The Internet of Things (IoT) represents a revolutionary paradigm, enabling a vast array of devices to be ubiquitously interconnected via the Internet, thereby facilitating remote control and management of these devices. This pervasive integration into daily life brings significant convenience but also raises substantial concerns regarding the security of personal data collected and stored online. As the number of connected devices grows, the urgency to address privacy and security issues becomes paramount. IoT systems are particularly susceptible to threats that could compromise consumer privacy and security, affecting their practical deployment. Recent research efforts have focused on enhancing the security of IoT devices, including the exploration of blockchain technologies to mitigate these concerns. This paper aims to elucidate the security and privacy challenges inherent in IoT systems by examining vulnerabilities at each layer of the IoT protocol stack. It identifies key security requirements and reviews existing solutions designed to protect IoT systems from a layered perspective, thereby providing a comprehensive overview of the current landscape of IoT security and highlighting the critical need for robust security measures as the adoption of IoT continues to expand.
References
[1]
Nižetić, S., Šolić, P., López-de-Ipiña González-de-Artaza, D. and Patrono, L. (2020) Internet of Things (IoT): Opportunities, Issues and Challenges Towards a Smart and Sustainable Future. Journal of Cleaner Production, 274, Article ID: 122877. https://doi.org/10.1016/j.jclepro.2020.122877
[2]
Deep, S., Zheng, X., Jolfaei, A., Yu, D., Ostovari, P. and Kashif Bashir, A. (2020) A Survey of Security and Privacy Issues in the Internet of Things from the Layered Context. Transactions on Emerging Telecommunications Technologies, 33, e3935. https://doi.org/10.1002/ett.3935
[3]
Goyal, P., Sahoo, A.K. and Sharma, T.K. (2021) Internet of Things: Architecture and Enabling Technologies. Materials Today: Proceedings, 34, 719-735. https://doi.org/10.1016/j.matpr.2020.04.678
[4]
Amon, M.J., Hasan, R., Hugenberg, K., Bertenthal, B.I. and Kapadia, A. (2020) Influencing Photo Sharing Decisions on Social Media: A Case of Paradoxical Findings. 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, 18-21 May 2020, 1350-1366. https://doi.org/10.1109/sp40000.2020.00006
[5]
Hasan, R., Al Mahmud, M.A., Farabi, S.F., et al. (2024) Unsheltered: Navigating California’s Homelessness Crisis. Sociology Study, 14, 143-156. https://doi.org/10.17265/2159-5526/2024.03.002
[6]
Hasan, R., Chy, M.A.R., Johora, F.T., Ullah, M.W. and Saju, M.A.B. (2024) Driving Growth: The Integral Role of Small Businesses in the U.S. Economic Landscape. American Journal of Industrial and Business Management, 14, 852-868. https://doi.org/10.4236/ajibm.2024.146043
[7]
Hasan, R., Farabi, S.F., Kamruzzaman, M., Bhuyan, M.K., Nilima, S.I. and Shahana, A. (2024) AI-Driven Strategies for Reducing Deforestation. The American Journal of Engineering and Technology, 6, 6-20. https://doi.org/10.37547/tajet/volume06issue06-02
[8]
Johora, F.T., Hasan, R., Farabi, S.F., Akter, J. and Mahmud, M.A.A. (2024) AI-Powered Fraud Detection in Banking: Safeguarding Financial Transactions. The American Journal of Management and Economics Innovations, 6, 8-22. https://doi.org/10.37547/tajmei/volume06issue06-02
[9]
Lee, H.J. and Kim, M. (2018) The Internet of Things in a Smart Connected World. In: Sen, J., Ed., Internet of Things—Technology, Applications and Standardization, InTech, 134. https://doi.org/10.5772/intechopen.76128
[10]
Al Mahmud, M.A., Hossain, M.A., Saju, M.A.B., et al. (2024) Information Technology for the Next Future World: Adoption of It for Social and Economic Growth: Part II. International Journal of Innovative Research in Technology, 10, 742-747.
[11]
Mohammad, N., Imran, M.A.U., Prabha, M., Sharmin, S. and Khatoon, R. (2024) Combating Banking Fraud with It: Integrating Machine Learning and Data Analytics. The American Journal of Management and Economics Innovations, 6, 39-56. https://doi.org/10.37547/tajmei/volume06issue07-04
[12]
Hasan, R., Farabi, S.F., Al Mahmud, M.A., et al. (2024) Information Technologies for the Next Future World: Implications, Impacts and Barriers: Part I. International Journal of Creative Research Thoughts, 12, a323-a330.
[13]
Shahana, A., Hasan, R., Farabi, S.F., Akter, J., Mahmud, M.A.A., Johora, F.T., et al. (2024) AI-Driven Cybersecurity: Balancing Advancements and Safeguards. Journal of Computer Science and Technology Studies, 6, 76-85. https://doi.org/10.32996/jcsts.2024.6.2.9
[14]
Zaman, A.A.U., Abdelaty, A. and Sobuz, M.H.R. (2024) Integration of BIM Data and Real-Time Game Engine Applications: Case Studies in Construction Safety Management. Journal of Information Technology in Construction, 29, 117-140. https://doi.org/10.36680/j.itcon.2024.007
[15]
Li, J., Greenwood, D. and Kassem, M. (2018) Blockchain in the Built Environment: Analysing Current Applications and Developing an Emergent Framework. Diamond Congress Ltd., Budapest University of Technology and Economics.
[16]
Adat, V. and Gupta, B.B. (2017) Security in Internet of Things: Issues, Challenges, Taxonomy, and Architecture. Telecommunication Systems, 67, 423-441. https://doi.org/10.1007/s11235-017-0345-9
[17]
Vilajosana, X., Watteyne, T., Vucinic, M., Chang, T. and Pister, K.S.J. (2019) 6tisch: Industrial Performance for Ipv6 Internet-of-Things Networks. Proceedings of the IEEE, 107, 1153-1165. https://doi.org/10.1109/jproc.2019.2906404
[18]
Hortelano, D., Olivares, T., Ruiz, M., Garrido-Hidalgo, C. and López, V. (2017) From Sensor Networks to Internet of Things. Bluetooth Low Energy, a Standard for This Evolution. Sensors, 17, Article No. 372. https://doi.org/10.3390/s17020372
[19]
Raza, U., Kulkarni, P. and Sooriyabandara, M. (2017) Low Power Wide Area Networks: An Overview. IEEE Communications Surveys & Tutorials, 19, 855-873. https://doi.org/10.1109/comst.2017.2652320
[20]
Milovanović, D., Pantović, V. and Gardašević, G. (2017) Converging Technologies for the IoT: Standardization Activities and Frameworks. In: Kocovic, P., et al., Eds., Emerging Trends and Applications of the Internet of Things, IGI Global, 71-103. https://doi.org/10.4018/978-1-5225-2437-3.ch003
[21]
Khattak, H.A., Shah, M.A., Khan, S., Ali, I. and Imran, M. (2019) Perception Layer Security in Internet of Things. Future Generation Computer Systems, 100, 144-164. https://doi.org/10.1016/j.future.2019.04.038
[22]
Li, X., Eckert, M., Martinez, J. and Rubio, G. (2015) Context Aware Middleware Architectures: Survey and Challenges. Sensors, 15, 20570-20607. https://doi.org/10.3390/s150820570
[23]
Levä, T., Mazhelis, O. and Suomi, H. (2014) Comparing the Cost-Efficiency of CoAP and HTTP in Web of Things Applications. Decision Support Systems, 63, 23-38. https://doi.org/10.1016/j.dss.2013.09.009
[24]
Perwej, D.Y., Qamar Abbas, S., Pratap Dixit, J., Akhtar, D.N. and Kumar Jaiswal, A. (2021) A Systematic Literature Review on the Cyber Security. International Journal of Scientific Research and Management, 9, 669-710. https://doi.org/10.18535/ijsrm/v9i12.ec04
[25]
Sobuz, M.H.R., Al-Imran,, Datta, S.D., Jabin, J.A., Aditto, F.S., Sadiqul Hasan, N.M., et al. (2024) Assessing the Influence of Sugarcane Bagasse Ash for the Production of Eco-Friendly Concrete: Experimental and Machine Learning Approaches. Case Studies in Construction Materials, 20, e02839. https://doi.org/10.1016/j.cscm.2023.e02839
[26]
Mahjabin, T., Xiao, Y., Sun, G. and Jiang, W. (2017) A Survey of Distributed Denial-of-Service Attack, Prevention, and Mitigation Techniques. International Journal of Distributed Sensor Networks, 13, 1-33. https://doi.org/10.1177/1550147717741463
[27]
Monga, C., Raju, K.S., Arunkumar, P.M., Bist, A.S., Sharma, G.K., Alsaab, H.O., et al. (2022) [Retracted] Secure Techniques for Channel Encryption in Wireless Body Area Network without the Certificate. Wireless Communications and Mobile Computing, 2022, Article ID: 9839607. https://doi.org/10.1155/2022/2598465
[28]
Subashini, S. and Kavitha, V. (2011) A Survey on Security Issues in Service Delivery Models of Cloud Computing. Journal of Network and Computer Applications, 34, 1-11. https://doi.org/10.1016/j.jnca.2010.07.006
[29]
Aditto, F.S., Sobuz, M.H.R., Saha, A., Jabin, J.A., Kabbo, M.K.I., Hasan, N.M.S., et al. (2023) Fresh, Mechanical and Microstructural Behaviour of High-Strength Self-Compacting Concrete Using Supplementary Cementitious Materials. Case Studies in Construction Materials, 19, e02395. https://doi.org/10.1016/j.cscm.2023.e02395
[30]
Saggi, M.K. and Jain, S. (2018) A Survey towards an Integration of Big Data Analytics to Big Insights for Value-Creation. Information Processing & Management, 54, 758-790. https://doi.org/10.1016/j.ipm.2018.01.010
[31]
Shah, M.S.M., Leau, Y., Anbar, M. and Bin-Salem, A.A. (2023) Security and Integrity Attacks in Named Data Networking: A Survey. IEEE Access, 11, 7984-8004. https://doi.org/10.1109/access.2023.3238732
[32]
Bhadani, A.K. and Jothimani, D. (2016) Big Data: Challenges, Opportunities, and Realities. In: Manoj, K.S. and Dileep, K.G., Eds., Effective Big Data Management and Opportunities for Implementation, IGI Global, 1-24. https://doi.org/10.4018/978-1-5225-0182-4.ch001
[33]
Riahi Sfar, A., Natalizio, E., Challal, Y. and Chtourou, Z. (2018) A Roadmap for Security Challenges in the Internet of Things. Digital Communications and Networks, 4, 118-137. https://doi.org/10.1016/j.dcan.2017.04.003
[34]
Babun, L., Denney, K., Celik, Z.B., McDaniel, P. and Uluagac, A.S. (2021) A Survey on IoT Platforms: Communication, Security, and Privacy Perspectives. Computer Networks, 192, Article ID: 108040. https://doi.org/10.1016/j.comnet.2021.108040
[35]
Čolaković, A. and Hadžialić, M. (2018) Internet of Things (IoT): A Review of Enabling Technologies, Challenges, and Open Research Issues. Computer Networks, 144, 17-39. https://doi.org/10.1016/j.comnet.2018.07.017
[36]
Raza, S., Faheem, M. and Guenes, M. (2019) Industrial Wireless Sensor and Actuator Networks in Industry 4.0: Exploring Requirements, Protocols, and Challenges—A MAC Survey. International Journal of Communication Systems, 32, e4074. https://doi.org/10.1002/dac.4074
[37]
Goudarzi, A., Ghayoor, F., Waseem, M., Fahad, S. and Traore, I. (2022) A Survey on IoT-Enabled Smart Grids: Emerging, Applications, Challenges, and Outlook. Energies, 15, Article No. 6984. https://doi.org/10.3390/en15196984
[38]
Singh, S., Sharma, P.K., Moon, S.Y. and Park, J.H. (2024) Advanced Lightweight Encryption Algorithms for IoT Devices: Survey, Challenges and Solutions. Journal of Ambient Intelligence and Humanized Computing, 15, 1625-1642.
[39]
Riad, K., Hamza, R. and Yan, H. (2019) Sensitive and Energetic IoT Access Control for Managing Cloud Electronic Health Records. IEEE Access, 7, 86384-86393. https://doi.org/10.1109/access.2019.2926354
[40]
Snehi, M. and Bhandari, A. (2021) Vulnerability Retrospection of Security Solutions for Software-Defined Cyber-Physical System against DDoS and IoT-DDoS Attacks. Computer Science Review, 40, Article ID: 100371. https://doi.org/10.1016/j.cosrev.2021.100371
[41]
Jepsen, W. (2022) Cyclic Redundancy Checks and Error Detection.
[42]
Bertin, E., Hussein, D., Sengul, C. and Frey, V. (2019) Access Control in the Internet of Things: A Survey of Existing Approaches and Open Research Questions. Annals of Telecommunications, 74, 375-388. https://doi.org/10.1007/s12243-019-00709-7
[43]
Cirani, S., Picone, M., Gonizzi, P., Veltri, L. and Ferrari, G. (2015) IoT-OAS: An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios. IEEE Sensors Journal, 15, 1224-1234. https://doi.org/10.1109/jsen.2014.2361406
[44]
Moon, S.Y., Park, J.H. and Park, J.H. (2018) Authentications for Internet of Things Security: Threats, Challenges and Studies. Journal of Internet Technology, 19, 349-358.
[45]
Chabridon, S., Laborde, R., Desprats, T., Oglaza, A., Marie, P. and Marquez, S.M. (2013) A Survey on Addressing Privacy Together with Quality of Context for Context Management in the Internet of Things. Annals of Telecommunications, 69, 47-62. https://doi.org/10.1007/s12243-013-0387-2
[46]
Ouaddah, A., Mousannif, H., Abou Elkalam, A. and Ait Ouahman, A. (2017) Access Control in the Internet of Things: Big Challenges and New Opportunities. Computer Networks, 112, 237-262. https://doi.org/10.1016/j.comnet.2016.11.007
[47]
Wilson, P. (2017) Inter-Device Authentication Protocol for the Internet of Things.
[48]
Frustaci, M., Pace, P., Aloi, G. and Fortino, G. (2018) Evaluating Critical Security Issues of the IoT World: Present and Future Challenges. IEEE Internet of Things Journal, 5, 2483-2495. https://doi.org/10.1109/jiot.2017.2767291
[49]
Yakubu, B.M., Khan, M.I., Khan, A., Jabeen, F. and Jeon, G. (2023) Blockchain-Based DDoS Attack Mitigation Protocol for Device-to-Device Interaction in Smart Home. Digital Communications and Networks, 9, 383-392. https://doi.org/10.1016/j.dcan.2023.01.013
[50]
Shafagh, H., Hithnawi, A., Droescher, A., Duquennoy, S. and Hu, W. (2015) Talos: En-Crypted Query Processing for the Internet of Things. Proceedings of the 13th ACM Conference on Embedded Networked Sensor Systems, Seoul, 1-4 November 2015, 197-210. https://doi.org/10.1145/2809695.2809723
[51]
Kumar, R., Kumar, P. and Singhal, V. (2019) A Survey: Review of Cloud IoT Security Techniques, Issues, and Challenges. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3368786
[52]
Bhardwaj, I., Kumar, A. and Bansal, M. (2017). A Review on Lightweight Cryptography Algorithms for Data Security and Authentication in IoTs. 2017 4th International Conference on Signal Processing, Computing and Control (ISPCC), Solan, 21-23 September 2017, 504-509. https://doi.org/10.1109/ispcc.2017.8269731
[53]
Zhou, W., Jia, Y., Peng, A., Zhang, Y. and Liu, P. (2019) The Effect of IoT New Features on Security and Privacy: New Threats, Existing Solutions, and Challenges Yet to Be Solved. IEEE Internet of Things Journal, 6, 1606-1616. https://doi.org/10.1109/jiot.2018.2847733
[54]
Azrour, M., Mabrouki, J., Guezzaz, A. and Kanwal, A. (2021) Internet of Things Security: Challenges and Key Issues. Security and Communication Networks, 2021, Article ID: 5533843. https://doi.org/10.1155/2021/5533843
[55]
Raza, S., Duquennoy, S., Höglund, J., Roedig, U. and Voigt, T. (2012) Secure Communication for the Internet of Things—A Comparison of Link‐Layer Security and IPsec for 6LoWPAN. Security and Communication Networks, 7, 2654-2668. https://doi.org/10.1002/sec.406
[56]
Harbi, Y., Aliouat, Z., Refoufi, A. and Harous, S. (2021) Recent Security Trends in Internet of Things: A Comprehensive Survey. IEEE Access, 9, 113292-113314. https://doi.org/10.1109/access.2021.3103725
[57]
Szymoniak, S. and Kesar, S. (2022) Key Agreement and Authentication Protocols in the Internet of Things: A Survey. Applied Sciences, 13, Article No. 404. https://doi.org/10.3390/app13010404
[58]
Barceló, M., Urbieta, A., Astorga Burgo, J. and Jacob, E. (2022) Revisiting the Feasibility of Public Key Cryptography in Light of IIoT Communications.
[59]
Kalra, S. and Sood, S.K. (2015) Secure Authentication Scheme for IoT and Cloud Servers. Pervasive and Mobile Computing, 24, 210-223. https://doi.org/10.1016/j.pmcj.2015.08.001
[60]
Chifor, B., Bica, I., Patriciu, V. and Pop, F. (2018) A Security Authorization Scheme for Smart Home Internet of Things Devices. Future Generation Computer Systems, 86, 740-749. https://doi.org/10.1016/j.future.2017.05.048
[61]
Begum, B.A. and Nandury, S.V. (2023) Data Aggregation Protocols for WSN and IoT Applications—A Comprehensive Survey. Journal of King Saud University—Computer and Information Sciences, 35, 651-681. https://doi.org/10.1016/j.jksuci.2023.01.008
[62]
Nguyen, V., Lin, P., Cheng, B., Hwang, R. and Lin, Y. (2021) Security and Privacy for 6G: A Survey on Prospective Technologies and Challenges. IEEE Communications Surveys & Tutorials, 23, 2384-2428. https://doi.org/10.1109/comst.2021.3108618
[63]
Beqqal, M.E. and Azizi, M. (2017) Review on Security Issues in RFID Systems. Advances in Science, Technology and Engineering Systems Journal, 2, 194-202. https://doi.org/10.25046/aj020624
[64]
Li, L., Fan, X., Zhi, B., Li, S. and Dabollahi, S.A. (2024) Highly Secure Authentication and Key Agreement Protocol for the Internet of Vehicles. Telecommunication Systems. https://doi.org/10.1007/s11235-024-01172-z
[65]
Porambage, P. (2018) Lightweight Authentication and Key Management of Wireless Sensor Networks for Internet of Things.
[66]
Matte, C. (2017) Wifi Tracking: Fingerprinting Attacks and Counter-Measures. Université de Lyon.
[67]
Chandramouli, R., Iorga, M. and Chokhani, S. (2013) Cryptographic Key Management Issues and Challenges in Cloud Services. In: Jajodia, S., et al., Eds., Secure Cloud Computing, Springer, 1-30. https://doi.org/10.1007/978-1-4614-9278-8_1
[68]
Kumar, S. and Kumar, D. (2021) A Survey of Lightweight Cryptography for Power-Constrained IoT Devices: Security Challenges and Issues. In: Jena, O.P., Tripathy, A.R. and Polkowski, Z., Eds., Green Engineering and Technology, CRC Press, 293-313. https://doi.org/10.1201/9781003176275-17
[69]
Jabin, J.A., Khondoker, M.T.H., Sobuz, M.H.R. and Aditto, F.S. (2024) High-Temperature Effect on the Mechanical Behavior of Recycled Fiber-Reinforced Concrete Containing Volcanic Pumice Powder: An Experimental Assessment Combined with Machine Learning (ml)-Based Prediction. Construction and Building Materials, 418, Article ID: 135362. https://doi.org/10.1016/j.conbuildmat.2024.135362
[70]
Kumar, S., Kumar, D., Dangi, R., Choudhary, G., Dragoni, N. and You, I. (2024) A Review of Lightweight Security and Privacy for Resource-Constrained IoT Devices. Computers, Materials & Continua, 78, 31-63. https://doi.org/10.32604/cmc.2023.047084
[71]
Chaabouni, N., Mosbah, M., Zemmari, A., Sauvignac, C. and Faruki, P. (2019) Network Intrusion Detection for IoT Security Based on Learning Techniques. IEEE Communications Surveys & Tutorials, 21, 2671-2701. https://doi.org/10.1109/comst.2019.2896380
[72]
Abosata, N., Al-Rubaye, S., Inalhan, G. and Emmanouilidis, C. (2021) Internet of Things for System Integrity: A Comprehensive Survey on Security, Attacks and Countermeasures for Industrial Applications. Sensors, 21, Article No. 3654. https://doi.org/10.3390/s21113654
