The Internet of Things (IoT) encompasses a wide range of application domains, including home, health, manufacturing and supply chain, agriculture, transportation, city and utilities. Physical devices in these domains are increasingly being connected to each other and the Internet [1
]. These devices include home IoT devices, such as smart door locks, thermostats and appliances, connected cars, wearables, health-related devices, such glucose monitoring systems and pacemakers, industrial devices, such as manufacturing sensor networks and supply chain radio frequency identification (RFID) tags, agricultural devices, such as greenhouse sensors and irrigation controllers, and city services, such as street lighting and water distribution systems [2
The IoT presents many benefits to individuals, organizations and municipalities alike. Devices that make home life more convenient are available and inexpensive, and remote sensors can monitor areas that are difficult to access [3
]. Smart city IoT technology allows municipalities to track energy consumption and monitor the environment [4
]. In both hospital settings and remote care monitoring, medical IoT devices can improve patient outcomes and reduce human errors [5
]. The proliferation of IoT devices across application domains has attracted interest on many fronts, including investors, business and academia [3
However, the IoT also presents challenges to security and privacy. Firstly, the hardware used to power the IoT is very limited compared to traditional IT devices like desktops, laptops and smartphones. IoT hardware has limited memory and processing capacity, from tens of kB of RAM at the lowest end sensors, to devices like the Raspberry Pi that can run an operating system [6
]. While traditional IT devices can be updated, IoT devices usually do not allow updates by the user [7
] and are also usually not subject to regular security patches and updates [8
]. Limited processing capacity also limits the ability to run typical cryptographic protocols. The heterogeneity of device hardware and protocols makes it difficult to have a unified security solution [7
]. Secondly, the vast amount of data collected by IoT devices gives rise to privacy concerns. New smart devices promise convenience and better living, but the variety and quantity of user data collected, analyzed, transported and stored at all layers of the IoT architecture is a vulnerability, allowing threats to user privacy.
A variety of approaches have been taken in defining layered IoT security architectures and frameworks. Earlier research [7
] suggested a three-layer model with Perception, Transportation and Application layers where the Perception layer represents the physical sensors and actuators, e.g., RFID tags, that interact with the physical world, the Application layer provides smart functionality to the IoT users, and the Network layer transports information between the other two layers using various wireless technologies. More recent research presents security architectures defining additional layers. A Processing layer that represents an intelligent interface between the Application and Network layers is added in [9
], where information from the Physical layer is processed through services including data mining, parallel computing and cloud computing. The authors of [10
] present a five-layer security architecture, with an End-User layer representing the IoT devices, an Edge Network layer with servers that collect, process and provide storage for data from the devices, a Core Network layer that transports the processed data from the Edge Network layer to a Service and Storage layer, with data servers, software servers, and control servers. The data servers store the data processed on the edge network for further analysis, the software servers hold applications and operating system images, and the control servers manage the data and software servers; the fifth layer is a Management layer that provides overall management of the Service and Storage layer. A six-layer end-to-end view of security architecture is provided in [11
], encompassing an application layer, a cloud layer, and information transmission layer, a gateway information layer, an internal communications layer, and end device layer.
Attacks may target a specific layer of any security architecture framework because of vulnerabilities in that layer. In this paper, we will review attacks and security challenges on the Perception (Physical) layer, the Network layer and the Application layer. The IoT devices in the Physical layer are resource constrained and may be in an open, unprotected environment, vulnerable to physical damage, tampering and forgery attacks [7
]. The Network layer is critical to the transport of information between IoT devices and Application layer processes; Denial of Service (DoS) attacks can threaten the availability of network services [15
] and vulnerabilities in the wireless protocols lead to additional security threats [13
]. The Application layer that processes data from the IoT devices and provides smart functionality to users is vulnerable to exploits of software errors, application protocol weaknesses and permissions [13
Security is of utmost importance in the IoT, especially in application domains that have systems critical to individual and community safety [17
]. For example, connected cars and smart transportation systems need to be secure to prevent accidents and injury, as well as to protect the privacy of drivers who might be tracked as they travel on the roads [18
]. Medical and health monitoring devices need to be secure to ensure that the information the devices monitor, collect, or report is correct and that life critical devices remain available and operating [19
]. Researchers were able to breach an IoT-connected camera and retrieve images [20
]. This kind of security breach can pose a threat to both individual privacy and corporate secrecy depending on the location of the camera. IoT devices can not only be the target of attack, but they can be harnessed to attack another system [21
], just as traditional computers have been recruited into botnets to launch attacks.
There are three basic security requirements, confidentiality, integrity and availability, commonly known as the Confidentiality, Integrity and Availability (CIA) triad [22
]. These security principles apply to the IoT as they do to the Internet as a whole [23
]. If there is a loss of any one of these basic requirements, there is some impact to the individual or organization involved. The National Institute for Standards and Technology (NIST) provides definitions for Low, Moderate and High potential impacts due to loss of confidentiality, integrity or availability in FIPS 199 [24
]. A loss of availability in one IoT application might not have the same impact as a similar loss in another IoT application [25
]. In addition to providing a taxonomy of attacks by Perception (Physical), Network, and Application layers, we will consider the potential impact of attacks on the CIA triad according to the NIST definitions in a representative IoT device.
While mitigation and countermeasures can be taken for a specific attack, because of the interconnectedness and heterogeneity of the IoT network, a security strategy should take a more comprehensive, multi- and cross-layer approach [7
]. Trade-offs between functionality and constrained device capabilities can be made across architecture layers [26
]. Cryptography and encryption can provide confidentiality and integrity of data on devices and of data as it is transported through the network [29
]. Blockchain networks have also been presented as a multi-layer countermeasure to provide security to IoT [32
]. End-to-end security is a comprehensive mitigation approach to protect wireless communication between devices, adapted to the specific protocols in use [34
]. Authentication applies to all layers, to verify and identify devices prior to sending or receiving data [35
] and user identity, using various techniques, including access controls [36
]. Given the heterogeneous nature of the IoT environment, standardization of protocols across devices and networks can mitigate security threats [30
]. Addressing security countermeasures, including standardization, is a current open area of research for IoT.
In addition to discussing recent surveys on IoT security, this paper makes the following contributions:
Review the latest related security and privacy similar studies in IoT;
Discuss proposals for IoT security architectures and frameworks in recent literature;
Provide a taxonomy of attacks on IoT;
Present classification of attacks’ impacts according to NIST’s FIPS 199 definitions on loss of Confidentiality, Integrity and Availability (CIA) due to attacks on select smart devices;
Discuss a multi-faceted approach to mitigation and countermeasures in IoT security;
Allocate a section on open research area pertain to IoT ecosystem.
The rest of this paper is organized into the following sections: Section 2
provides an overview of IoT; related work is presented in Section 3
; the need for security is explored in Section 4
; Section 5
discusses IoT security architecture and frameworks; Section 6
provides a taxonomy of attacks, threats and vulnerabilities in IoT and possible impact of attacks on CIA security objectives; mitigation and countermeasures are discussed in Section 7
; Section 8
reviews current open research areas; the paper concludes and comments on future work in Section 9
3. Related Work
Many surveys have focused on IoT security and privacy in the past five years. The authors of [67
] selected and surveyed commercially available and frequently used IoT programming frameworks from major cloud providers that supported rapid IoT application development. They compared the approaches taken to security and privacy at the programming level of the frameworks. They found that the frameworks did support security to some degree, but design flaws could cause security issues and the frameworks did not adequately consider the vast number of microcontrollers with minimal hardware security present in the IoT network.
], Machine-to-Machine (M2M) applications are enumerated in major application domains, including Automotive, e-Health, Smart Metering, City Automation and Home Automation. A taxonomy of attacks against M2M is presented, categorized by the target of the attack, whether physical, logical or data. Scalability, heterogeneity, constrained resources, and a variety of end-to-end communication protocols are identified as challenges for M2M. The authors note that while most existing solutions addressed authentication and privacy, they did not address confidentiality.
The IoT is represented by three layers, Application, Transportation, and Perception in [7
], and for each layer they enumerate the potential attack types. They also review communication protocols, security issues and possible solutions by layer. They find that the Perception layer is the most vulnerable due to the physical availability of these devices that sense and monitor in the IoT environment. The difference between traditional IT security requirements and IoT security requirements is also discussed and the need for a multi-layer and cross-layer approach to security is advocated.
The authors in [69
] provide a comprehensive survey of attacks on IoT networks, covering both common and specific types of attacks in IoT applications. They focus on Smart Home, Smart Grid and Vehicular Ad hoc Network (VANET) applications in IoT and the related wireless networking technologies. They provide a taxonomy of attacks between each of these applications and the relevant wireless network, as well as classifying those attacks. They review existing solutions and found no common solution that would apply to all attacks, leading them to recommend more sophisticated schemes, including cryptography specifically adapted to the resource constrained IoT devices.
IoT applications in the domains of Industry, Personal Medical Devices, and Smart Home are discussed in [70
], along with general IoT security requirements to protect data privacy and security. They find that most security threats to IoT are related to data leakage and loss of service. They also describe threats to Smart Home and classify different types of attacks by threat level, from low to extremely high, including possible solutions.
IoT in healthcare is the focus of [5
] with applications categorized by healthcare setting, including clinical care, remote monitoring, and context awareness. They present the network topology of healthcare IoT networks and describe frameworks for health information service models and Wide Body Area Networks (WBAN) for healthcare applications, noting that there are no well-defined architectures in IoT in healthcare [50
]. They identify challenges for healthcare in IoT, including scalability, data privacy and security, and low-powered devices, and enumerate requirements for WBAN in IoT in healthcare [50
Blockchain as a security solution for IoT is discussed in [61
]. A taxonomy of security issues by layer is provided. Security issues and potential solutions are categorized by groupings of the layers of the protocol stack, with low level including the Hardware, Physical and Data Link layers, intermediate level including Network and Transport layers, and high level encompassing the Application layer. Blockchain-based solutions are discussed, though they note that blockchain itself is not without vulnerabilities.
The authors of [15
] describe a three-layer IoT architecture divided between Perception, Network and Application layers and posits that the security goals of confidentiality, integrity, and availability (CIA-triad) apply to the IoT. They divide security challenges into two categories, technological, which contains challenges such as the heterogeneity of IoT hardware, wireless networking technologies and scalability, and security, which contains the CIA-triad and end-to-end security. Security challenges are discussed by layer and countermeasures, including authentication, trust establishment, federated architecture, and security awareness, are discussed.
An overview of IoT architecture and the interoperability of interconnected networks is provided in [71
], as well as an analysis of security issues and mitigation strategies. They believe that the ease in conducting attacks against IoT is a significant threat. They discuss security constraints for hardware, software and networks, and present requirements for information security, access level security, and functional security. A taxonomy of attacks is categorized by device properties, adversary location, access level, attack strategy, and damage level, as well as by host and protocol.
The authors in [72
] discuss security goals and requirements for IoT, including data confidentiality, privacy and trust, while also providing a background of threats, attacks and vulnerabilities pertaining to IoT system components. They also provide an analysis of the motivations and capabilities of the intruders who would threaten the IoT. Intruders are classified into three main types, individuals, organized criminal groups, and state intelligence units; the motivation and capabilities of each are discussed.
Classification of the IoT in a corporate environment into four component layers, including connected objects, transportation, storage and data mining, API and GUI, is done in [73
], with multiple technologies possible in each layer. A taxonomy of threats and attacks for each of these components is provided. A case study is undertaken to demonstrate the operation of these components in connected thermostat devices, offering threat scenarios and corresponding mitigation measures, showing how an attacker could compromise one layer and use the trust between layers to gain access to additional resources.
A taxonomy and comparison of smart technologies in a host of application domains, Smart Cities, Smart Homes, Smart Grid, Smart Building, Smart Transportation, Smart Health, and Smart Industry, is discussed in [74
], along with the objectives and characteristics of each smart technology. The authors believe that the unique capabilities of the IoT and smart technologies bring new opportunities to businesses and consumers. They present case studies from four countries that they believe were successful examples of IoT and smart technology use to improve life, safety, efficiency and environmental monitoring.
An end-to-end view of IoT is taken in [20
], where the authors describe three main components, things, cloud, and controllers, where the cloud serves as a middleman for the things and controllers. The authors define ten major functionalities in their end-to-end view, including upgrading, pairing, binding, local and remote authentication and control, relay and big data analytics by cloud, and sensing and notification. They argue that security in IoT needs to be considered across five dimensions, hardware, software, OS/firmware, networking, and data. A detailed analysis of a connected camera system’s functionalities and communications between the three main components is made, as well as a discussion of their implementation of remote attacks that successfully gave them control of the camera.
The authors of [75
] believe that understanding the difference between traditional IT systems and cyber-physical systems is important to comprehending the security requirements of cyber-physical systems. A proposal of a cyber-physical system model with three parts, (i) physical, for those devices that directly connect with the physical world, (ii) cyber-physical, where connections between the physical and cyber worlds are made, and (iii) cyber, which has no connection to the physical world, is made. They present a comprehensive review of cyber-physical systems, choosing four major applications, Industrial Control Systems (SCADA), Smart Grid, Medical Devices, and Smart Cars, as representative systems for further analysis. A review of general threats applicable to cyber-physical systems in general, as well as threats targeted to each of the four major applications, is made, including the source, target, motivation, attack vector, and possible consequence of each attack. The causes of general and application-specific vulnerabilities, examples of real-life attacks, and controls are also discussed.
A comparison of IoT reference models, the early three-level model, the alternative five-level model, and the CISCO seven-level model is made in [76
]. A detailed taxonomy of attacks, security requirements, and countermeasures is made for the Edge-side levels, including Edge Nodes, Communication, and Edge Computing (Fog). The authors believe that the traditional CIA-triad of confidentiality, integrity, and availability is not sufficient to provide full security in IoT and thus consider the expanded IAS-Octave security requirements in their discussion of attacks and countermeasures. They see the enormous growth of insecure IoT devices in the wild and the privacy implications to the vast amount of data present in the IoT environment as major challenges to be addressed.
IoT applications are classified into major application domains and the critical security issues relevant to each domain are discussed in [77
]. They divide IoT applications themselves into four main layers, including Application, Middleware, Network, and Sensing. For each of these layers, including the Gateways that connect them, they present the various attacks and security issues to which the layer is susceptible. Because of the heterogeneity of the IoT infrastructure and the high level of connectedness between IoT devices and systems, the authors believe major improvements are needed to make IoT secure and to protect the large amount of private information generated by devices. They categorize existing IoT security solutions into four distinct approaches, blockchain, fog computing, edge computing, and machine learning. For each of these approaches to IoT security, they present the particular security issues that the solution can address, but they also acknowledge that these solutions are not without their own security issues.
A comprehensive look at IoT security is presented in [78
]. The services and protocols in the layers of the IoT protocol stack they categorize as Semantics, Application, MAC/Adaptation/Network, and Physical/Perception are enumerated. Threats to IoT in general and at each of the four layers are detailed. A major contribution of this survey is a review of major malware attacks on IoT devices and an analysis of the malware attack methodology, from the preparatory phase, through the infiltration, execution and propagation phases, to finally the hideout and clean-up phase. The authors see current IoT security as inadequate against these malware attacks and so propose guidelines for an IoT security framework that would provide comprehensive security for IoT. Each security measure in the proposed framework is designed to counter a particular threat to IoT.
The authors in [25
] propose a taxonomy of vulnerabilities in IoT grouped into nine classes that include weaknesses in the hardware, software, and resources available in the IoT system. They examine the vulnerabilities in the context of layers, security impact, attacks, countermeasures, and situational awareness capabilities. As part of this examination, they consider impact and attacks on the general security principles of confidentiality, integrity and availability. A unique contribution of this survey is an empirical analysis of darknet data passively collected from a/8 network telescope. This data is correlated with third-party information to determine the number of unique devices, manufacturers of the devices, countries of traffic origin, and the business sectors involved.
], the authors approach IoT as a security object to be protected and detail specific IoT properties that are critical to security. They present vulnerabilities according to the particular IoT asset or property being targeted by attackers as well as enumerating IoT device vulnerabilities recorded in the National Institutes of Standards and Technology (NIST) National Vulnerability Database (NVD). Among the components of IoT that they see as security objects to be protected are data, devices, communications, applications and clouds. They propose a combination of hardware and software solutions as well as proper access control, organizational policies and shared threat detection and intelligence for IoT information security.
Viewing the IoT as a collection of features that are representative of IoT devices as opposed to traditional IT devices is the approach taken in [80
]. These features include aspects of IoT devices, such as constrained, unattended, mobile, ubiquitous, diversity, myriad, intimacy and interdependence that have impact on security and privacy. These features relate to the vast number of connected devices in a heterogeneous technical and application environment. Threats, challenges and solutions for each feature are described. The authors conclude that vulnerabilities related to the features they call “constrained” and “interdependence” would be exploited by attackers more in the future.
The authors in [81
] propose a four-layer reference model, with each layer, Cloud, Network, Edge Computing and Perception, having a set of building blocks. In developing an IoT attack model they take a multi-layer approach, considering the general building block types, including physical objects, protocols, data, and software, as IoT assets. After identifying attack surfaces by building block asset and IoT security requirements, including confidentiality, integrity and availability, as well as the extended IAS-octave, the authors present a taxonomy of attacks, compromised security requirements and countermeasures by each building block asset category.
A different approach to IoT security is taken in [56
]. Instead of dividing the IoT into layers by technological function, the authors consider the various actors, relationships and interactions in the IoT. This systemic and cognitive approach is presented as a tetrahedron with four nodes representing the person, the intelligent object or device, the process, and the technical ecosystem. The edges between the nodes reflect the relationships and tensions between them. This theoretical model is further illustrated by a case study in the Smart Manufacturing application domain. The edges that relate to security are presented in more detail, including privacy, trust, identification and access control. The authors believe the increased expectation for objects and networks to be intelligent and act on their own requires IoT security to become more context aware, adaptive and similarly autonomous.
], the authors focus on nine major application domains of IoT, including smart healthcare, grid, home, wearables, transportation, manufacturing, agriculture, supply chain and city. For each of these application domains, they present security requirements, including confidentiality, integrity and availability, as well as the extended IAS-Octave. Additionally, system models, threat models that include the comparative level of threats, and protocols and technologies applicable to each application domain are presented in detail. Solutions to address the limitations of IoT devices, namely their low power and capacity, are discussed, including cryptographic primitives, authentication protocols, hardware, application-specific, and current lightweight solutions.
Finally, most IoT surveys have focused on IoT devices as the target of attacks. The authors of [21
] consider the IoT device as the enabling force in an attack on another target that is not necessarily another IoT device. The authors limit their work to verified attacks, whether they occurred in the real world or were produced by researchers. Their model of IoT-enabled attacks includes the adversary, the IoT device, and the actual target, which is typically a critical system. The access, means and motivation of the adversary are examined, as are the vulnerabilities at different IoT system layers and the direct, indirect and non-existent connections between the IoT device and the target system. They propose a risk methodology that assesses threat, vulnerability and impact levels to provide a risk profile for different IoT systems. Attacks in IoT application domains SCADA, Smart Power Grids, Intelligent Transportation Systems, E-Health and Medical Systems, and Smart Home and Automation are analyzed, with the authors finding that the closeness of device and target, exploitation of network and physical communication, and the extension of IoT device functionality played a role in the viability of an attack across all of the aforementioned application domains.
5. IoT Security Architectures and Frameworks
Urien proposes a four-quarter security architecture, based on a secure element [87
]. It uses an Arduino board as a General Purpose Unit (GPU) to coordinate three subsystems: a WiFi SoC in charge of communication, a secure element (SE) performing TLS protocol operations and defining object identity, and sensors and actuators. The GPU has a limited SRAM size of 8KB, which is the most critical resource. The entire system is controlled using a mobile App. The WiFi unit implements the IEEE 802.11i security protocol and provides a TCP/IP stack with client and server features. The SE has a smartcard form factor, supports Java Virtual Machine (JVM), and runs software written in the Javacard language. The system uses a digital temperature sensor for the sensors and actuators unit.
Liu et al., propose a four-layer security architecture consisting, top-to-bottom, of information application security at the application layer, information processing security at the processing layer, information transmission security at the network layer, and information processing security at the perceptual layer [9
Protection at the perceptual layer is in the form of physical security of the sensing devices themselves, authentication, and Wireless Sensor Network (WSN) security [49
]. Authentication can be done using asymmetric encryption to the ensure security of a node’s ID. Some of the attacks on a WSN include fake routing information, selective forwarding and black hole attacks [49
]. Mitigating methods include integrated security policies such as encryption algorithms, key distribution strategies, intrusion detection mechanisms, and secure multi-path routing strategies.
At the network layer, issues of longer-distance transmission, such as mobile communication networks and long-distance cable networks, are tackled. Issues to account for include the denial of service attacks, unauthorized access, man-in-the-middle attacks, and virus attacks. The processing layer acting as an interface between the network and the application layers needs to ensure data integrity and confidentiality.
Obaidat et al., propose a six-layer security architecture [11
] consisting of top-to-bottom security, application security, cloud security, information transmission security, gateway information security, internal communications security, and end-device security. At the application layer, they identify authentication as the most important, yet often overlooked, mechanism to employ. The cloud layer is to address data protection, privacy policies, and secure connections. The information transmission security layer handles reliable secure communication throughout the system. This includes wired, wireless and mobile networks. The gateway information security layer handles heterogeneity at the network edge using control and protocol security. Internal communications security handles security under the perimeter. Finally, the end-device security layer ensures physical IoT-device security. It is worth mentioning that the architecture is based on an end-to-end security framework.
Sridhar and Smys propose end-to-end security architecture [34
]. They address the three domains of the communication in an IoT infrastructure, namely, the sensing device domain, network domain, and cloud domain. Mutual authentication is achieved through an authentication-delegation process. Key management is accomplished using a dedicated Master Key Repository. Communication between nodes and device gateway and between device gateway and cloud service gateway is conducted using symmetric encryption while communication of these gateways with the Master Key Repository is done using asymmetric encryption. The repository generates a key-pair sharing its public key with the gateways via a one-time handshake. Lee et al., proposed a three-factor mutual authentication protocol for multi-gateway IoT environments to solve the existing security weaknesses in two factor authentication protocols [46
]. The proposed scheme protects IoT ecosystem against existing threats such as user impersonation attacks, gateway spoofing attacks, and session key disclosure [46
]. Due to resource limitations in IoT, a lightweight authentication mechanism is needed. Yu et. al., in [88
], proposed a secure and lightweight three-factor authentication scheme for IoT in cloud computing environment to secure IoT devices against attacks that were not previously addressed by previous mechanisms such as session key disclosure, replay attacks and user impersonation. In addition, it provides mutual authentication and anonymity.
Olivier et al., propose an IoT security architecture based on software-defined networking (SDN) [89
]. The architecture is meant for securing wired, wireless, ad hoc networks, and object networking (devices such as sensors, tablets, smart phones and the like).
The network is assumed to be heterogeneous with nodes that have more resources being SDN-capable, while others with limited resources are not. Nodes with limited resources are assumed to be in the vicinity of an SDN-capable node. The larger network is referred to as an extended SDN domain that is divided into multiple domains, where a domain represents an enterprise network or a data center. Each domain can have or more controllers for managing the devices within that domain. To allow for scalability, the authors introduce a Border Controller that sits at the edge of each domain. The architecture is not hierarchical, rather control functions are not distributed on multiple controllers, while routing functions and security rules are distributed across edge controllers.
Each SDN domain has its own security policies and management strategy. SDN controllers are responsible for authenticating network devices, and once a device is authenticated, a controller will push the appropriate flow entries to the access switch. As opposed a master/slave model, all border controllers follow equal interaction mode having read/write access to the switch. This means they have to synchronize their operations.
Edge controllers are also responsible for establishing connections and exchanging information with other SDN border controllers. An edge controller exchanges its security rules with controllers of other domains following a concept of a grid of security.
Unlike other SDN-based schemes that assume a single controller and hence a single point of failure in case the controller is attacked, this scheme uses edge controllers working together in a distributed fashion in order to guarantee the independence of each domain in case of failure.
Ling et al. present an end-to-end view of IoT security meant as a guide to design a secure and privacy-preserving IoT system [20
]. By focusing on standalone IoT systems consisting of three components (thing, controller and cloud) they identify 10 basic IoT functionalities related to security and privacy. These functionalities are listed and described in Table 5
To secure an IoT system, the authors identify five dimensions: hardware, operating system and firmware, software, networking and data generated and maintained within the system. The 10 functionalities span these five dimensions.
As a case study, the exploiting an IP camera system manufactured by Edimax is presented under this view of IoT security and privacy. They focus on remote attacks when the controller is away from the home network. Using three types of attacks, they are able to remotely control any camera. These attacks are: device scanning attack, brute force attack, and device spoofing attack.
Through identifying two major challenges in IoT networks, Guo et al., propose a five-layer IoT architecture [10
]. The first of these challenges is interoperability due to high degree of disparity between different nodes in terms hardware architecture, embedded operating system, applications and functionalities. The second is management of both devices and resources. An example of the first is the need to update software and settings while an example of the latter is the ability to gather data from myriad devices in a timely manner.
The authors propose centralized management of resources including operating system (OS), applications, and data, while improving scalability using transparent computing (TC). TC refers to the decoupling of the software stack from the underlying hardware and separating computing unit from storage. In this model, OS, applications and data are considered resources that can be centrally managed and scheduled by the server. Prior to such scheduling, an IoT device acts as a lightweight terminal with no OS, yet is capable of executing small segments of code or data as demanded by the server (called block-streaming).
The architecture consists of five layers: the end-user layer, edge network layer, core network layer, service and storage layer, and management layer. The end-user layer is comprised of the IoT devices running a resident software such as MetaOS such that they are capable of booting various operating systems as instructed by the Edge network layer.
The edge network layer is made of devices such as servers. They perform two types of tasks: (a) collecting and processing user data gathered by the end-user layer. Processed data is sent to the service and storage layer through the network layer, (b) providing computing and storage services to IoT devices. The core network layer provides the communication infrastructure and is used for communication between the edge network layer and service and storage layer.
The service and storage layer consists of different types of servers. Data servers for storing data received from the edge network layer and providing such data for analysis. Software servers for storing OS images and applications to make available to IoT and edge devices. Finally, control servers control and manage both data and software servers. The Management layer manages service and storage layer servers, and assigns tasks to the control server, such as adding and updating software.
Liu et al., propose a security framework for IoT based on a future Internet Architecture named MobilityFirst [91
]. MobilityFirst addresses, among many others, two major issues with the Internet of today, mobility at scale and security. These are achieved by cleanly separating human-readable names, globally unique identifiers (GUIDs), and network location information. To that end, two services are used, a name certification and resolution service (NCRS) is used to securely bind a human-readable name to a GUID while a global name resolution service (GNRS) is used to securely map a GUID to a network address (NA). By allowing the GUID to be a cryptographically verifiable identifier (e.g., a public key), trustworthiness is improved. Separation of the location information (NA) from the identity (GUID) enables users to request content by name without worrying about the current network address. This results in seamless mobility at scale.
The authors adopt the MobilityFirst architecture in addressing IoT needs in terms of scalability, mobility, content retrieval, inter-operability, and security. While many of these are clearly needed in an IoT setting, mobile IoT may not be. A mobile IoT application scenario is Vehicular Ad hoc Networks (VANETs). Sensors can be installed in moving vehicles to collect data and make it available to relevant applications through the underlying IoT infrastructure.
The authors propose a framework comprised of four components: devices, applications, MobilityFirst network, and IoT middleware as shown in Figure 4
. Devices are the things of the IoT network, capable of sensing, actuating and communicating. Applications are used by users to both consume data after being processed and feed back into the system.
The IoT middleware is further divided into three functional layers, Aggregator, Local Service Gateway (LSG), and the IoT server. The aggregator provides sensor abstraction hiding the hardware specifics for the underlying sensors and presenting a unified interface for querying and subscribing to the sensor data. The aggregator passes collected raw data to the LSG layer.
The LSG connects the IoT system to the global Internet. It might process raw data provided by the aggregator for context refining and aggregation purposes. The LSG also publishes the information, along with a data GUID, access control policy, and the storage location information (either human-readable names or NA), to the IoT server. Applications (users) can query the IoT server regarding where to fetch the data from through its edge router. After that, it can fetch the data from either a storage location or directly from the aggregator. In enforcing access control, the IoT server may decide to handle it itself or delegate it to the NCRS/GNRS.
Huang et al., propose a security framework for IoT that is meant to strike a balance between security and usability [92
]. Three main scenarios were user experience is important are considered: a body-area network, a home network, and a hotel network. Two additional scenarios were also considered: logistics IoT and an office IoT. To better understand user perceptions of the importance of security vs. usability, and how willing users are to trade one for another, a survey is conducted. User were asked about three aspects of security: authenticity, integrity, and availability.
The survey results show that while different aspects of security matter differently depending on the application, security matters to all users and in all applications. This is particularly the case when it comes to access systems and payment systems.
The proposed framework, named SecIoT, is composed of sensors that communicate to a central node, e.g., a web server, which is connected to the Internet. The central node stores, processes, and delivers data to users. Users can also control objects via this unit. The central unit also provides interoperability when communicating with other IoT networks. An all-IP 5G network is assumed, such that either the gateway or even the IoT nodes are equipped with a 5G SIM card so they are able to communicate.
Two forms of authentication are used: users when connecting to the central node to enquire or control objects, and objects when providing data to the central unit. A single-sign-on mechanism is used to authenticate users, while a Multi-channel security protocol (MCSP) is used for authenticating devices. In MCSP, a no-spoofing and no-blocking (NSB) out-of-band channel is used to communicate security properties (e.g., public key). Examples of NSB channels are emails, SMS messages, phone calls, and even face-to-face conversations. Using a user’s mobile phone or email address, it is easy to exchange public keys between the mobile phone and the IoT central service provider using, e.g., public key infrastructure.
The second component of the framework is providing a successful secure channel. This is relatively easy to accomplish once authentication takes place. The public key distributed during authentication can be used to ensure secure communication.
For authorization, role-based access control is proposed. The role is more encompassing than simply a job role. It could include the user’s context, e.g., location being in the vicinity or location, access during business hours.
The last component is a risk indicator, which helps users assess their current configurations and choices in terms of security risks. The risk indicator provides information in three elements: asset identification, threat identification, and risk evaluation.
Colombo and Ferrari et al., propose Fine-Grained Access Control (FGAC) to NoSQL databases, which have been gaining popularity in the data storage and analysis layer of IoT platforms [93
]. The papers attribute this adoption of NoSQL databases in IoT to several reasons, including performance, scalability, support for handling high volumes of data, and the ease of interaction with external applications.
NoSQL databases support multiple data models, with document-oriented being the most popular. MongoDB, the most popular NoSQL datastore, follows this data model. Using this model, a database is made of collections, each collection has a number of documents within, and each document contain key-value pairs [93
A major shortcoming of NoSQL databases, however, is the poor data protection mechanism they offer; e.g., MongoDB, integrates a role-based access control model operating at collection level only. For handling sensitive IoT data, the database could greatly benefit from the integration of FGAC [95
The authors propose the integration of a purpose-based model operating at document level into MongoDB and even at field level, which supports content-and context-based access control policies similar to those of Oracle VPD (Virtual Private Database). They also extend FGAC to map-reduce systems. An extracted key-value pair is dynamically modified on the basis of the specified FGAC policies, before the mapping phase starts the processing [93
In recent years, fog-based access control has been proposed to move the computational complexity from the core to the edge. To dynamically control context-sensitive access to cloud data resources, a novel approach was proposed in [38
], which combines the benefits of fog computing and context-sensitive access control solutions. The new model reduces administrative efforts and processing overheads. For comprehensive look at the context-aware access control schemes for cloud and fog networks as well as open research issues, the reader is encouraged to refer to the study in [39
Irshad created a review and comparison of IoT security frameworks [98
]. To survey the available literature, three search phrases were used: “IoT Security Framework”, “IoT Security”, and “IoT Information Security Governance” and four security frameworks were identified and compared as a result. The results of comparing these frameworks were presented in a table format and are reproduced as shown in Table 6
Krishna and Gnanasekaran also compare different IoT security protocols [99
]. Protocols are classified based on the layer at which they operate. Nine different schemes are compared, three at the perceptual layer, two at the network layer, and four at the application layer. These are compared in terms of the issues they address, the solution they provide, and their limitations.
Issues addressed include the life style of the elderly, absence of real-time data from nodes, and data integrity at the perceptual layer, security of home devices and device security at the network layer, and e-health information systems and environmental changes at the application layer.
8. Open Research Ideas
Current open areas of research into Internet of Things have primarily been focused on addressing countermeasures for recognized security and usability flaws. More broadly, this has included topics such as security, scalability, and standardization, as described in Figure 9
. Research has been focused on areas of improvement surveyed for application in fields such as smart environments (such as cities), and healthcare. As such, there has been an emphasis on the aforementioned importance of universalized security paradigms and standardization of device operations [27
]. This has manifested in studies over proposed architectures and protocols; although there has not been a consensus on this, some proposals have been shown to be more recurrent than others, such as structural decentralization [181
] and involvement of blockchain [32
Architectural Internet of Things research has primarily been divided into two fields from a wider pool of options, three-layer architecture and SoA-based architecture [180
]. However, alternate architectural frameworks have been drafted and proposed as a result of distinct perspective issues in individual layers, such as the physical and network layers. These new architectures have largely been driven by a secure desire for standardization, especially within the field of research itself, due to dissonance in research resulting from industry fragmentation [183
The lack of standardization within the field has created a vacuum for large-scale deployability. Because of the “multidisciplinary” nature of the field, research has demanded a universal, international standardization for Internet of Things protocols and communications [27
]. Standardization, however, has proved to be a regulatory challenge, because of the mass variation of both consumer and industrial needs within the field internationally, as operations which result from legal and physical challenges, as shown for example by the impact of 5G technology, as well as the recent trend of technology-focused digital legislature, such as the European GDPR [35
The relationship between the wider Internet and the Internet of Things has remained a tenuous topic for both security and functionality reasons. Open research has been done into the development of Web-based APIs for the purpose of devices securely accessing the web for functional reasons [185
] as well as theoretical implementation of TCP as a transport-layer protocol, based on past historical applications of such in the field [186
]. While this research exists, there has yet to be a generalized consensus on the usability of such in a wider scope. This, of course, relates back to the issue of lack of standardization, as the development and applicable testing of protocols and other proposals are predicated on their ability to be universally deployed, which is not currently viable without a consensus within the field [30
Similarly, lack of standardization is also an issue that has pervaded studies into security improvements. However, it has not had as critical of an effect, due to many security proposals being intrinsically proposed in a vacuum for mitigating threats within certain architectures, or as a response to certain externalities [187
]. Authentication, for example, has remained an open area of research; consensus agrees that authentication must be utilized in any secure Internet of Things architecture, but individual application of such has differed. Some open-ended papers have proposed protocols for key management schemes to strengthen resilience against cyber attacks [45
]. Other research has taken a more generalized approach, surveying threats (which have shown to be more widely agreed upon) and proposing hybrid encryption schemes to protect against both data theft and hijacking [189
]. However, besides standardized practices, other challenges are proposed for Internet of Things devices compared to more traditional computing; balancing security alongside energy consumption and available resources, for example, has remained a large problem, due to the complexities of stronger encryption competing with available system resources [158
]. Looking to balance such attributes, studies have shown a sharp contrast in proposed solutions; some have proposed authentication through continuous authorization, or authentication based on direct user interaction [189
]. Other studies have taken the route of providing security through cloud, or “fog computing” solutions [183
]. Many studies, however, have incorporated security concerns into architectural proposals; this, typically, has intersected with proposals for Blockchain and decentralization [32
]. Going back to Section 3
and in particular discussing access c, many approaches have been proposed to provide control access.
The usage of “fog computing” as a proposed solution has spurred a diverse sector of research [190
]. The term itself, “fog computing”, refers to a computing architecture which extends cloud computing methodology through employing peer entry nodes as middle-men between communicative devices and cloud networks. Some studies focus on more peer-to-peer based implementations, while others treat fog-computing as a layer in otherwise traditional cloud-computing architectures [190
]. “Fog computing” has competed against cloud-computing within IoT spheres by providing similar security benefits but with overcoming many of the challenges cloud-computing otherwise faces, such as “latency requirements” or “bandwidth” or “resource” “constraints” [190
]. Similar to cloud-computing, it allows for external and on-demand access to additional computing resources and virtual infrastructures with remote deployability and management [190
]. As this is an open field of research, however, exact implementations of fog computing are not fully agreed upon. Many of the considered benefits have overlapped between studies, but implementations have widely varied. Some studies, for example, believe that Blockchain should be used to foster fog computing paradigms [191
], while others believe that fog computing should simply act as a middleware-type framework for otherwise traditional cloud computing methods [192
]. The exact architecture is also highly debated between studies [190
]; some focus on optimized architecture for real time performance [190
], while others are focused more on synchronization between nodes [193
]. Others acknowledge the need for both synchronization and real-time efforts, but instead focus on adjacent implementations, such as sensor virtualizations [190
While both Blockchain and decentralized architectures (generally, peer-to-peer or end-to-end) are fairly common, even within such proposals, there is a large distinction between papers as to theoretical implementation of such, and little case study or proof of concept within the field, due to the inherent large scale of such proposals [187
]. Blockchain is often used as a means of proposing trust-based systems for ensuring integrity and non-repudiation [182
]. Proposals have been more uniform among peer-to-peer studies, generally focusing on challenging the status quo by providing decentralized solutions based on improving scalability and privacy [176
]. Most of these proposals have discussed forms of end-to-end encryption in tandem, but there are disagreements stemming from such, for example, how to distribute keys, or how to ensure standardization within a decentralized system across different hardware, manufacturers, and applications [159
Other research has been conducted on scalability, which also intersects with proposals of standardization and security. Solutions regarding IPv6 for the further scalability of device connectivity has been proposed [194
] but has yet to manifest as proof of concept with tangible results outside of theory. The scalability of the Internet of Things has remained an open topic, since, while it relies on standardization, it is also immediately striking as relevant technology is rolled out to consumer and industrial causes [187