manufacturers face big challenges while developing and designing new solutions, even if they
are for simple, everyday objects. (Kramer et al. 2000). In general, solutions are based on observations and
usability calculations when a new product is being designed. Once a product reaches the market, the situation
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
2 of 33 01/08/2018, 15:28
becomes completely different. Designers try to find uses for the tools and deploy the coolest features but they
forget that their primary focus should be in the interest of the end users. This results in confusion and
dissatisfaction of the product usability in the real world environment because of the different types of end users,
usage conditions and scenarios.
This situation can be overcome by the concept of personalisation. Even if the designer is working on the
personalisation task, he can still make the classic error of putting the needs of end users behind the technology.
(Kramer et al. 2000)
These observations led to a new idea that involves the end users into the development process.
User-centred Design
User Centred Design (UCD) is a term that describes a philosophy of design and a variety of methods. UCD places
the needs and wants of the end users in the centre of the stage of the design process. UCD is different from other
approaches because it does not force the users to change their working habits in order to comply. Instead, UCD
tries to optimise the solutions depending on the way the users want to use them. UCD involves the users in
different stages of the design process including:
Gathering functional requirements.
Usability testing.
Direct involvement in development process.
Involving end users in the development process resulted in more safer, effective and efficient products.
Principles and Activities of UCD:
International organization of standardization (ISO) defines an international standard: human-centred design
process (ISO 13407 1999). This standard describes a development life-cycle for involving human-centred
activities.
There are four principles of UCD described in ISO 13407.
Users should be involved actively.
Function to system and to user should be appropriately allocated.
Multi-disciplinary design.
Iteration of design solutions.
ISO 13407 also describes four UCD activities.
Requirements gathering.
Requirements specifications.
Design.
Evaluation.
These activities go through the iteration process to satisfy the objectives.
UCD led to the acceptance of a participatory design (PD) that focused on the participation of end users in the
development process.
Participatory Design (PD):
Participatory applications have different perspectives and areas of concerns. PD is an approach in which people,
for which the systems are designed, play a significant role in designing and also in the decision-making process. It
can also be said that the users co-design the systems.
A lot of differences can arise between the designers and the users because the users cannot always understand
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
3 of 33 01/08/2018, 15:28
the language of the designers. For this purpose, the innovative tools and techniques were developed that became
the main focus of the PD projects. PD techniques include informal presentations, visualisations, prototypes,
toolkits, etc. These techniques enable the users to participate in the technology design.
Technology has become a part of our everyday lives. This poses a challenge to PD to accept the fact that the
technology cannot be developed in isolated systems any longer. Instead, the community base development has
become the new and emerging trend. This idea produced new techniques in the development processes like
open-source programming, end-user programming, crowdsourcing, living labs, etc.
Activity 4.1: User-centred Design
Read about User-centred Design from the following resource:
IoT User-centre Design – https://www.interaction-design.org/literature/topics/user-centered-design (UCD
2017) and identify benefits of user-centred design in mobile design. You would need to reflect on your findings
in the Discussion Board of Unit 4.
Open Source Development
Open-source (OS) development method harnesses the power of distributed peer review and transparency of the
software process. OS promises better quality, high reliability, lower cost and more flexibility. The OS development
model is different from the traditional software development. The usual goal of OS development model is to create
a useful and interesting system for the ones who are working on it (Godfrey and Tu 2000).
Internet-based community of programmers, i.e. the users themselves have developed, distributed and supported
many successful OS software products. There is no direct compensation for the developers as they work as
unpaid volunteers and contribute towards the project as a hobby (Hars and Ou 2002). The most intriguing
development in the OS movement is seeing the major corporations like IBM and Oracle who are turning their
attention to OS. This behaviour can only be explained by one word ‘innovation’ (Dibona et al. 1999). The new
concept of ‘Open Innovation’ is using OS development method as the most natural network of innovations (Von
Hippel 2002).
Activity 4.2: Open-source Development
Read the article on open-source development on the following link:
Open-source development – https://blogs.s-osg.org/introduction-to-open-source-development-model/ (OSD
2016)
Compare and contrast the open-source and proprietary software development and post your findings on the
Discussion Board under this activity’s thread. If you are facing any difficulties, you can reflect on it in your
Personal Blog.
End user Programming
End-user programming is another type of community-based development. The word ‘programming’ can be defined
as the transformation of a logical plan of desired actions into a representation that can be understood by the
computers (Hoc and Nguyen-Xuan 1990). It is important to understand the difference between the professional
and the end-user programmers. The professional programmers develop software as part of their jobs. The endhttps://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
4 of 33 01/08/2018, 15:28
user programmers are not paid for writing programs and are also not formally trained in programming. There might
be difference in the priorities of professional and end-user programmers but they both face the same software
engineering challenges.
The most obvious and important benefit of this approach is that the users know their problem best. This makes the
software products simpler and more reliable. The company only supports the general features of the product
whereas the details are developed by the end-user programmers. Giving users the opportunity of adding their
programs gives them freedom and responsibility. Both the users and the product developers benefit by using these
techniques to shape the products according to the users’ requirements. You are encouraged to learn more about
the end-user programming from the following resource:
End-user programming – https://www.brcommunity.com/articles.php?id=b227 (EUP 2017)
Crowdsourcing
The term ‘crowdsourcing’ was used to describe a new web-based, distributed problem-solving and production
model. The term can be defined as:
Crowdsourcing is the act of taking a job traditionally performed by a designated agent (usually an
employee) and outsourcing it to an undefined, generally large group of people in the form of an open call.
(Crowdsourcing 2017)
It can be said that crowdsourcing is a process of the following major steps:
Posting a problem online by the company.
Solutions offered by a number of individuals.
Selection and warding of winning ideas.
Crowdsourcing is different from ordinary outsourcing because the task or the problem is outsourced to general
public rather than a single body. Crowdsourcing is different from the open-source development practice.
Companies make large profits from this crowd labour because the solved problems and the designed projects
become the company’s property. Crowdsourcing is a way that brings innovation in the companies by accessing
external knowledge. You are encouraged to learn more about crowdsourcing from the following resource:
Crowdsourcing – https://dailycrowdsource.com/training/crowdsourcing/what-is-crowdsourcing (Crowdsourcing
2017a)
Living Labs
The concept of living labs is based on the idea of smart homes. The term ‘Living Labs’ can be defined as:
A planned research infrastructure that is pivotal for user-system interaction research in the next decade.
(Markopoulos and Rauterberg 2000)
Living labs are described as the platform for collaborative research that serves the development and testing of
novel technologies. The concept of living labs has two different interpretations:
Contextualised co-creation: living labs that support the co-creation and context research with the users.
Testbed associations: living labs where test bed applications are accessed in contexts that are familiar to the
users.
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
5 of 33 01/08/2018, 15:28
According to Eriksson et al. (Eriksson et al. 2005), living labs are different from the other approaches that involves
the participation of users. In other approaches the users play a significant role in the development of the end
products whereas the living labs refer to the R&D (Research and Development) methodology. This methodology
focuses on individuals to create and validate innovations in collaborative multi-contextual real-world environments.
More details about the living labs from the following resource:
Living labs – http://www.openlivinglabs.eu/node/1429 (Livinglabs 2016)
Innovation to Users via Toolkits
Product development becomes difficult due to the heterogeneous consumer needs. Users hold an important and
‘sticky’ portion of information that is required for the development of products. The sticky information can be
described as the information that is costly to acquire, transfer, and use in a new location (Von Hippel 1994).
The expenditure required to transfer a certain amount of information (that can be used by the information seeker)
defines the degree of stickiness of the information. The cost and the stickiness are directly proportional to each
other. If this cost is high, the information stickiness is high as well and vice versa. Traditionally, the companies are
engaged in costly market research because they assume the homogeneity of needs within the market segment.
This leads to the creation of different products for each segment. Even though, a major portion of the variation in
consumer needs still remain unaddressed (Von Hippel and Katz 2002).
User toolkits were proposed to end the costly need-related information exchange between the users and the
manufacturers. This approach allowed the manufacturers to handle the large and small customers in the same
way. It also provides opportunity for entrepreneurs at the same time. User toolkits allow the consumers to design
the key features of the product by themselves. In this way, the users take an active part in the product
development. The outcome might be a product or an innovation (Von Hippel 2001).
According to Von Hippel an effective toolkit should enable 5 objectives:
Users should be able to carry out complete trial-and-error learning cycles.
A well-defined solution space encompassing the specific designs should be offered.
The toolkits must be user friendly so that the users do not require any additional training to use them
competently.
There should be libraries of the commonly used modules so that the users can focus their efforts on the
unique elements.
Users should be able to work on the manufacturer production equipment and the equipment must not require
any revisions by the manufacturer-based engineers.
Collaborative programming is a growing research field that is aiming to involve the end users to participate in the
development of the next generation of Internet of Things (IoT). Creating toolkits and frameworks that provide
reusable building blocks to the users for recurring sub-tasks is a challenge. (Kramer et al. 2000).
Everybody can participate in the Internet of Things using frameworks and toolkits. Software with end-user
programmability features should have at least:
An editor along with an interpreter or compiler.
Tools for error checking and debugging.
Tools for version management and documentation.
Today, there are many end-user development (EUD) tools but this concept is relatively new in the IoT domain. The
next two sections will present hardware and software-based toolkits currently available in the market for IoT.
Hardware based Systems
In the following, we would review the main I/O (Input/Output) and HW (hardware) based toolkit systems available
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
6 of 33 01/08/2018, 15:28
in the market for IoT development.
(click on the title or + symbol to learn more)
Wiring
Wiring is an open source programming environment and electronics I/O board for exploring the
electronic arts, tangible media, teaching and learning computer programming and prototyping with electronics.
It illustrates the concept of programming with electronics and the physical realm of hardware control which are
necessary to explore physical interaction design and tangible media aspects.
(Wiring 2017)
Wiring is based on Open-source development principles. It has a small I/O board that acts as a standalone
computer and has a number of connection capabilities. The board controls sensors and actuators. Information
from the surrounding environment is acquired by the sensors and the changes in the physical world (heating
devices, lights, motors, etc.) are created by actuators. Wiring can interact with devices like GPS, barcode readers,
Mac/PC, etc. Processing (see Processing.org) language and a number of libraries are used to program this
system. More details about Wiring can be found in the following resource:
What will you do with the W? – http://wiring.org.co/ (Wiring 2017b)
Arduino
Arduino is a tool for making computers that can sense and control more of the physical world than your
desktop computer. It’s an open-source physical computing platform based on a simple microcontroller board,
and a development environment for writing software for the board. It’s intended for artists, designers,
hobbyists, and anyone interested in creating interactive objects or environments.
(Arduino 2016)
Arduino is a platform with combined software and hardware. Information from the surrounding environment is
acquired by the sensors and the changes in the physical world (heating devices, lights, motors, etc.) are created
by actuators. The Arduino programming language and the Arduino Integrated Development Environment (IDE) are
used to program the microcontroller on the hardware board. The language is based on Processing
(Processing.org) and is written in Java. There are 2 working modes in Arduino; stand-alone mode and connected
to a computer via USB cable mode.
Figure 4.1: Arduino (Sparkfun 2003)
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
7 of 33 01/08/2018, 15:28
An interested reader can find more detail from the following resource: Arduino – https://www.arduino.cc/ (Arduino
2016)
LilyPad
The LilyPad Arduino is a system for experimenting with embedded computation that allows users to
build their own soft wearables by sewing fabric-mounted microcontroller, sensor and actuator modules
together with conductive thread. The kit was designed to engage kids (and adults) in computing and
electronics and teach them fundamental skills in these areas by allowing them to creatively experiment with
e-textiles in the same way that the Mindstorms kit allows people to experiment with robotics.
(Buechley et al. 2008)
The programming in LilyPad can be done by Arduino IDE software. Several libraries are available to control
sensor and actuator devices. LilyPad is clipped to a USB device for programming. The following modules are
required if a person wants to create wearable electronic fashion items; power supply, mainboard and a USB
connection to download the software into the LilyPad board from a computer. Interested readers are referred to the
following resource for more details.
LilyPad Design Kit – https://www.sparkfun.com/products/retired/12073 (Sparkfun 2017)
MAKE Controller Kit
The MAKE controller kit was designed for enthusiasts and hobbyists. It consists of two boards; a general controller
board that is plugged into an application board.
Controller Board: The controller board ensures the availability of almost all signals to the chip.
Application Board: It has an application specific hardware along with a circuit protection.
The MAKE controller kit can be connected via Ethernet or a USB connection to the personal computer (PC). It can
serve as an interface to the PC or else it can be programmed to run stand-alone programs.
Figure 4.2: Make Controller Kit (Codingcolor 2017)
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
8 of 33 01/08/2018, 15:28
More details about Make Controller Kit can be found at: MAKE Controller Kit – https://makezine.com/2006/05
/11/make-controller-kit/ (Torrone 2006)
Phidgets
Physical widgets, or phidgets, comprise devices and software that are almost direct analogs of graphical
user interface widgets. Like widgets, phidgets abstract and package input and output devices: they hide
implementation and construction details while exposing functionality through a well-defined API (Application
Programming Interface).
(Greenberg and Fitchett 2001)
Phidgets consists of a set of building blocks. These building blocks are used to interface the physical and the
virtual world via control from the PC and low cost USB sensing. Phidgets have USB-based hardware boards for
input and output actuators. The architecture and API of phidgets is designed in such a way that the programmers
can discover, observe and control all the phidgets that are connected to the same computer. Phidgets connects
with the computers via USB connection and the computer identifies them as USB devices.
Figure 4.3: Phidget (Trossenrobotics 2017)
You are encouraged to read the following link for more details about Phidgets. Phidgets –
https://www.phidgets.com/ (Phidgets 2017)
CubeX
I-CubeX propriety system is based on the MIDI communication protocol and offers modular components
covering a large field of applications. With more than 10 years of experience in real-time sensor data
gathering, I-CubeX is renowned for its ease of use, its variety of sensors and its robustness. It is widely used
as a tool for prototyping, experimentation, research and teaching.
(I-CubeX Online Store 2017)
I-CubeX played a significant role for artists interested in sensor technology to open up access to technology.
I-CubeX comprises sensors, actuators and interfaces configured by a PC.
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
9 of 33 01/08/2018, 15:28
Figure 4.4: I-CubeX (ResearchGate 2011)
To learn more about I-CubeX, you are encouraged to read the following link: Capture Motion, Control Media –
www.infusionsystems.com/ (InfusionSystems 2017)
Software Based Systems
In the following, we would review the main SW (Software) based toolkit systems available in the market for IoT
development.
d.tools
d.tools is a system containing a hardware and software and can be described as:
A design tool that embodies an iterative-design-centered approach to prototyping physical UIs.
(Hartmann et al. 2006)
d.tools supports design thinking instead of implementation thinking. Designers are able to place sensors, output
devices and physical controllers directly into the prototypes using d.tools. The d.tools environment is implemented
in Java and comprises a device designer, associated views and a state-chart designer.
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
10 of 33 01/08/2018, 15:28
Figure 4.5: d.tools (D-Tools 2011)
The following link provides more detail about d.tools: What is System Integrator 2017? – http://d-tools.com/ (dtools, 2017)
iStuff
iStuff is a toolkit for physical devices that extends the ideas of supporting wireless devices, a loose
coupling between input and application logic, and the ability to develop physical interactions that function
across an entire ubiquitous computing environment.
(Ballagas et al. 2003)
iStuff is lightweight and platform-independent because of its interactive workspace infrastructure. iStuff operates
on top of a TCP (Transmission Control Protocol) and Java based middleware. The middleware allows the
exchange of information between multiple machines and applications.
Figure 4.6: iStuff Components Architecture (ResearchGate 2011a)
To learn more about iStuff, refer to the links below:
iStuff: A physical user interface toolkit for ubiquitous computing environments – https://www.researchgate.net
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
11 of 33 01/08/2018, 15:28
/publication/221517615_iStuff_A_physical_user_interface_toolkit_for_ubiquitous_computing_environments
(Researchgate 2003)
Lego Mindstorms
Lego Mindstorms (LEGO.com MINDSTORMS) are robotics/construction toys that can be programmed. The old
version of Mindstorms Robotics Invention System Kit was made up of 2 sensors, 2 motors and 1 light sensor but
the latest version has 3 motors and 1 sensor (each for voice, light, distance and touch).
RCX (Robotic Command eXplorer) is the programmable brick of LEGO. RCX controls the actions of models by
transforming them into robots. RCX can be programmed by two different tools.
The first tool for programming the RCX is an interface in the development environment. The interface enables
programming as a process of combining the puzzle pieces to produce a complete program.
1.
The second tool for programming the RCX is a library that controls the RCX by generating Visual Basic
programs.
2.
Figure 4.7: Lego MINDSTORMS (KiowaCountySchools 2017)
To learn more about Lego Mindstorms, you are encouraged to read following link: Mindstorms –
https://www.lego.com/en-us/mindstorms (Lego 2017)
Pachube
‘Pachube is a web service that enables storing, sharing and discovering real-time sensor, energy and environment
data from objects, devices and buildings around the world. It represents a convenient, secure and scalable
platform that helps in building the Internet of Things’ (Xively 2017).
The concept of Pachube is based on the interaction between the physical and virtual environments. Pachube can
be used for enabling multiple connections. Any participating project can be linked to another project participating in
real time for exchanging data. Pacube can also enable data to be embedded in web pages. Pachube can also be
integrated with other tools like Arduino. Pachube can be programmed by using Extended Environments Markup
Language (EEML).
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
12 of 33 01/08/2018, 15:28
Figure 4.8: Pachube sensors all over the world (Maher 2011)
If you are interested to read more about Pachube, the following link provides useful insight: Pachube –
http://www.haque.co.uk/pachube.php (Haque 2011)
Unit Summary
The unit is based on the end-user participation in the development of Internet of Things. The developer companies
are involving users to play significant roles in the product development processes. Special toolkits are designed for
the users so that they can work on different projects voluntarily. The unit explains different user participation
concepts and the techniques that allows the users to do so. Creating prototyping tools and techniques is
considered as a right approach for achieving faster growth of the Internet of Things.
Different software and hardware end-user programming tools and platforms are discussed in the unit. Phidgets
and I-CubeX are considered as low-end solutions whereas Wiring, Arduino, LilyPad and MAKE Controller Kit are
the ones that offer more freedom to the users in the solution development processes. Software prototyping tools
should provide support to the hardware platforms. There are a number of software-based solutions available to the
end users like d.tools, iStuff, Lego Mindstorms, Pachube etc. All these tools have their own characteristics and
specialties and are discussed in the unit.
End of Unit Activities
Please post your answers on the Discussion Board.
Activity 4.3: Open Source Development (Compulsory)
Fill in the blanks:
1. Involving ________ in the development process resulted in more safer, effective and efficient products.
The new concept of _______________ is using OS development method as the most natural network of
innovations.
2.
3. Giving users the opportunity of adding their programs gives them _______ and ______________.
4. Crowdsourcing is different from the _______________________ practice.
5. The concept of living labs is based on the idea of __________.
Activity 4.4: Innovation to Users via Toolkits (Compulsory)
1. Refer to the above content to write down the full forms of:
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
13 of 33 01/08/2018, 15:28
UCD, PD, OS, EUD, IDE, API.
2. What should the objectives of an effective toolkit be?
Activity 4.5: Raspberry Pi (Compulsory)
1. Write down a short note on Raspberry Pi.
2. Differentiate between Arduino and Raspberry Pi.
Refer to the link below to answer the above questions:
What are the Differences between Arduino and Raspberry Pi – https://www.elprocus.com/difference-betweenarduino-and-raspberry-pi/ (Agarwal 2017)
Reference List
Agarwal (2017) What are the differences between Arduino and Raspberry Pi. [Online] Available at:
https://www.elprocus.com/difference-between-arduino-and-raspberry-pi/ (Accessed: 29 October 2017).
Arduino (2016). [Online] Available at: http://www.arduino.cc/ (Accessed: 30 October 2017).
Ballagas, R., Ringel, M., Stone, M., and Borchers, J. (2003) iStuff: a physical user interface toolkit for ubiquitous
computing environments. CHI: ACM Conference on Human Factors in Computing Systems, CHI Letters 5.
Buechley, L. and Eisenberg, M. (2008) The LilyPad Arduino: toward wearable engineering for everyone. IEEE
Pervasive Computing, 7, pp. 12–15.
Buechley L, Eisenberg M, Catchen J, Crockett A (2008). The LilyPad Arduino: using computational textiles to
investigate engagement, aesthetics, and diversity in computer science education. Proceedings of the SIGCHI
conference on Human factors in computing systems.
Codingcolor (2017) Make Controller. [Online] Available at: http://www.codingcolor.com/2008/06/26/makecontroller/ (Accessed: 30 October 2017).
Crowdsourcing (2017) [Online]. Available at: http://crowdsourcing.typepad.com/ (Accessed: 30 October 2017).
Crowdsourcing (2017a) [Online]. Available at: https://dailycrowdsource.com/training/crowdsourcing/what-iscrowdsourcing (Accessed: 30 November 2017).
D-Tools (2011) D-Tools SI 5 – Visio Elevation Diagram, YouTube. [Online] Available at: https://www.youtube.com
/watch?v=K-PZpVMAFKU (Accessed: 30 October 2017).
d-tools (2017) What is System Integrator 2017? [Online] Available at: http://d-tools.com/ (Accessed: 30 October
2017).
Dibona, C., Ockman, S., and Stone, M. (1999) Open Sources: voices from the open source revolution. O’Reilly,
Sebastopol, California.
Eriksson, M., Niitamo, V.P., and Kulkki, S. (2005) State-of-the-art in utilizing Living Labs approach to user-centric
ICT innovation – a European approach, Centre of Distance Spanning Technology at Lulea University of
Technology, Sweden, Nokia Oy, Centre for Knowledge and Innovation Research at Helsinki School of Economics,
Finland.
EUP (2017) End-user programming. [Online] Available at: https://www.brcommunity.com/articles.php?id=b227/
(Accessed: 24 November 2017).
Godfrey, M.W. and Tu, Q. (2000) Evolution in open source software: a case study. Proceedings of the International
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
14 of 33 01/08/2018, 15:28
Conference on Software Maintenance, ICSM 2000.
Greenberg, S. and Fitchett, C. (2001) Phidgets: incorporating physical devices into the interface. Proc. UIST 2001.
Haque (2011) Pachube. [Online] Available at: http://www.haque.co.uk/pachube.php (Accessed: 30 October 2017).
Hars, A. and Ou, S. (2002) Working for free? Motivations for participating in Open-Source projects. International
Journal of Electron Commerce, 6, pp. 25–39.
Hartmann, B., Klemmer, S.R., Bernstein, M., Abdulla, L., Burr, B., Robinson-Mosher, A., and Gee, J. (2006).
Reflective physical prototyping through integrated design, test, and analysis. Proc. UIST 2006.
Hoc, J.M. and Nguyen-Xuan, A. (1990) Language semantics, mental models and analogy. In: Hoc, J.M., Green,
T.R.G., Samurcay, R., and Gilmore, D.J. (eds) Psychology of programming psychology of programming. London:
Academic Press.
InfusionSystems (2017). Capture Motion, Control Media. [Online] Available at: http://infusionsystems.com/catalog/
(Accessed: 24 November 2017).
I-CubeX Online Store (2017) Resources: About I-CubeX. [Online] Available at: http://infusionsystems.com/catalog
/info_pages.php?pages_id=117. (Accessed :30 October 2017).
ISO (1999) ISO 13407: Human centered design processes for interactive systems. [Online] Available at:
http://www.iso.org/iso/catalogue_detail.htm?csnumber=21197. (Accessed: 29 October 2017).
KiowaCountySchools (2017) 7th Grade Robotics Work. [Online] Available at: https://www.usd422.org/vnews
/display.v/ART/591f411cf21d1 (Accessed: 30 October 2017).
Kramer, J., Noronha, S., and Vergo, J. (2000) A user-centered design approach to personalization. ACM
Computing Surveys, 43, pp. 44–48.
Lego (2017) Mindstorms. [Online] Available at: https://www.lego.com/en-us/mindstorms (Accessed: 30 October
2017).
Livinglabs (2016) Living Labs. [Online] Available at: http://www.openlivinglabs.eu/node/1429 (Accessed: 24
November 2017).
Maher (2011) Pachube crowdsourcing real-world data for fun and progress. [Online] Available at:
http://gfxspeak.com/2011/04/11/pachube-crowdsourcing-real-world-data-for-fun-and-progress/ (Accessed: 30
October 2017).
Markopoulos, P. and Rauterberg, G.W.M. (2000) LivingLab: A white paper, IPO Annual Progress Report 35.
OSD (2016) Open-Source development. [Online] Available at: https://blogs.s-osg.org/introduction-to-open-sourcedevelopment-model/ (Accessed: 24 November 2017).
Phidgets (2017) Phidgets. [Online] Available at: https://www.phidgets.com/ (Accessed: 30 October 2017).
Sparkfun (2003) What is an Arduino? [Online] Available at: https://learn.sparkfun.com/tutorials/what-is-an-arduino
(Accessed: 30 October 2017).
Sparkfun (2017) LilyPad Design Kit. [Online] Available at: https://www.sparkfun.com/products/retired/12073
(Accessed: 30 October 2017).
Torrone (2006) MAKE Controller Kit. [Online] Available at: https://makezine.com/2006/05/11/make-controller-kit/
(Accessed: 30 October 2017).
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
15 of 33 01/08/2018, 15:28
Trossenrobotics (2017) Phidget SBC3. [Online] Available at: http://www.trossenrobotics.com/phidget-sbc3.aspx
(Accessed: 30 October 2017).
Researchgate (2003) iStuff: A physical user interface toolkit for ubiquitous computing environments. [Online]
Available at: https://www.researchgate.net/publication
/221517615_iStuff_A_physical_user_interface_toolkit_for_ubiquitous_computing_environments (Accessed: 30
October 2017).
ResearchGate (2011) The Toolkit Approach for End-user Participation in the Internet of Things. [Online] Available
at: https://www.researchgate.net/figure/227244683_fig3_Fig-44-Left-The-I-CubeX-Wi-microSystem-including-a-WimicroDig-analog-to-digital (Accessed: 30 October 2017).
ResearchGate (2011a) The Toolkit Approach for End-user Participation in the Internet of Things. [Online].
Available at: https://www.researchgate.net/figure/227244683_fig5_Fig-46-The-iStuff-components-architecture-11
(Accessed: 30 October 2017).
UCD (2017) IoT User-centre Design. [Online] Available at: https://www.interaction-design.org/literature/topics/usercentered-design/ (Accessed: 24 November 2017).
Von Hippel, E. (1994) Sticky information and the locus of problem solving: implications for Innovation.
Management Science, 40, pp. 429–439.
Von Hippel E (2001). Perspective: User toolits for innovation. Product Innovation Management, 18, pp. 247–257.
Von Hippel E (2002). Open source projects as user innovation networks. MIT Sloan School of Management
Working Paper 4366-02.
Von Hippel, E. and Katz, R. (2002). Shifting innovation to users via toolkits. Management Science, 48, pp.
821–833.
Wiring (2017) Exhibition Archives. [Online]. Available at: http://wiring.org.co/exhibition/ (Accessed: 30 October
2017).
Wiring (2017a) What will YOU do with the W? [Online] Available at: http://wiring.org.co/ (Accessed: 30 October
2017).
Xively (2017) Xively IOT Platform. [Online] Available at: http://www.pachube.com/ (Accessed: 30 October 2017).
Unit 5 Security and Privacy in IoT
The objective of this unit is to shed some light on the security and privacy issues that are exposed to the IoT
paradigm.
After studying this unit, you will have an understanding of:
Security challenges encountered in IoT.
Security requirements in IoT.
IoT architecture in three domains (sensing, fog, and cloud).
Security attacks in the three domains.
Directions for future work with respect to security.
The Internet of Things (IoT) will turn every object in our surroundings into a smart object and make our lives more
convenient. These smart objects will then be able to sense the environment and communicate with other smart
objects to produce physical changes in the environment. As convenient and easy as it sounds, IoT also brings new
privacy issues and security risks associated with it. Ignoring these issues will cause serious effects on our lives.
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
16 of 33 01/08/2018, 15:28
If the security of the devices is overlooked, an attacker will be able to gain control of these devices. The cyberattacks in the IoT era will have the potential of causing great damages by having a direct impact on all the physical
devices used in our daily lives. In addition to the devices present in our surroundings, an attacker will also be able
to hack into the implantable or wearable devices that can put a person’s life in danger. Not only in homes, the IoT
devices installed in business enterprises can also be hacked and used by the attacker to spy on the enterprise.
There will be a large amount of personal information sensed by the wearable devices and smart house appliances.
Smart things will be recording daily activities of people at all times. To maintain users’ privacy is very crucial as the
attacker can get all that information by eavesdropping. All this information can be amplified by the advanced facial
and human activity recognition systems. This process of using advanced systems and amplifying the users’
information will reveal a surprising amount of information which can be used to harm the people if it falls into the
wrong hands. Therefore, people’s privacy has to be preserved and new solutions should be discovered to do that.
IoT Security Challenges
When designing the defensive mechanism against the cyber-security attacks, IoT has some unique characteristics
as summarised below (AnnaMGerber 2017) and (Dabbagh and Rayes 2016):
(click on each title or + symbol to learn more)
Multiple Technologies
Multiple technologies like cloud computing, radio frequency identification (RFID), wireless sensor network, and
virtualization, etc. are combined together in IoT. Every technology has its own vulnerabilities. The chain of all these
technologies must be secured because an IoT application is always judged on the basis of its weakest point.
Multiple Verticals
There will be a number of different IoT applications. IoT applications are also called verticals and they include
smart cities, smart gadgets, industrial, eHealth, etc. Each of these verticals have different security requirements
than others.
Scalability
By 2020, 26.3 billion devices will be connected to the internet (Burger 2016). When developing efficient defensive
mechanisms, this large number makes scalability a very important issue. The centralised defensive frameworks
that were proposed previously cannot work in the field of IoT. The solution required by IoT should have the
potential to scale millions of devices cost-effectively.
Big Data
Every smart object will be connected to numerous sensors and all of these sensors will be generating huge
streams of data. With a large number of smart objects, the data generated by them will also be enormous.
Therefore, it is very important that the solutions must be able to secure this huge amount of data.
Availability
Availability refers to a system that is operational all the time and is never failing. There is a standard of availability
for a product or system that is difficult to achieve and widely held. This standard is known as ‘five 9s’ which means
availability of 99.999 per cent of the time in a year. (Dabbagh and Rayes 2016). Security plays a significant role in
terms of availability because the network administrators prefer not to take any protection against the cyber-attacks.
Network administrators have the fear that the critical systems might be taken down if the threat response
technology functions are used. In addition to that, the network administrators do not want to take risk of an outage
because of a false positive. These facts leave the control system blind to the incoming threats. To prevent the
failure of an entire system because of a failed component, the companies add redundancy to their systems.
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
17 of 33 01/08/2018, 15:28
Resource Limitations
IoT devices have limited resources in terms of storage, memory, CPU, transmission range and battery. The limited
capabilities of these devices make Denial of Service (DoS) attacks easier where the devices are overwhelmed by
the attacker causing a service disruption. When developing new security protocols, new challenges are raised
because of the limited resources of the IoT devices.
Remote Locations
In a lot of different IoT applications, the devices like sensors are installed in locations that are unnamed and
difficult to reach. The attackers can reach these devices without being seen and interfere with them. Therefore,
physical security monitoring systems must be installed in these type of locations. These security systems must be
able to work in extreme environmental conditions. In addition to that, they must fit in small spaces. The expensive
visits of network technicians can also be minimised if the security systems work remotely for maintenance and to
install any updates.
Mobility
The smart objects in IoT are required to change their locations physically by different sorts of movement. Hence,
these dynamic environments add extra difficulties in the development of efficient defensive mechanisms.
Delay-Sensitive Service
Many IoT applications are delay-sensitive. The different IoT components in these applications must be protected
from any attacks. If the components are not protected from outside attacks, the service time of the applications
might be degraded – that can even cause service disruption.
To learn more about the security challenges in IoT, refer to the links below:
Security challenges of the internet of things – http://ieeexplore.ieee.org/document/7522219/ (IEEE 2016)
IoT Security – Challenges and Solutions – http://electronicsforu.com/technology-trends/iot-security-challengessolutions (Vidyashankar 2017)
A roadmap for security challenges in the Internet of Things – http://www.sciencedirect.com/science/article
/pii/S2352864817300214 (ScienceDirect 2017)
Activity 5.1: IoT Security Challenges
How Scalability, Availability and Mobility are a challenge to IoT? Post your findings on the Discussion Board of
Unit 5. If you are facing any difficulties, you can reflect on it in your Personal Blog.
IoT Security Requirements
Following are a few security requirements for IoT (Dabbagh and Rayes 2016):
Confidentiality: refers to the surety that the exchanged messages should only be understood by the intended
entities.
Integrity: refers to the surety that no third party can alter or tamper the exchanged messages.
Authentication: refers to the fact that there are no impersonation or masquerade attack and the involved
entities are who they claim to be.
Availability: ensures that there is no denial of service and the services are not interrupted by an external
entity.
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
18 of 33 01/08/2018, 15:28
Authorization: ensures that all the performed operations are controlled and permitted by the designated
entities.
Freshness: Replay attacks can put the entity into an old state. This requirement ensures that the data is fresh
and new.
Non-repudiation: ensures that there is no denying of action performed by an entity.
Forward secrecy: refers to the surety that the objects do not understand any communications after they are
disconnected from the network.
Backward secrecy: refers to the surety that the objects do not understand any communications that
happened before they were connected to the network.
For further reading, refer to the link below:
A roadmap for security challenges in the Internet of Things: https://www.sciencedirect.com/science/article
/pii/S2352864817300214 (ScienceDirect 2017)
Activity 5.2: Security Requirements (Optional)
Read more about the security requirements in IoT using the following resources:
Security Requirements Analysis for the IoT – http://ieeexplore.ieee.org/document/7883727/ (IEEE 2017)
The Internet of Things: 3 Security Requirements – https://www.esecurityplanet.com/network-security/theinternet-of-things-3-security-requirements.html (Stanganelli 2014)
Post your findings on the Discussion Board of Unit 5. If you are facing any difficulties, you can reflect on it in
your Personal Blog.
IoT Three Domain Architecture
Before discussing the security issues, below is an overview of the three-domain architecture that is considered in
the security analysis.
The three-domain architecture is made up of sensing, fog and cloud domains.
IoT Sensing Domain
The sensing domains consist of all the smart objects that are capable of sensing the environment. These smart
objects then transfer the gathered data to the fog domain. The smart objects change their location over time.
IoT Fog Domain
The fog domain consists of fog devices. The fog devices are allocated a set of smart objects from where they
gather data and perform different operations on the data. The data is aggregated, stored and pre-processed in the
fog devices. Fog devices are also connected to one another in order to coordinate among themselves and to
maintain communication between the smart objects. The smart objects change their location over time and the fog
devices manage their allocation and handling depending on their newest location. Every fog device is also
connected to one or more servers that exist in the cloud domain.
Cloud Domain
Large servers that host the IoT applications are located in the cloud domain. There may be one or more servers in
this domain. Heavy-computational processing operations are performed on the data that is gathered from the fog
devices and the servers in the cloud domain are responsible for these operations.
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
19 of 33 01/08/2018, 15:28
Cloud Domain Attacks
IoT applications are held by the cloud domain where different operations are performed on the data collected by
the smart objects. One or more virtual machines (VMs) are assigned to each IoT application. Each of these VMs is
assigned to a server in the cloud data center. To perform computational tasks, CPU and memory resources are
allocated to these VMs via cloud servers. Each cloud server can accommodate a limited number of VMs. All VMs
have their own operating system to host an IoT application.
Many businesses and consumers feel that the perimeter of cloud computing cannot be defined or controlled – that
makes it a high-risk environment. There are numerous security attacks that make IoT applications susceptible.
Some of these attacks are discussed below:
(click on each title or + symbol to learn more)
Hidden-Channel Attacks
Virtual machines (VMs) running on a server are separated from each other logically but they still share some
hardware components like a cache. This can cause data leakage between the virtual machines that run on the
same server.
VM Migration Attacks
Live VM migration allows the VMs to move transparently from one server to another and is supported by the
visualisation technology. The term ‘live’ in ‘live VM migration’ means that the applications running on the VM may
face a very short duration (lower than hundreds of milliseconds) of disruption due to this migration.
The attacks by which VM migration can be exploited are divided into two subcategories.
Control Plane Attacks
The module that handles the migration process on a server is called the migration module. The attackers target
this module by exploiting a bug in the migration module software. The hackers take the full control of the migration
module by hacking into it. This allows the hackers to launch malicious activities like migration flooding or false
resource advertising.
Data Plane Attacks
The second type of the VM migration attacks are the data plane attacks. During migration, the VMs are moved via
network links that are the target of these attacks. The attackers target the network link when through which the
process of migration takes place. Data plane attacks include sniffing attacks and man-in-the-middle attacks.
Theft-of-Service Attack
Virtual machines (VMs) have a dedicated share of resources. The theft-of-service attacks cause a malicious VM to
misbehave in a way that it demands more resources than it is supposed to have. In this way, the malicious VM
gets more resources that causes an uneven distribution of the total resources of the server. This degrades the
performance of other VMs as they get less share of the resources.
VM Escape Attack
Virtual machines (VMs) running on the same server are isolated from each other. The isolation prevents them from
accessing each other’s data. This isolation can be broken down by exploiting software bugs. In this way, a hacker
can get full control of the server with the help of malicious VM.
Insider Attacks
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
20 of 33 01/08/2018, 15:28
In all the attacks described above, the administrators were considered as the trusted entities of the cloud data
centre and all the attacks originated from malicious VMs. Some applications are very sensitive about their
collected information and have serious concerns about the hosting of data. In this case, the administrators have
the ability to access and modify the data which can lead to the insider attacks.
Fog Domain Attacks
Fog domain consists of fog devices that collect data from the smart objects. Some operations like data
aggregation, data storage, and data preprocessing are performed on the collected data which is then transferred
to the servers in the cloud domain. There are a lot of similarities between the cloud domain and the fog domain but
there are three characteristics that distinguish them from each other.
Location: Cloud servers are located far away from the smart objects whereas the fog servers are located in
the accessible locations and very near to the smart objects. This allows the fog devices to respond to the
changes very quickly. In addition to that, each fog device knows the location of the smart objects connected to
it.
Mobility: Smart objects change their location over time that causes them to change their connected fog
device. Smart objects are connected to the fog devices that are closest to them. A smart object switches the
fog device with another fog device when it moves and gets closer to the other fog device. Due to this
changing of the device, the virtual machines that are processing a particular smart object must also be
handled by the new fog device in order to keep the processing running.
Lower Computing Capacity: There are thousands of servers in the cloud data centres that require a much
larger computing capacity whereas the fog devices require a very low computational capacity.
These characteristics give rise to some new security threats that are specific to the fog domain. Some of the
threats of fog domain are discussed below.
Authentication and Trust Issues
Fog devices are owned by multiple and less-known entities. When assigning a fog device to a smart object, the
identity of the owner of the fog device needs to be authenticated. In addition to that, the smart object should also
decide if the owner of the fog device should be trusted or not. Trust is a very important aspect because a smart
object is assigned to different fog devices over time and each of these fog devices may belong to a different entity.
Higher Migration Security Risks
The process of VM migration occurs in both the cloud domain and the fog domain. The internal network of the
cloud data centre or a secure virtual private network (VPN) carries out the migration in the cloud domain. In the fog
domain, the migration of VM from one fog device to another is carried out over the internet. The migration can
occur through compromised routers or links which pose a threat to the system.
Higher Vulnerability to DoS Attacks
Low computing capacity of fog devices invites denial-of-service attacks where the attackers overwhelm the fog
devices to affect their performance.
Additional Security Threats due to Container Usage
There are a large number of smart objects connected to the fog devices. To fulfil the computing needs of all these
smart objects, containers are used instead of VMs. These containers allocate resources to the devices according
to their demands. Containers allow the fog devices to serve a larger number of objects as compared to the VMs.
Multiple containers share the same operating system which makes them a security threat especially when the
objects belong to different users.
Privacy Issues
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
21 of 33 01/08/2018, 15:28
Smart objects are connected to their closest fog device that makes the location of the smart object known to the
fog device. In this way, the users can be tracked and their commuting habits can also be known which interferes
the privacy of the users that are carrying the smart objects.
Sensing Domain Attacks
Sensing domain contains all the smart objects that are capable of sensing information and perceive the world in
order to generate data from the environment. In addition, to sense the environment the smart objects also
communicate with the outer world. The generated data is then transferred to the fog devices via wired or wireless
mediums. The sensing domain also faces different types of attacks that are discussed below.
Jamming Attack
The jamming attack can disrupt services and has the following two forms:
1. Jamming the Receiver.
2. Jamming the Sender.
Vampire Attack
Most of the IoT objects have limited battery lifetime. In a vampire attack, the malicious users misbehave and make
the devices consume more power than they actually use. As a result, the devices run out of battery and disrupts
the service.
Selective-Forwarding Attack
In some cases, the data packets are not sent directly to the fog device but rely on other devices that come in the
way. A malicious object in the selective-forwarding attack does not forward a complete packet that it receives from
the other smart objects. The black-hole attack is a special case where a complete set of data packets are dropped,
and nothing is forwarded to the fog device.
Sinkhole Attack
A malicious object can pretend that it has the shortest route to the fog device. The other smart objects that do not
have a direct connection with the fog device are attracted by that malicious object. The objects then start sending
their data to the malicious object and also count on it to deliver the data to the fog device. The malicious object
can look at the content of the data if it is not encrypted. In addition to that, the malicious object can also drop some
or all the packets of data like the selective-forwarding attacks.
To learn more about the security attacks on IoT, please refer to the links below:
Five nightmarish attacks that show the risks of IoT security – http://www.zdnet.com/article/5-nightmarish-attacksthat-show-the-risks-of-iot-security/ (Wallen 2017)
The Internet of Things Will Be Even More Vulnerable to Cyber Attacks – https://www.chathamhouse.org/expert
/comment/internet-things-will-be-even-more-vulnerable-cyber-attacks (Bryce 2017)
Activity 5.3: Domain Attacks (Optional)
How Cloud Domain attacks are different from Fog Domain Attacks? Post your findings on the Discussion
Board under this activity’s thread. If you are facing any difficulties, you can reflect on it in your Personal Blog.
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
22 of 33 01/08/2018, 15:28
Unit Summary
This unit enlightens the security and privacy issues in IoT. The connectivity of different physical objects in our
surroundings affects our daily lives. Hence, all these objects should be protected from any attacks. The associated
security and privacy issues cannot be ignored and should be taken into account by the developing team. The unit
describes the challenges and requirements of security in IoT. In addition to that, there is a three-domain
architecture required for security analysis in cloud, sensing and fog domains. Each domain can be a victim of the
different type of attacks that are also discussed in the unit.
End of Unit Activities
Please post your answers on the Discussion Board.
Activity 5.4: IoT Security (Compulsory)
Fill in the blanks:
1. Smart things will be recording _______________ of people at all times.
2. IoT applications are also called _________.
____________ ensures that there is no denial of service and the services are not interrupted by any external
entity.
3.
4. Authentication refers to the fact that there is no _____________ or __________ attack.
5. The two types of VM migration attacks are ___________________ and ________________.
Activity 5.5: IoT Attacks (Compulsory)
1. What are the three characteristics that differentiate the cloud and fog domains?
2. What is meant by live VM migration?
3. Briefly, explain the vampire attack and state the domain in which this attack can occur?
Activity 5.6: IoT Countermeasures and Attacks (Compulsory)
1. Explain the two forms of jamming attacks.
2. Discuss in detail the countermeasures of all the attacks stated in this unit.
Read the following article, which you will find a link to in the Reading List, and answer the two questions above.
Dabbagh, M., Rayes, A. (2017) Internet of Things Security and Privacy. In: Internet of Things From Hype to
Reality. Springer, Cham
Reference List
AnnaMGerber (2017) Top 10 IoT security challenges. [Online] Available at: https://developer.ibm.com/dwblog
/2017/iot-security-challenges/?utm_content=buffer5d568&utm_medium=social&utm_source=plus.google.com&
utm_campaign=buffer (Accessed: 15 November 2017).
Bryce (2017) The Internet of Things will be even more vulnerable to cyber attacks. [Online] Available at:
https://www.chathamhouse.org/expert/comment/internet-things-will-be-even-more-vulnerable-cyber-attacks
(Accessed: 15 November 2017).
Burger (2016) Cisco Forecast: 3.4 devices connected to the internet per person by 2020. [Online] Available at:
http://www.telecompetitor.com/3-4-device-connections-per-person-worldwide-2020-cisco-highlights-11th-visualnetworking-index/ (Accessed: 15 November 2017).
Dabbagh and Rayes (2016) Internet of Things security and privacy. [Online] Available at: https://link.springer.com
/chapter/10.1007/978-3-319-44860-2_8 (Accessed: 15 November 2017).
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
23 of 33 01/08/2018, 15:28
IEEE (2016) Security challenges of the internet of things. [Online] Available at: http://ieeexplore.ieee.org/document
/7522219/ (Accessed: 15 November 2017).
IEEE (2017) Security requirements analysis for the IoT. [Online] Available at: http://ieeexplore.ieee.org/document
/7883727/ (Accessed: 15 November 2017).
ScienceDirect (2017) A roadmap for security challenges in the Internet of Things. [Online] Available at:
https://www.sciencedirect.com/science/article/pii/S2352864817300214 (Accessed: 15 November 2017).
Stanganelli (2014) The Internet of Things: 3 security requirements. [Online] Available at:
https://www.esecurityplanet.com/network-security/the-internet-of-things-3-security-requirements.html (Accessed:
15 November 2017).
Vidyashankar (2017) IoT Security – challenges and solutions. [Online]. Available at: http://electronicsforu.com
/technology-trends/iot-security-challenges-solutions (Accessed: 15 November 2017).
Wallen (2017) Five nightmarish attacks that show the risks of IoT security. [Online] Available at:
http://www.zdnet.com/article/5-nightmarish-attacks-that-show-the-risks-of-iot-security/ (Accessed: 15 November
2017).
Unit 6 Introduction to Raspberry Pi
Raspberry Pi is a small-sized computer that was originally designed for education. It was adopted very quickly
because of its small size and affordable price. Raspberry Pi is mostly used by the makers, tinkerers and electronic
enthusiasts for projects that require something more than the microcontrollers. (OpenSource 2017). The main
purpose of Raspberry Pi is to build networks. The networking capabilities of Raspberry Pi range from small
networks towards the building of smart home systems. The distributed networking of Raspberry Pi leads to its use
in making IoT environments.
After studying this unit, you will have an understanding of:
What is the Raspberry Pi?
What can you do with Raspberry Pi?
Setting up Raspberry Pi.
Booting Up Raspberry Pi.
The operating system of Raspberry Pi (Linux).
The unit should take approximatel 20 hours over one week to study.
The Raspberry Pi is becoming a universal phenomenon. The device is a $35 (U.S.) computer that is being used in
all sorts of things ranging from a desktop computer to a controller in home automation systems. Raspberry Pi
(shown in Figure 6.1) is a computer that has Linux as its operating system. There are USB sockets for plugging in
devices like keyboard and mouse. In addition to that, there is HDMI (High-Definition Multimedia Interface) that
connects the Raspberry Pi to a screen (Monitor or TV).
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
24 of 33 01/08/2018, 15:28
Figure 6.1: Raspberry Pi (MODMYPI 2017)
After booting up, the Raspberry Pi shows Linux desktop on the screen as shown in Figure 6.2. Raspberry Pi is a
proper computer itself with a complete office suite package, games and video playing capabilities. Raspberry Pi is
around the size of a credit card and very affordable. The price range starts from as low as $25 (U.S.). The reason
that it is very cheap is that some of the components are not included with the board and has to be bought as
extras. For instance, the power supply and the protecting case has to be bought separately.
Figure 6.2: Raspberry Pi Desktop (CircuitBasics 2017)
Things to do with Raspberry Pi
Things you do on any other Linux desktop computer can also be done on a Raspberry Pi but with certain
limitations. Instead of a hard disk, the Raspberry Pi uses an SD card but a USB hard disk can also be plugged in if
needed. Raspberry Pi can be used for some basic stuff that includes:
editing the documents;
playing games;
browsing the Internet.
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
25 of 33 01/08/2018, 15:28
The low price of Raspberry Pi also makes it a prime candidate to be used as a media centre. Videos can also be
played and it can be charged via a USB port.
A Tour of Raspberry Pi
Figure 6.3 shows the various parts of a Model B Raspberry Pi.
Figure 6.3: The anatomy of Raspberry Pi (Apprize 2013)
(click on each title or + symbol to learn more)
Model B Raspberry Pi
Model B and Model A of Raspberry Pi are different in a way that Model B has an RJ-45 LAN connector that
provides connectivity to the network. Raspberry does not have a built-in Wi-Fi. It needs to be plugged into a USB
wireless adapter for wireless connectivity. Some additional drivers might be required for this purpose.
USB Sockets
There are a limited number of USB sockets to plug in the devices like keyboard, mouse, external hard disk, etc. a
USB hub can be used if more USB sockets are required. An audio socket providing a stereo analogue signal for
powered speakers or headphones is also available. The HDMI connector in the Raspberry Pi also provides the
voice capability.
RCA (Radio Corporation of America) video connector
There is an RCA video connector that is used to connect the Raspberry Pi to an older TV. HDMI is used more
instead of RCA video connector because of high quality, sound capability and ability to connect to the DVI (Digital
Visual Interface) equipped monitors.
GPIO (General Purpose Input/Output) Pins
Two rows of pins called GPIO pins are used to connect custom electronics to the Raspberry Pi.
SD Card
Underneath the board of Raspberry Pi, there is an SD card (at least 2GB in size) slot. The operating system of the
computer is contained in the SD card along with a file system to store other documents created by the user. There
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
26 of 33 01/08/2018, 15:28
is no built-in disk in the Raspberry Pi, hence everything is stored on the SD card. The SD card can be plugged into
any other Raspberry Pi and all the stored files will be there.
Micro-USB Power Only
There is an additional micro-USB socket available for power supply.
Other components
All the actions occur in the big square chip located at the centre of the Raspberry Pi. This is Broadcom’s ‘System
on a Chip’. It includes the graphics, 256MB of RAM and some preprocessors to drive the Raspberry Pi. There are
flat cable connectors between the HDMI and Ethernet connectors and also next to the SD card. These flat cable
connectors are available for camera and LCD display.
Activity 6.1: Raspberry Pi Tour (Compulsory)
Briefly describe the components of Raspberry Pi on the Discussion Board under this activity’s thread. If you
are facing any difficulties, you can reflect on it in your Personal Blog.
Setting Up Raspberry Pi
To set up the Raspberry Pi, a few things will be needed that will be connected together with the Raspberry Pi. All
those things are described below.
(click on each title or + symbol to learn more)
Power Supply
Figure 6.4 shows a typical USB power supply. The power supply should be supplying power in the range from
700mA to 1A. In terms of Watts, it should lie in the range from 3W to 5W.
Figure 6.4: USB Power Supply (AliExpress 2017)
Keyboard and Mouse
Any USB keyboard and mouse can be attached to a Raspberry Pi. Wireless USB keyboard and mouse are also
good depending on the application for which you want to use the Raspberry Pi.
Display
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
27 of 33 01/08/2018, 15:28
A perfectly adequate display for the Raspberry Pi would be a low-cost 22-inch LCD TV. A computer monitor with a
VGA (Video Graphics Array) connector would need an expensive converter box. A monitor having a DVI (Digital
Visual Interface) connector would also do well with an inexpensive adapter.
SD Card
Using a personal SD card would need to be prepared with an operating system disk image. Hence, it would be
good to buy an SD card that is already prepared and ready to go.
Case
The Raspberry Pi does not come with a protective case for the enclosure. This helps to keep the price low, but it
makes the device vulnerable to breakage. It will be a good idea if a protection case is made or bought.
Wi-Fi
Raspberry Pi has no support for Wi-Fi. There are two options to connect the Raspberry Pi to the network. The first
option is to use a USB wireless adapter that can be plugged into the USB socket of the Raspberry Pi. The second
option is to use a Wi-Fi bridge with Raspberry Pi Model B.
USB Hub
There are only two USB sockets in the Raspberry Pi. To use more sockets, a USB hub (supporting USB 2) can be
used so that more devices can be connected if required. A powered USB hub will be a good choice as it will not
draw any power from the Raspberry Pi.
Connecting Everything Together
After collecting all the needed parts, everything can be plugged into the Raspberry Pi altogether. The following
Figure 6.5 shows how everything can be connected.
Figure 6.5: A Raspberry Pi System (Monk 2017)
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
28 of 33 01/08/2018, 15:28
Booting Up Raspberry Pi
Booting up the Raspberry Pi for the first time will not display the graphical environment the users see on a
Windows computer. A first-time configuration will be required as shown in Figure 6.6.
If the SD card is larger than 2GB, the Raspberry Pi will only use the first 2GB of its memory unless the option
expand_rootfs is selected. This option can be selected by using the UP and DOWN arrow keys and then press
ENTER.
Another change in the configuration is the boot_behavior option. This option will boot the Raspberry Pi straight to
the desktop otherwise the user will be forced to log in and start the Raspberry Pi manually each time the
Raspberry Pi is powered up.
Figure 6.6: Configuration Screen (RaspberryPiOrg 2012)
Activity 6.2: Connecting Raspberry Pi
Describe in your own words about how the components of Raspberry Pi can be connected together on the
Discussion Board under this activity’s thread. If you are facing any difficulties, you can reflect on it in your
Personal Blog.
Raspberry Pi Operating System
The Raspberry Pi uses Linux which is an open source operating system. Linux is a fully featured operating system
based on UNIX concepts. It has matured into a powerful and easy to use the operating system. There are various
Linux distributions (or distros). The distribution or distro that is recommended for Raspberry Pi foundation is
named as Raspbian Wheezy.
Users that are accustomed to using Microsoft Windows will experience some frustration in using a new operating
system because things work in a different way for Linux. The Linux system is open and completely under the
users’ control and anything about it can be changed. The users should be very careful in making any personalised
changes to Linux as they may end up breaking the operating system if falsely handled.
Raspberry Pi The Desktop
As shown in Figure 6.7, there are some icons that launch applications. Clicking the leftmost icon at the bottom of
the screen will show some applications and tools installed in Raspberry Pi. File Manager can be found under the
Accessories. The File Manager allows the user to explore, copy, move and launch executable files or applications.
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
29 of 33 01/08/2018, 15:28
Figure 6.7: Raspberry Pi Desktop (CircuitBasics, 2017)
Raspberry Pi The Internet
A user can normally plug in any internet device with a home hub via an Ethernet cable to get the Raspberry Pi
online. The home hub automatically assigns an IP address to the Raspberry Pi and connects it to the network.
Under the internet section of the start menu, there is a web browser called Midori. The connectivity of Raspberry
Pi can be checked by starting Midori and opening any website as shown in Figure 6.8.
Figure 6.8: Midori Web Browser (BeginLinux 2017)
The Command Line
Windows or Mac users never use a command line but the Linux users do. It is also possible to use the Linux
system via the graphical interface. Generally, a user needs a command line to type the commands for installing
new applications or configuring Raspberry Pi. LXTerminal icon opens the command window as shown in Figure
6.9.
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
30 of 33 01/08/2018, 15:28
Figure 6.9: The LXTerminal Command Line (Xively 2017)
Navigating with the Terminal
There are three main commands that will be used more often. Anything that will be typed in the command line will
be prefixed with a $ sign.
The first command is ‘pwd’ (short for print working directory) that shows the current directory.
The second command that is commonly used is ‘ls’ (short for list) that shows the list of files or directories
present in the working directory.
The third command is ‘cd’ (short for change directory) that changes the working directory.
Sudo:
A special command that will also be commonly used is ‘sudo’ (short for super-user do) any command written after
the keyword sudo will run as if the user is a superuser. A user is not a super user even if he is the sole user of the
computer. This is because of the fact that a regular user account (username: pi, password: raspberry) is restricted
from some parts of the operating system. This adds some protection against accidents. Such restricted commands
have to be used with prefix sudo.
Raspberry Pi Applications
Loads of applications can be installed in Raspberry Pi by using the command line. To install and uninstall
applications ‘apt-get’ command is used. Installing and uninstalling requires super-user privileges, hence apt-get
command will be used with prefix sudo.
The first apt-get command is always ‘sudo apt-get update’. This command updates all the packages in the
database using the internet.
If a particular package is needed to be installed, the user should know the package manager name for it. For
instance, the command ‘sudo apt-get install AbiWord’ will install the Abiword word processor application.
Unit Summary
The unit is based on an introduction to Raspberry Pi. This device is special and has created a lot of interest.
Raspberry Pi is rapidly becoming a worldwide phenomenon and is being used in IoT. The unit discussed what
Raspberry Pi actually is and what it can do. Furthermore, a tour of Raspberry Pi is included in the unit that
explains all the components of the device. The things that are needed for using the Raspberry Pi, how they can be
connected together and how the Raspberry Pi can boot up are also discussed in the unit. In addition to that, the
operating system (Linux) used by Raspberry Pi along with some of its features are also included in this unit. After
getting a basic introduction to this small computer, the users can go on to build their own applications.
End of Unit Activities
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
31 of 33 01/08/2018, 15:28
Please post your answers on the Discussion Board.
Activity 6.3: Introduction to Raspberry Pi (Compulsory)
Fill in the blanks:
1. Raspberry Pi is a computer that has _____ as its operating system.
2. Raspberry does not have a built-in _____
3. The flat cable connectors are available for ______ and __________.
4. ___________ icon opens the command window.
5. Raspberry Pi has a web browser called ______.
Activity 6.4: Components of Raspberry Pi (Compulsory)
1. List down the components of Raspberry Pi.
2. What are the three main commands of Linux?
3. What steps should be taken to connect Raspberry Pi to the Internet?
Activity 6.5: Raspberry Pi v/s Arduino (Compulsory)
Use the following link to list down the similarities and differences between Raspberry Pi and Arduino.
Arduino vs. Raspberry Pi: Mortal enemies, or best friends? – https://www.digitaltrends.com/computing/arduino-vsraspberry-pi/ (Parrish 2017)
Post your findings on the Discussion Board under this activity’s thread. If you are facing any difficulties, you can
reflect on it in your Personal Blog.
Reference List
Apprize (2013) Programming the Raspberry Pi: getting started with Python. (2013). [Online] Available at:
http://apprize.info/programming/raspberry/2.html (Accessed: 10 November 2017).
AliExpress (2017) Raspberry Pi 3 Power Charger 5V2.5A Micro USB Power Adapter with ON/OFF Switch Button
Cable US/EU/UK For Raspberry Pi 2. [Online] Available at: https://www.aliexpress.com/item/Hot-Raspberry-Pi-3-
Power-Charger-5V2-5A-Micro-USB-Power-Adapter-With-ON-OFF-Switch/32637864004.html (Accessed: 10
November 2017).
BeginLinux (2017) Midori web browser. [Online] Available at: https://beginlinux.com/appsm/midori/midori-webbrowser (Accessed: 10 November 2017).
CircuitBasics (2017) How to access the Raspberry Pi desktop with a remote desktop connection. [Online]
Available at: http://www.circuitbasics.com/access-raspberry-pi-desktop-remote-connection/ (Accessed: 10
November 2017).
MODMYPI (2017) Raspberry Pi 3 – Model B. [Online] Available at: https://www.modmypi.com/pis-and-peripherals-
1139/raspberry-pi-3-model-b (Accessed: 10 November 2017).
Monk, Simon (2013) Programming the Raspberry Pi: getting started with Python. New York: McGraw-Hill.
Monk (2017) Raspberry Pi cookbook. [Online] Available at: https://www.safaribooksonline.com/library
/view/raspberry-pi-cookbook/9781491939093/ch01.html (Accessed: 10 November 2017).
OpenSource (2017) What is a Raspberry Pi? [Online] Available at: https://opensource.com/resources/raspberry-pi
(Accessed: 10 November 2017).
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
32 of 33 01/08/2018, 15:28
Parrish (2017) Arduino vs. Raspberry Pi: mortal enemies, or best friends? [Online] Available at:
https://www.digitaltrends.com/computing/arduino-vs-raspberry-pi/ (Accessed: 10 November 2017).
RaspberryPiOrg (2012) STICKY: getting started with Raspberry Pi. [Online] Available at:
https://www.raspberrypi.org/forums/viewtopic.php?f=91&t=4751&sid=897164203737bf2083457b68e8e8a119
(Accessed: 10 November 2017).
Wenner (2016) Raspberry Pi 3: newbie introduction, YouTube. [Online] Available at: https://www.youtube.com
/watch?v=U7bZWWlqrCo (Accessed: 10 November 2017).
Xively (2017) Raspberry Pi. [Online] Available at: https://developer.xively.com/v1.0/docs/raspberry-pi (Accessed:
10 November 2017).
https://courseresources.derby.ac.uk/bbcswebdav/institution/UDOL/6CC…
33 of 33 01/08/2018, 15:28
The post User participation models like User-cantered Design, Open Source Development
