ReviewInternet of Things security: A survey
Introduction
The Internet of things (IoT) provides an integration of various sensors and objects that can communicate directly with one another without human intervention. The “things” in the IoT include physical devices, such as sensor devices, which monitor and gather all types of data on machines and human social life (Yan et al., 2014). The arrival of the IoT has led to the constant universal connection of people, objects, sensors, and services. The main objective of the IoT is to provide a network infrastructure with interoperable communication protocols and software to allow the connection and incorporation of physical/virtual sensors, personal computers (PCs), smart devices, automobiles, and items, such as fridge, dishwasher, microwave oven, food, and medicines, anytime and on any network (Aazam et al., 2016). The development of smartphone technology allows countless objects to be a part of the IoT through different smartphone sensors. However, the requirements for the large-scale deployment of the IoT are rapidly increasing, which then results in a major security concern (Gu et al., 2012).
Security issues, such as privacy, authorization, verification, access control, system configuration, information storage, and management, are the main challenges in an IoT environment (Jing et al., 2014). For instance, IoT applications, such as smartphone and embedded devices, help provide a digital environment for global connectivity that simplifies lives by being sensitive, adaptive, and responsive to human needs. However, security is not guaranteed. The privacy of users may be compromised and the information on users may be leaked when user signal is interrupted or intercepted. To extensively adopt the IoT, this issue should be addressed to provide user confidence in terms of privacy and control of personal information (Li et al., 2016, Li et al., 2016). The development of IoT greatly depends on addressing security concerns (Sicari et al., 2015).
This study focuses on security threats and vulnerabilities in the context of the IoT and the state-of-the-art IoT security. We survey a wide range of existing works in the area of IoT security that use different techniques. We present an IoT security taxonomy based on the current security threats in the contexts of application, architecture, and communication. Possible security threats and vulnerabilities of the IoT are also compared. We propose a new security scenario for the IoT structure and provide an analysis of the possible threats and attacks to the IoT environment.
This study aims to serve as a useful manual of existing security threats and vulnerabilities of the IoT heterogeneous environment and proposes possible solutions for improving the IoT security architecture. State-of-the-art IoT security threats and vulnerabilities in terms of application deployments, such as smart environment, intelligent transportation, smart grid, and healthcare system, have been studied. The IoT security, particularly the IoT architecture, such as authentication and authorization, has also been investigated.
The most relevant work is a secure IoT architecture for smart cities that uses the black SDN proposed by Chakrabarty and Engels (2016). However, the proposed architecture does not support a full SDN implementation due to the constrained nature of the IoT nodes, which makes IoT nodes vulnerable and causes new types of threats and attacks, including node capturing, eavesdropping, and tampering. The architecture also decreases the network efficiency and leads to complicated routing. The current study proposes a possible solution to the security problem based on the weaknesses and limitations of the existing approaches in a comprehensive way. Other related works include the end-to-end (E2E) secure key-managing protocol for e-health applications by Abdmeziem and Tandjaoui (2015). The security protocol is limited to offloading heavy cryptographic primitives to third parties and does not specify the necessary trade-off between the communication overhead and the number of third parties. Flauzac et al. (2015) proposed a novel SDN-based security architecture for the IoT using border controllers. However, the use of border controllers has many drawbacks, such as securing both wanted and unwanted traffic and enterprise protection. These challenges were not addressed by the authors. Hernández-Ramos et al. (2015) focused on a lightweight authentication and authorization framework for constrained smart objects. Nevertheless, the proposed framework was not integrated into the constrained IoT environments for authentication, authorization, and defining some alternative methods to evaluate its suitability.
The remainder of this paper is organized as follows. Section 2 presents an overview of the IoT and the difference between IoT security and conventional wireless network security. Section 3 provides the IoT classification. Section 4 discusses the threats and vulnerabilities of the IoT. Section 5 describes the IoT security taxonomy. Section 6 provides an IoT security scenario. Section 7 presents the discussions on possible attacks posed by the threats and vulnerabilities on the IoT. Section 8 offers future directions. Finally, Section 9 concludes the study.
Section snippets
Overview of IoT
The IoT has drawn attention recently because of the expansion of appliances connected to the Internet (Whitmore et al., 2014, Atzori et al., 2010). IoT simply means the interconnection of vast heterogeneous network frameworks and systems in different patterns of communication, such as human-to-human, human-to-thing, or thing-to-thing (Horrow and Anjali, 2012, Al-Fuqaha et al., 2015). Moreover, the IoT is a realm where physical items are consistently integrated to form an information network
Classification of IoT
The IoT can be classified into three layers (Zhao and Ge, 2013), namely, application, perception, and network protocol, as shown in Fig. 3.
Threats and vulnerabilities of the IoT
In this section, related works that focus on the threats and vulnerabilities of the IoT are discussed to explore the various types of existing security solutions for the IoT. The related works specifically focused on security solutions for the threats and vulnerabilities of the IoT architecture and their applications.
Several specific solutions for the IoT architecture and applications have been proposed in the literature (Granjal et al., 2015, Guo et al., 2017). A secure IoT architecture for
Taxonomy of the IoT security
The existing IoT security approaches discussed in Section 3 indicate the need to design a new security taxonomy that is simple and more specific to categorizing classes of security threats and vulnerabilities in each IoT application domain. We therefore specify the functionalities and performances of each domain on different threats and vulnerabilities and explain how security countermeasures may improve the security services in any IoT application domain.
The security information profile of the
IoT security scenario
After a comprehensive research and survey on the security threats and vulnerabilities of the IoT as discussed in the previous sections, we know that security and privacy issues must be addressed for the IoT to be fully deployed in different domains at a large scale. The IoT environment involves different technologies and communication standards; no unified standard policy regarding security and privacy requirements currently exists (Chen et al., 2011a, Chen et al., 2011b). A well-defined
Discussion on possible attacks posed by threats and vulnerabilities of the IoT
The IoT is a concept that evolves every day. Several technologies, which include WSNs, RFIDs, and cloud facilities, are utilized by the IoT devices. The M2M function is the main building block of the IoT paradigm (Jing et al., 2014). Moreover, the IoT paradigm is applicable in many domains, such as smart cities, healthcare, SGs, and intelligent transportation. These devices must communicate with each other and with different objects, including human beings. Every communication type must be
Future directions
The IoT development faces many security, trust, and infrastructure challenges. The aforementioned challenges must be addressed for the IoT to be accepted and fully deployed (Whitmore et al., 2014). Most IoT devices are typically wireless (Raza et al., 2013b), and securing these devices is essential. Security problems are fundamental in the IoT because they can occur at different layers. Different security properties, such as confidentiality, integrity, authentication, authorization,
Conclusion
The IoT has recently emerged as an important research topic. It provides the integration of different sensors and objects to communicate specifically with each other without human interference. Moreover, the requirements for the large-scale deployment of the IoT are increasing rapidly with major security concerns. We presented a comprehensive review of the state-of-the-art IoT security threats and vulnerabilities. We classified the IoT by presenting the taxonomy of the current security threats
References (113)
- et al.
An end-to-end secure key management protocol for e-health applications
Comput. Electr. Eng.
(2015) - et al.
Secure and dependable software defined networks
J. Netw. Comput. Appl.
(2016) - et al.
The internet of things: a survey
Comput. Netw.
(2010) - et al.
Extracting trust information from security system of a service
J. Netw. Comput. Appl.
(2012) Security issues and challenges for the IoT-based smart grid
Procedia Comput. Sci.
(2014)The internet of things vision: key features, applications and open issues
Comput. Commun.
(2014)- et al.
Integration of cloud computing and internet of things: a survey
Future Gener. Comput. Syst.
(2016) - et al.
International Journal of Information Management An empirical study of the rise of big data in business scholarship
Int. J. Inf. Manag.
(2016) - et al.
Smart city architecture and its applications based on IoT
Procedia Comput. Sci.
(2015) - et al.
Internet of Things (IoT): a vision, architectural elements, and future directions
Future Gener. Comput. Syst.
(2013)
A survey of trust computation models for service management in internet of things systems
Comput. Commun.
The role of big data in smart city
Int. J. Inf. Manag.
SAFIR: secure access framework for IoT-enabled services on smart buildings
J. Comput. Syst. Sci.
A secure and scalable storage system for aggregate data in IoT
Future Gener. Comput. Syst.
DTLS based security and two-way authentication for the Internet of Things
Ad Hoc Netw.
Scheme Smart Grid
Trust management systems for wireless sensor networks: best practices
Comput. Commun.
A lightweight message authentication scheme for Smart Grid communications in power sector
Comput. Electr. Eng.
Securing the Internet of Things
Comput. Fraud Secur.
Internet of things: vision, applications and research challenges
Ad Hoc Netw.
SEA: a secure and efficient authentication and authorization architecture for IoT-based healthcare using smart gateways
Procedia Comput. Sci.
SecKit: a Model-based Security Toolkit for the Internet of Things
Comput. Secur.
Calvin – merging cloud and IoT
Procedia Comput. Sci.
SVELTE: real-time intrusion detection in the Internet of Things
Ad Hoc Netw.
Key management systems for sensor networks in the context of the Internet of Things
Comput. Electr. Eng.
On the features and challenges of security and privacy in distributed Internet of Things
Comput. Netw.
Security, privacy and trust in Internet of Things: The road ahead
Comput. Netw.
A secure and quality-aware prototypical architecture for the Internet of Things
Inf. Syst.
OSCAR: object security architecture for the Internet of Things
Ad Hoc Netw.
Internet of things: a survey on enabling technologies, protocols, and applications
IEEE Commun. Surv. Tutor.
CAR Approach for the Internet of Things approche de la CAR pour l′ internet des objcets
Can. J. Electr. Comput. Eng.
Internet of things: applications and challenges in technology and standardization
Wirel. Personal. Commun.
LIMERIC: a linear message rate control algorithm for DSRC congestion control
IEEE Trans. Veh. Technol., Appear fall
A visualization platform for internet of things in manufacturing applications
Internet Res.
An authentication framework for hierarchical ad hoc sensor networks
Proc. ACM Workshop Wirel. Secur. - WiSe ’
Secure communication for smart IoT objects: protocol stacks, use cases and practical examples
World Wirel., Mob. Multimed. Netw. (WoW- MoM)
N/A - On the integration of cloud computing and internet of things
Future Gener. Comput. Syst.
Mobile multimedia sensor networks: architecture and routing
EURASIP J. Wirel. Commun. Netw.
Threat implications of the internet of things
Econ. Internet Things Effic. Priv.
Internet of things in industries: a survey
IEEE Trans. Ind. Informatics
Cited by (888)
Detecting malicious proxy nodes during IoT network joining phase
2024, Computer NetworksCombo-Chain: Towards a hierarchical attribute-based access control system for IoT with smart contract and sharding technique
2024, Internet of Things (Netherlands)A lightweight security model for ensuring patient privacy and confidentiality in telehealth applications
2024, Computers in Human BehaviorSurvey and classification of Dos and DDos attack detection and validation approaches for IoT environments
2024, Internet of Things (Netherlands)ASSOCIATE: A simulator for assessing soft security in the Cognitive Internet of Things
2024, Computer Communications