A Comprehensive and Systematic Survey on the Internet of Things: Security and Privacy Challenges, Security Frameworks, Enabling Technologies, Threats, Vulnerabilities and Countermeasures

: The Internet of Things (IoT) has experienced constant growth in the number of devices deployed and the range of applications in which such devices are used. They vary widely in size, computational power, capacity storage, and energy. The explosive growth and integration of IoT in different domains and areas of our daily lives has created an Internet of Vulnerabilities (IoV). In the rush to build and implement IoT devices, security and privacy have not been adequately addressed. IoT devices, many of which are highly constrained, are vulnerable to cyber attacks, which threaten the security and privacy of users and systems. This survey provides a comprehensive overview of IoT in regard to areas of application, security architecture frameworks, recent security and privacy issues in IoT, as well as a review of recent similar studies on IoT security and privacy. In addition, the paper presents a comprehensive taxonomy of attacks on IoT based on the three-layer architecture model; perception, network, and application layers, as well as a suggestion of the impact of these attacks on CIA objectives in representative devices, are presented. Moreover, the study proposes mitigations and countermeasures, taking a multi-faceted approach rather than a per layer approach. Open research areas are also covered to provide researchers with the most recent research urgent questions in regard to securing IoT ecosystem.


Introduction
The Internet of Things (IoT) encompasses a wide range of application domains, including home, health, manufacturing and supply chain, agriculture, transportation, city and utilities. Physical devices in these domains are increasingly being connected to each other and the Internet [1]. These devices include home IoT devices, such as smart door locks, thermostats and appliances, connected cars, wearables, health-related devices, such glucose monitoring systems and pacemakers, industrial devices, such as manufacturing sensor networks and supply chain radio frequency identification Alam et al. [52], citing Statistic's estimates and predictions, indicate that by 2025, with the current rate of expanding, as shown in Figure 2, IoT connected devices will reach over 75 billion.

Sheer Volume of Devices Lacking Sophistication
In general, IoT devices lack complexity and are designed to be compatible with and adaptable to our everyday Internet devices. With the increasing number of IoT devices, new vulnerabilities will emerge, unforeseen design flaws will surface, resulting in higher chances of system compromise. With this in mind, it is crucial to strike a balance between embracing a technology in a timely manner while without making compromises on the necessary protection of the Privacy, Confidentiality, Integrity and Availability of our networks and our data [47].
According to a recent report by Symantec [53,54], there were a massive number of attacks on IoT devices between 2017 and 2018, and the average number of attacks was around 5200 attacks per month. Figure 3 shows the top source-countries for these attacks on IoT [53]. Comparing this recent report to a previous one also by Symantec [54], IoT devices are still under massive attacks every year, albeit in a different ways and sources. Table 1 shows attacks on different types of IoT devices. Ferrag et al. [55] conducted a comprehensive survey on IoT authentication protocols. They categorized protocols based on the targeted IoT environment. Sfar et al. [56] discussed security challenges in IoT devices and discussed access control, privacy, and identification security aspects. A systemic approach has been followed in which each component was presented, discussed, and highlighted to ensure the security for IoT components.

Privacy Concerns, IoT's
Privacy concerns are the biggest issue for IoT. We cannot talk about IoT without addressing the privacy concerns that come with it. The convenience of new technology and the eagerness to adopt it usually outpace the need to ensure security and privacy. However, in the world of IoT, the privacy issue is too significant to ignore. The benefits of big data can result in the premature adoption of IoT technology before it is fully developed. Data that IoT devices collect is both enormous in magnitude and diverse in nature. There are a lot of fundamental security questions we have to bear in mind, such as how data is collected, processed, transported and stored.
Privacy concerns are raised through all the layers of the IoT architecture. Attempting to minimize these security concerns has led to identifying security concerns depending on the IoT layer they reside in, as shown in Table 2. Luckily, we can use the standard C-I-A triad (Confidentiality, Integrity, and Availability) to structure the way we approach the challenge of providing security [57]: Confidentiality-It ensures that only authorized users can access the data and information reports and only to the extent they need that access.  Integrity-It ensures that data are secured and encrypted and only modified by authorized users during transmission, processing, and storage.
 Availability-Although it is essential to secure the data and information, we have to make sure data is available in a timely manner; otherwise, it may lose its value, e.g., in emergency and medical applications.
As pointed out earlier, IoT devices are susceptible to attacks not only during data collection, exchange, and transmission phases, but also at the design stage. This gives very little confidence and limited assurance about the IoT's confidentiality, integrity, and availability of data. If those issues are not resolved, we will face even more significant security and privacy problems. Fortunately, despite its rapid growth, IoT is still in its infancy. With the right focus and enhanced effort on security at the design and development stage and throughout the product life cycle, IoT will be able reach its full potential and truly be of benefit without compromising anyone's security, especially privacy.

Phases of Data as They Pass Through IoT's Different Layers
The goal of IoT is to collect and process data and information and make meaningful, informative, visually enhanced data presentations for end users (humans, applications, machines, or devices) [58]. Those end users will either consume the information and data or intelligently use that information or data to determine what action to take. Data passing through IoT's layers can be organized into phases, as shown in Table 3 [59,60]: At each phase, we see the transformation of the data and have inherent vulnerabilities that can be exploited by attackers.

IoT Wireless Protocols and Standards
As shown in Table 4, depending on the IoT layer, there are different wireless protocols that can be used in the Application and Message layer, Network and Transport layer, and Datalink layer [61,62]. There are different common types of IoT wireless technology, such as Bluetooth, radio frequency identification (RFID), Wi-Fi, Low-Power Wide Area Networks (LPWANs), Cellular (4G/5G), and Zigbee. Each of these wireless technologies has its strengths and weaknesses in various network criteria; thus, a suitable protocol can be selected based on the specific use of the IoT [63, 64]. Depending on the IoT layer's model, most of the standards and protocols for IoT layers are proposed by the Institute of Electrical and Electronics Engineers (IEEE), International Telecommunication Union (ITU), and Internet Engineering Task Force (IETF) [62]. When it comes to the data link layer, IEEE is mostly used. For example, IEEE 802. 15.4e is the data link standard for several MAC behaviors [65]. For the network, security firmware, and management, IETF new standards are mainly used [66]. ITU-T defined global standard recommendations for IoT and clarified the concept and scope of such standards worldwide [29].

Related Work
Many surveys have focused on IoT security and privacy in the past five years. The authors of [67] selected and surveyed commercially available and frequently used IoT programming frameworks from major cloud providers that supported rapid IoT application development. They compared the approaches taken to security and privacy at the programming level of the frameworks. They found that the frameworks did support security to some degree, but design flaws could cause security issues and the frameworks did not adequately consider the vast number of microcontrollers with minimal hardware security present in the IoT network.
In [68], Machine-to-Machine (M2M) applications are enumerated in major application domains, including Automotive, e-Health, Smart Metering, City Automation and Home Automation. A taxonomy of attacks against M2M is presented, categorized by the target of the attack, whether physical, logical or data. Scalability, heterogeneity, constrained resources, and a variety of end-toend communication protocols are identified as challenges for M2M. The authors note that while most existing solutions addressed authentication and privacy, they did not address confidentiality.
The IoT is represented by three layers, Application, Transportation, and Perception in [7], and for each layer they enumerate the potential attack types. They also review communication protocols, security issues and possible solutions by layer. They find that the Perception layer is the most vulnerable due to the physical availability of these devices that sense and monitor in the IoT environment. The difference between traditional IT security requirements and IoT security requirements is also discussed and the need for a multi-layer and cross-layer approach to security is advocated.
The authors in [69] provide a comprehensive survey of attacks on IoT networks, covering both common and specific types of attacks in IoT applications. They focus on Smart Home, Smart Grid and Vehicular Ad hoc Network (VANET) applications in IoT and the related wireless networking technologies. They provide a taxonomy of attacks between each of these applications and the relevant wireless network, as well as classifying those attacks. They review existing solutions and found no common solution that would apply to all attacks, leading them to recommend more sophisticated schemes, including cryptography specifically adapted to the resource constrained IoT devices.
IoT applications in the domains of Industry, Personal Medical Devices, and Smart Home are discussed in [70], along with general IoT security requirements to protect data privacy and security. They find that most security threats to IoT are related to data leakage and loss of service. They also describe threats to Smart Home and classify different types of attacks by threat level, from low to extremely high, including possible solutions.
IoT in healthcare is the focus of [5] with applications categorized by healthcare setting, including clinical care, remote monitoring, and context awareness. They present the network topology of healthcare IoT networks and describe frameworks for health information service models and Wide Body Area Networks (WBAN) for healthcare applications, noting that there are no well-defined architectures in IoT in healthcare [50]. They identify challenges for healthcare in IoT, including scalability, data privacy and security, and low-powered devices, and enumerate requirements for WBAN in IoT in healthcare [50,51].
Blockchain as a security solution for IoT is discussed in [61]. A taxonomy of security issues by layer is provided. Security issues and potential solutions are categorized by groupings of the layers of the protocol stack, with low level including the Hardware, Physical and Data Link layers, intermediate level including Network and Transport layers, and high level encompassing the Application layer. Blockchain-based solutions are discussed, though they note that blockchain itself is not without vulnerabilities.
The authors of [15] describe a three-layer IoT architecture divided between Perception, Network and Application layers and posits that the security goals of confidentiality, integrity, and availability (CIA-triad) apply to the IoT. They divide security challenges into two categories, technological, which contains challenges such as the heterogeneity of IoT hardware, wireless networking technologies and scalability, and security, which contains the CIA-triad and end-to-end security. Security challenges are discussed by layer and countermeasures, including authentication, trust establishment, federated architecture, and security awareness, are discussed.
An overview of IoT architecture and the interoperability of interconnected networks is provided in [71], as well as an analysis of security issues and mitigation strategies. They believe that the ease in conducting attacks against IoT is a significant threat. They discuss security constraints for hardware, software and networks, and present requirements for information security, access level security, and functional security. A taxonomy of attacks is categorized by device properties, adversary location, access level, attack strategy, and damage level, as well as by host and protocol.
The authors in [72] discuss security goals and requirements for IoT, including data confidentiality, privacy and trust, while also providing a background of threats, attacks and vulnerabilities pertaining to IoT system components. They also provide an analysis of the motivations and capabilities of the intruders who would threaten the IoT. Intruders are classified into three main types, individuals, organized criminal groups, and state intelligence units; the motivation and capabilities of each are discussed.
Classification of the IoT in a corporate environment into four component layers, including connected objects, transportation, storage and data mining, API and GUI, is done in [73], with multiple technologies possible in each layer. A taxonomy of threats and attacks for each of these components is provided. A case study is undertaken to demonstrate the operation of these components in connected thermostat devices, offering threat scenarios and corresponding mitigation measures, showing how an attacker could compromise one layer and use the trust between layers to gain access to additional resources.
A taxonomy and comparison of smart technologies in a host of application domains, Smart Cities, Smart Homes, Smart Grid, Smart Building, Smart Transportation, Smart Health, and Smart Industry, is discussed in [74], along with the objectives and characteristics of each smart technology. The authors believe that the unique capabilities of the IoT and smart technologies bring new opportunities to businesses and consumers. They present case studies from four countries that they believe were successful examples of IoT and smart technology use to improve life, safety, efficiency and environmental monitoring.
An end-to-end view of IoT is taken in [20], where the authors describe three main components, things, cloud, and controllers, where the cloud serves as a middleman for the things and controllers. The authors define ten major functionalities in their end-to-end view, including upgrading, pairing, binding, local and remote authentication and control, relay and big data analytics by cloud, and sensing and notification. They argue that security in IoT needs to be considered across five dimensions, hardware, software, OS/firmware, networking, and data. A detailed analysis of a connected camera system's functionalities and communications between the three main components is made, as well as a discussion of their implementation of remote attacks that successfully gave them control of the camera.
The authors of [75] believe that understanding the difference between traditional IT systems and cyber-physical systems is important to comprehending the security requirements of cyber-physical systems. A proposal of a cyber-physical system model with three parts, (i) physical, for those devices that directly connect with the physical world, (ii) cyber-physical, where connections between the physical and cyber worlds are made, and (iii) cyber, which has no connection to the physical world, is made. They present a comprehensive review of cyber-physical systems, choosing four major applications, Industrial Control Systems (SCADA), Smart Grid, Medical Devices, and Smart Cars, as representative systems for further analysis. A review of general threats applicable to cyber-physical systems in general, as well as threats targeted to each of the four major applications, is made, including the source, target, motivation, attack vector, and possible consequence of each attack. The causes of general and application-specific vulnerabilities, examples of real-life attacks, and controls are also discussed.
A comparison of IoT reference models, the early three-level model, the alternative five-level model, and the CISCO seven-level model is made in [76]. A detailed taxonomy of attacks, security requirements, and countermeasures is made for the Edge-side levels, including Edge Nodes, Communication, and Edge Computing (Fog). The authors believe that the traditional CIA-triad of confidentiality, integrity, and availability is not sufficient to provide full security in IoT and thus consider the expanded IAS-Octave security requirements in their discussion of attacks and countermeasures. They see the enormous growth of insecure IoT devices in the wild and the privacy implications to the vast amount of data present in the IoT environment as major challenges to be addressed.
IoT applications are classified into major application domains and the critical security issues relevant to each domain are discussed in [77]. They divide IoT applications themselves into four main layers, including Application, Middleware, Network, and Sensing. For each of these layers, including the Gateways that connect them, they present the various attacks and security issues to which the layer is susceptible. Because of the heterogeneity of the IoT infrastructure and the high level of connectedness between IoT devices and systems, the authors believe major improvements are needed to make IoT secure and to protect the large amount of private information generated by devices. They categorize existing IoT security solutions into four distinct approaches, blockchain, fog computing, edge computing, and machine learning. For each of these approaches to IoT security, they present the particular security issues that the solution can address, but they also acknowledge that these solutions are not without their own security issues.
A comprehensive look at IoT security is presented in [78]. The services and protocols in the layers of the IoT protocol stack they categorize as Semantics, Application, MAC/Adaptation/Network, and Physical/Perception are enumerated. Threats to IoT in general and at each of the four layers are detailed. A major contribution of this survey is a review of major malware attacks on IoT devices and an analysis of the malware attack methodology, from the preparatory phase, through the infiltration, execution and propagation phases, to finally the hideout and clean-up phase. The authors see current IoT security as inadequate against these malware attacks and so propose guidelines for an IoT security framework that would provide comprehensive security for IoT. Each security measure in the proposed framework is designed to counter a particular threat to IoT.
The authors in [25] propose a taxonomy of vulnerabilities in IoT grouped into nine classes that include weaknesses in the hardware, software, and resources available in the IoT system. They examine the vulnerabilities in the context of layers, security impact, attacks, countermeasures, and situational awareness capabilities. As part of this examination, they consider impact and attacks on the general security principles of confidentiality, integrity and availability. A unique contribution of this survey is an empirical analysis of darknet data passively collected from a/8 network telescope. This data is correlated with third-party information to determine the number of unique devices, manufacturers of the devices, countries of traffic origin, and the business sectors involved.
In [79], the authors approach IoT as a security object to be protected and detail specific IoT properties that are critical to security. They present vulnerabilities according to the particular IoT asset or property being targeted by attackers as well as enumerating IoT device vulnerabilities recorded in the National Institutes of Standards and Technology (NIST) National Vulnerability Database (NVD). Among the components of IoT that they see as security objects to be protected are data, devices, communications, applications and clouds. They propose a combination of hardware and software solutions as well as proper access control, organizational policies and shared threat detection and intelligence for IoT information security.
Viewing the IoT as a collection of features that are representative of IoT devices as opposed to traditional IT devices is the approach taken in [80]. These features include aspects of IoT devices, such as constrained, unattended, mobile, ubiquitous, diversity, myriad, intimacy and interdependence that have impact on security and privacy. These features relate to the vast number of connected devices in a heterogeneous technical and application environment. Threats, challenges and solutions for each feature are described. The authors conclude that vulnerabilities related to the features they call "constrained" and "interdependence" would be exploited by attackers more in the future.
The authors in [81] propose a four-layer reference model, with each layer, Cloud, Network, Edge Computing and Perception, having a set of building blocks. In developing an IoT attack model they take a multi-layer approach, considering the general building block types, including physical objects, protocols, data, and software, as IoT assets. After identifying attack surfaces by building block asset and IoT security requirements, including confidentiality, integrity and availability, as well as the extended IAS-octave, the authors present a taxonomy of attacks, compromised security requirements and countermeasures by each building block asset category.
A different approach to IoT security is taken in [56]. Instead of dividing the IoT into layers by technological function, the authors consider the various actors, relationships and interactions in the IoT. This systemic and cognitive approach is presented as a tetrahedron with four nodes representing the person, the intelligent object or device, the process, and the technical ecosystem. The edges between the nodes reflect the relationships and tensions between them. This theoretical model is further illustrated by a case study in the Smart Manufacturing application domain. The edges that relate to security are presented in more detail, including privacy, trust, identification and access control. The authors believe the increased expectation for objects and networks to be intelligent and act on their own requires IoT security to become more context aware, adaptive and similarly autonomous.
In [2], the authors focus on nine major application domains of IoT, including smart healthcare, grid, home, wearables, transportation, manufacturing, agriculture, supply chain and city. For each of these application domains, they present security requirements, including confidentiality, integrity and availability, as well as the extended IAS-Octave. Additionally, system models, threat models that include the comparative level of threats, and protocols and technologies applicable to each application domain are presented in detail. Solutions to address the limitations of IoT devices, namely their low power and capacity, are discussed, including cryptographic primitives, authentication protocols, hardware, application-specific, and current lightweight solutions.
Finally, most IoT surveys have focused on IoT devices as the target of attacks. The authors of [21] consider the IoT device as the enabling force in an attack on another target that is not necessarily another IoT device. The authors limit their work to verified attacks, whether they occurred in the real world or were produced by researchers. Their model of IoT-enabled attacks includes the adversary, the IoT device, and the actual target, which is typically a critical system. The access, means and motivation of the adversary are examined, as are the vulnerabilities at different IoT system layers and the direct, indirect and non-existent connections between the IoT device and the target system. They propose a risk methodology that assesses threat, vulnerability and impact levels to provide a risk profile for different IoT systems. Attacks in IoT application domains SCADA, Smart Power Grids, Intelligent Transportation Systems, E-Health and Medical Systems, and Smart Home and Automation are analyzed, with the authors finding that the closeness of device and target, exploitation of network and physical communication, and the extension of IoT device functionality played a role in the viability of an attack across all of the aforementioned application domains.

The Need for Security
The explosive growth, proliferation of IoT devices and the integration of IoT into our daily life has created an Internet of Vulnerabilities [82,83]. The convenience and comfort that IoT deliver to us comes with a security and privacy toll. Until recently, IoT devices were not completely secured. Security and privacy are delimiting factors in adopting and deploying IoT devices in many fields, sectors, services and applications such as mission critical applications [11,82].
A report by the TCS Global Trend Study, July 2015. Internet of Things: the complete reimaginative force [84] stated that reliability and security are the two main inhibiting factors for industry to deploy IoT in many fields and sectors to provide services. Traditional security techniques will not function well in the IoT environment due to the complexity, heterogeneity and the scale of IoT-enabled ecosystem [85,86]. This is mainly due to the fact that IoT devices are small in size, have low energy, low battery lifetime, memory size limitations, and low processing power to run complex encryption protocols. Identity allocation, management and the authentication of billions of IoT devices also play a role in this [85,86].
To gain insight into the need for security in IoT, we need to put security and privacy into action through practical IoT applications. In a smart health care environment, heart suffering or diabetics patients via pacemakers or insulin pumps, respectively. Patients can be monitored remotely via telehealth provision for their conditions. These IoT implants provide health monitoring but can be compromised. If these IoT implants were hacked and patients' data were breached, it can put their life at risk. Moreover, if the authenticity of information from these devices cannot be verified, then that is another life-threatening situation [85]. Some of the security and privacy concerns in this context are as follows: (i) Who has access to a patient's information? (ii) Is information communicated over the wireless medium encrypted? (iii) Is the data stored securely? (iv) What personal information about the patient is being collected and more?
In an IoT-enabled smart home, for example, if the heating control system is compromised, the hacker will gain access to the home network and from there to the home security system, which jeopardizes the physical security of the home occupants. Some of the security and privacy concerns that arise from this case are as follows: (i) Who has access to the home security system? (ii) Is the data communicated by different components of the smart home encrypted? (iii) Does the actuator accept data from authenticated sources and more?
In the previous two cases we just touched based on two wide spread practical scenarios that clearly show the need for security in IoT-enabled systems and services. The more IoT-enabled services and applications, the more vulnerabilities are ready to exploit by an adversary.

IoT Security Architectures and Frameworks
Urien proposes a four-quarter security architecture, based on a secure element [87]. It uses an Arduino board as a General Purpose Unit (GPU) to coordinate three subsystems: a WiFi SoC in charge of communication, a secure element (SE) performing TLS protocol operations and defining object identity, and sensors and actuators. The GPU has a limited SRAM size of 8KB, which is the most critical resource. The entire system is controlled using a mobile App. The WiFi unit implements the IEEE 802.11i security protocol and provides a TCP/IP stack with client and server features. The SE has a smartcard form factor, supports Java Virtual Machine (JVM), and runs software written in the Javacard language. The system uses a digital temperature sensor for the sensors and actuators unit.
Liu et al., propose a four-layer security architecture consisting, top-to-bottom, of information application security at the application layer, information processing security at the processing layer, information transmission security at the network layer, and information processing security at the perceptual layer [9].
Protection at the perceptual layer is in the form of physical security of the sensing devices themselves, authentication, and Wireless Sensor Network (WSN) security [49]. Authentication can be done using asymmetric encryption to the ensure security of a node's ID. Some of the attacks on a WSN include fake routing information, selective forwarding and black hole attacks [49]. Mitigating methods include integrated security policies such as encryption algorithms, key distribution strategies, intrusion detection mechanisms, and secure multi-path routing strategies.
At the network layer, issues of longer-distance transmission, such as mobile communication networks and long-distance cable networks, are tackled. Issues to account for include the denial of service attacks, unauthorized access, man-in-the-middle attacks, and virus attacks. The processing layer acting as an interface between the network and the application layers needs to ensure data integrity and confidentiality.
Obaidat et al., propose a six-layer security architecture [11] consisting of top-to-bottom security, application security, cloud security, information transmission security, gateway information security, internal communications security, and end-device security. At the application layer, they identify authentication as the most important, yet often overlooked, mechanism to employ. The cloud layer is to address data protection, privacy policies, and secure connections. The information transmission security layer handles reliable secure communication throughout the system. This includes wired, wireless and mobile networks. The gateway information security layer handles heterogeneity at the network edge using control and protocol security. Internal communications security handles security under the perimeter. Finally, the end-device security layer ensures physical IoT-device security. It is worth mentioning that the architecture is based on an end-to-end security framework.
Sridhar and Smys propose end-to-end security architecture [34]. They address the three domains of the communication in an IoT infrastructure, namely, the sensing device domain, network domain, and cloud domain. Mutual authentication is achieved through an authentication-delegation process. Key management is accomplished using a dedicated Master Key Repository. Communication between nodes and device gateway and between device gateway and cloud service gateway is conducted using symmetric encryption while communication of these gateways with the Master Key Repository is done using asymmetric encryption. The repository generates a key-pair sharing its public key with the gateways via a one-time handshake. Lee et al., proposed a three-factor mutual authentication protocol for multi-gateway IoT environments to solve the existing security weaknesses in two factor authentication protocols [46]. The proposed scheme protects IoT ecosystem against existing threats such as user impersonation attacks, gateway spoofing attacks, and session key disclosure [46]. Due to resource limitations in IoT, a lightweight authentication mechanism is needed. Yu et. al., in [88], proposed a secure and lightweight three-factor authentication scheme for IoT in cloud computing environment to secure IoT devices against attacks that were not previously addressed by previous mechanisms such as session key disclosure, replay attacks and user impersonation. In addition, it provides mutual authentication and anonymity.
Olivier et al., propose an IoT security architecture based on software-defined networking (SDN) [89]. The architecture is meant for securing wired, wireless, ad hoc networks, and object networking (devices such as sensors, tablets, smart phones and the like).
The network is assumed to be heterogeneous with nodes that have more resources being SDNcapable, while others with limited resources are not. Nodes with limited resources are assumed to be in the vicinity of an SDN-capable node. The larger network is referred to as an extended SDN domain that is divided into multiple domains, where a domain represents an enterprise network or a data center. Each domain can have or more controllers for managing the devices within that domain. To allow for scalability, the authors introduce a Border Controller that sits at the edge of each domain. The architecture is not hierarchical, rather control functions are not distributed on multiple controllers, while routing functions and security rules are distributed across edge controllers.
Each SDN domain has its own security policies and management strategy. SDN controllers are responsible for authenticating network devices, and once a device is authenticated, a controller will push the appropriate flow entries to the access switch. As opposed a master/slave model, all border controllers follow equal interaction mode having read/write access to the switch. This means they have to synchronize their operations.
Edge controllers are also responsible for establishing connections and exchanging information with other SDN border controllers. An edge controller exchanges its security rules with controllers of other domains following a concept of a grid of security.
Unlike other SDN-based schemes that assume a single controller and hence a single point of failure in case the controller is attacked, this scheme uses edge controllers working together in a distributed fashion in order to guarantee the independence of each domain in case of failure.
Ling et al. present an end-to-end view of IoT security meant as a guide to design a secure and privacy-preserving IoT system [20,90]. By focusing on standalone IoT systems consisting of three components (thing, controller and cloud) they identify 10 basic IoT functionalities related to security and privacy. These functionalities are listed and described in Table 5.
To secure an IoT system, the authors identify five dimensions: hardware, operating system and firmware, software, networking and data generated and maintained within the system. The 10 functionalities span these five dimensions.
As a case study, the exploiting an IP camera system manufactured by Edimax is presented under this view of IoT security and privacy. They focus on remote attacks when the controller is away from the home network. Using three types of attacks, they are able to remotely control any camera. These attacks are: device scanning attack, brute force attack, and device spoofing attack. Table 5. Identified functionalities and their description.

Functionality Description
Upgrading Updates to IoT-device (thing) firmware

Pairing
The process of connecting a controller, e.g., a mobile app, to the IoT thing.

Binding
Configuring the thing through the controller once pairing is done.

Local Authentication
Takes place when the controller resides on the same local network as the thing. Thing may provide an open port for the controller to connect to. Thing should authenticate user to allow for further actions from user.
Local Control Ability to locally control thing through sending user-commands after authentication.

Remote Authentication
When the controller is away from the home network, it may not be able to connect directly to the thing because the latter is probably behind NAT. In this case, it must use a cloud service to authenticate.
Remote Control Ability to control thing while away from the home network through the cloud.

Relay
Cloud is to relay the authentication and control messages between the thing and controller. Cloud may need to authenticate both thing and controller using its own authentication servers.

Big Data Analytics
The cloud may collect data from the thing, the user, and may also contact other clouds for data on other things.

Sensing and Notification
A thing may report on environment or actions, e.g., room temperatures or number of login attempts.
Through identifying two major challenges in IoT networks, Guo et al., propose a five-layer IoT architecture [10]. The first of these challenges is interoperability due to high degree of disparity between different nodes in terms hardware architecture, embedded operating system, applications and functionalities. The second is management of both devices and resources. An example of the first is the need to update software and settings while an example of the latter is the ability to gather data from myriad devices in a timely manner.
The authors propose centralized management of resources including operating system (OS), applications, and data, while improving scalability using transparent computing (TC). TC refers to the decoupling of the software stack from the underlying hardware and separating computing unit from storage. In this model, OS, applications and data are considered resources that can be centrally managed and scheduled by the server. Prior to such scheduling, an IoT device acts as a lightweight terminal with no OS, yet is capable of executing small segments of code or data as demanded by the server (called block-streaming).
The architecture consists of five layers: the end-user layer, edge network layer, core network layer, service and storage layer, and management layer. The end-user layer is comprised of the IoT devices running a resident software such as MetaOS such that they are capable of booting various operating systems as instructed by the Edge network layer.
The edge network layer is made of devices such as servers. They perform two types of tasks: (a) collecting and processing user data gathered by the end-user layer. Processed data is sent to the service and storage layer through the network layer, (b) providing computing and storage services to IoT devices. The core network layer provides the communication infrastructure and is used for communication between the edge network layer and service and storage layer.
The service and storage layer consists of different types of servers. Data servers for storing data received from the edge network layer and providing such data for analysis. Software servers for storing OS images and applications to make available to IoT and edge devices. Finally, control servers control and manage both data and software servers. The Management layer manages service and storage layer servers, and assigns tasks to the control server, such as adding and updating software.
Liu et al., propose a security framework for IoT based on a future Internet Architecture named MobilityFirst [91]. MobilityFirst addresses, among many others, two major issues with the Internet of today, mobility at scale and security. These are achieved by cleanly separating human-readable names, globally unique identifiers (GUIDs), and network location information. To that end, two services are used, a name certification and resolution service (NCRS) is used to securely bind a human-readable name to a GUID while a global name resolution service (GNRS) is used to securely map a GUID to a network address (NA). By allowing the GUID to be a cryptographically verifiable identifier (e.g., a public key), trustworthiness is improved. Separation of the location information (NA) from the identity (GUID) enables users to request content by name without worrying about the current network address. This results in seamless mobility at scale.
The authors adopt the MobilityFirst architecture in addressing IoT needs in terms of scalability, mobility, content retrieval, inter-operability, and security. While many of these are clearly needed in an IoT setting, mobile IoT may not be. A mobile IoT application scenario is Vehicular Ad hoc Networks (VANETs). Sensors can be installed in moving vehicles to collect data and make it available to relevant applications through the underlying IoT infrastructure.
The authors propose a framework comprised of four components: devices, applications, MobilityFirst network, and IoT middleware as shown in Figure 4. Devices are the things of the IoT network, capable of sensing, actuating and communicating. Applications are used by users to both consume data after being processed and feed back into the system.
The IoT middleware is further divided into three functional layers, Aggregator, Local Service Gateway (LSG), and the IoT server. The aggregator provides sensor abstraction hiding the hardware specifics for the underlying sensors and presenting a unified interface for querying and subscribing to the sensor data. The aggregator passes collected raw data to the LSG layer.
The LSG connects the IoT system to the global Internet. It might process raw data provided by the aggregator for context refining and aggregation purposes. The LSG also publishes the information, along with a data GUID, access control policy, and the storage location information (either human-readable names or NA), to the IoT server. Applications (users) can query the IoT server regarding where to fetch the data from through its edge router. After that, it can fetch the data from either a storage location or directly from the aggregator. In enforcing access control, the IoT server may decide to handle it itself or delegate it to the NCRS/GNRS. Huang et al., propose a security framework for IoT that is meant to strike a balance between security and usability [92]. Three main scenarios were user experience is important are considered: a body-area network, a home network, and a hotel network. Two additional scenarios were also considered: logistics IoT and an office IoT. To better understand user perceptions of the importance of security vs. usability, and how willing users are to trade one for another, a survey is conducted.
User were asked about three aspects of security: authenticity, integrity, and availability.
The survey results show that while different aspects of security matter differently depending on the application, security matters to all users and in all applications. This is particularly the case when it comes to access systems and payment systems.
The proposed framework, named SecIoT, is composed of sensors that communicate to a central node, e.g., a web server, which is connected to the Internet. The central node stores, processes, and delivers data to users. Users can also control objects via this unit. The central unit also provides interoperability when communicating with other IoT networks. An all-IP 5G network is assumed, such that either the gateway or even the IoT nodes are equipped with a 5G SIM card so they are able to communicate.
Two forms of authentication are used: users when connecting to the central node to enquire or control objects, and objects when providing data to the central unit. A single-sign-on mechanism is used to authenticate users, while a Multi-channel security protocol (MCSP) is used for authenticating devices. In MCSP, a no-spoofing and no-blocking (NSB) out-of-band channel is used to communicate security properties (e.g., public key). Examples of NSB channels are emails, SMS messages, phone calls, and even face-to-face conversations. Using a user's mobile phone or email address, it is easy to exchange public keys between the mobile phone and the IoT central service provider using, e.g., public key infrastructure.
The second component of the framework is providing a successful secure channel. This is relatively easy to accomplish once authentication takes place. The public key distributed during authentication can be used to ensure secure communication.
For authorization, role-based access control is proposed. The role is more encompassing than simply a job role. It could include the user's context, e.g., location being in the vicinity or location, access during business hours.
The last component is a risk indicator, which helps users assess their current configurations and choices in terms of security risks. The risk indicator provides information in three elements: asset identification, threat identification, and risk evaluation.
Colombo and Ferrari et al., propose Fine-Grained Access Control (FGAC) to NoSQL databases, which have been gaining popularity in the data storage and analysis layer of IoT platforms [93][94][95][96]. The papers attribute this adoption of NoSQL databases in IoT to several reasons, including performance, scalability, support for handling high volumes of data, and the ease of interaction with external applications.
NoSQL databases support multiple data models, with document-oriented being the most popular. MongoDB, the most popular NoSQL datastore, follows this data model. Using this model, a database is made of collections, each collection has a number of documents within, and each document contain key-value pairs [93,97].
A major shortcoming of NoSQL databases, however, is the poor data protection mechanism they offer; e.g., MongoDB, integrates a role-based access control model operating at collection level only. For handling sensitive IoT data, the database could greatly benefit from the integration of FGAC [95,97].
The authors propose the integration of a purpose-based model operating at document level into MongoDB and even at field level, which supports content-and context-based access control policies similar to those of Oracle VPD (Virtual Private Database). They also extend FGAC to map-reduce systems. An extracted key-value pair is dynamically modified on the basis of the specified FGAC policies, before the mapping phase starts the processing [93,97].
In recent years, fog-based access control has been proposed to move the computational complexity from the core to the edge. To dynamically control context-sensitive access to cloud data resources, a novel approach was proposed in [38], which combines the benefits of fog computing and contextsensitive access control solutions. The new model reduces administrative efforts and processing overheads. For comprehensive look at the context-aware access control schemes for cloud and fog networks as well as open research issues, the reader is encouraged to refer to the study in [39].
Irshad created a review and comparison of IoT security frameworks [98]. To survey the available literature, three search phrases were used: "IoT Security Framework", "IoT Security", and "IoT Information Security Governance" and four security frameworks were identified and compared as a result. The results of comparing these frameworks were presented in a table format and are reproduced as shown in Table 6.  Krishna and Gnanasekaran also compare different IoT security protocols [99]. Protocols are classified based on the layer at which they operate. Nine different schemes are compared, three at the perceptual layer, two at the network layer, and four at the application layer. These are compared in terms of the issues they address, the solution they provide, and their limitations.
Issues addressed include the life style of the elderly, absence of real-time data from nodes, and data integrity at the perceptual layer, security of home devices and device security at the network layer, and e-health information systems and environmental changes at the application layer.

Perception/Physical Layer
The security challenges at this layer rise from the fact that the IoT device is residing in an open unprotected environment. In addition, it is because of the nature of IoT nodes and devices that have limited resources. [12,13,83]. Physical layer challenges include physical damage and tampering with the IoT device [7,13]. Attacks at this layer are centered on the idea of forging information [14]. The following threats/attacks are the most common at the physical layer in IoT devices.
Node capture/tampering/physical damage attack: This could be either by physically tampering with the hardware components of the node or device, or replacing the entire node with a malicious node. The aim of the attacker is to gain access and control the node or IoT device. This could also be by damaging the functionality of the hardware components or compromising the sensitive information in the device, such as keys necessary for communications. Injection, using the device's interface to inject malicious code that spreads to the rest of the network [13,15,[100][101][102][103][104] and physically damaging the IoT node or device to hinder the availability and proper functionality of the system [104]. Since IoT nodes are usually operated outside in an unprotected environment, they are vulnerable to such attacks. The attacker with physical access to the node or device might reprogram it, tamper with the software components, and reconfigure or extract cryptographic information [14,[105][106][107][108]. The extraction of security information: after gaining access to the device driver, an attacker can steal the encryption keys [13,15,76,100,101,[109][110][111].
Physical Attacks/Tampering: against RFID tags: Some of the physical attacks against tags include probe attack, circuitry manipulation, clock glitching and material removal [112]. These attacks enable the attacker to gain access to information from the tag or modifying the tags for forgery [13,76,83,112].
Hardware Trojan: The attacker changes the design of the integrated circuit (IC) before or throughout the production process to add the hardware Trojan. This enables the attacker to gain access to data or the software implemented on the integrated circuit (IC) [76]. The attacker builds a certain trigger mechanism into the circuitry to enable activating this mechanism later on. This type of hardware Trojan attack includes both externally and internally activated Trojans.
Denial of Service (DoS) Attacks: IoT nodes are vulnerable to DoS attacks due to the fact that nodes and devices in IoT system have limited resources, such as power, battery, memory and processing capabilities [7,13]. DoS attacks at the node include, but are not limited to, sleep deprivation, outage attacks and battery draining. Because of the small batteries that IoT nodes have, they are vulnerable to this attack where the attacker depletes the battery to move the node into shutdown state [113][114][115][116]. This has very serious consequences in case of an emergency where the node cannot function and report the emergency. Moreover, keeping the node awake and preventing it from going into sleep mode would cause the DoS attack through sleep deprivation. A node might not function properly due to an outage attack. This could be as a result of code injection, unauthorized access, or the node being defective due to manufacturing error [13,76]. In case of DoS attacks against the RFID tag, the tag reader is not able to read the tag due to jammed radio frequency (RF) channel. This makes the tags unavailable which in turn causes DoS [76,110].
Node Jamming attack: In this attack, the attacker transmits a noise signal over the communication channel to interfere with the IoT radio signal to occupy the transmission media that will cause jamming of the signal. The aim of the attacker is to corrupt the transmitted signal from legitimate nodes by introducing and increasing the number of collisions that will lead to unnecessary retransmissions. This causes power consumption that leads to fast depletion of the resources. Continuously jamming the signal will disable the communications between IoT nodes and devices. This ultimately causes DoS of the IoT node preventing communication to the nodes or the entire system [13,101,102,104,[109][110][111]117,118].
Replication/duplication of a node/device attacks: A malicious node is inserted into the system that appears to be genuine by duplicating the information (i.e., hardware, software and configuration) of a genuine node. This attack uses the duplicated node to redirect traffic, drop packets, or gain access to sensitive information such as the shared encryption keys [13,76,100,101,119,120].
Social Engineering: The aim of the attacker is to have the users of an IoT system perform specific acts by manipulating them to do such acts [104]. The attacker has to interact with the IoT user to get the information of interest or perform a certain action.
Malicious code injection attacks: The attacker infects an IoT node by injecting a malicious code to the node or device which gives the attacker full access or control of the node or the entire IoT system [104]. This attack could drain the network resources which leads to DoS attack in WSN [49]. Moreover, viruses could be injected into nodes [13,100,111,121].
Malicious Node Injection: This is used to carry out MiTM attack by introducing a malicious node between two or more legitimate genuine nodes. The attacker will be able to monitor, modify and eavesdrop on the communications between two IoT devices in the system. This is considered an insider threat since the attacker must physically exist and insert the node into the network [84].
Camouflage/Corrupted/Malicious Node attack: In this attack, a fraudulent node is inserted or attacks a legitimate node to hide at the edge. This node later could be used to perform traffic analysis, send and redirect packets [76,120,122]. By using a corrupted/malicious node, the attacker aim is to gain access to the system [12], which could include getting access to other nodes, the network and its communications [76,100,111,120,122]. This might halt the entire network.
False data injection attacks: The attacker injects information to replace existing true information that is initially collected by the IoT device. This device will then transmit the erroneous information to the intended destination [13].
Replay attacks (or freshness attacks): The goal of the attack is to have a malicious node or device gain the trust of the rest of the IoT nodes or devices. This is accomplished through communicating with the destination node or device using legitimate identification information that has already established communications with the destination node or device [13,15,102].
Cryptanalysis attacks and side-channel attacks: The attacker aim is to get the encryption key. Predicting the encryption key by obtaining the cipher-text or plain text from the communication [110,111]. The effectiveness of the cryptanalysis attack is very low. To maximize the effectiveness of such an attack, a side-channel attack is used. In this attack, some techniques are applied to get the encryption key. One of these techniques is the timing technique, where the attacker analyzes the time it takes to perform the encryption process and from that the attacker can predict the encryption key [13,15,102,103,111]. The way the side-channel attack is launched against RFID tag is that the attacker extracts information by intercepting wireless communications between different parties and processing it. The attacker then looks for patterns to launch its attack [13,110]. In a non-network sidechannel attack, the continuous transmission of the electromagnetic waves delivers private information about the status of the node or the owner of it, even though the node or device is not transmitting information [76,123].
Eavesdropping and interference: The wireless communication channel is very vulnerable to this attack as most IoT nodes and devices communicate wirelessly. The attacker can interfere and eavesdrop on the transmitted information fairly easily over the wireless channel since this is broadcast transmission in nature and for this reason it is challenging to trace [13,102,109,110]. This is considered a passive attack as the attacker does not do anything besides listening. In the case of eavesdropping against RFID tags, the attacker intercepts the communications over the RF channel to sniff messages and perform some traffic analysis to extract some sensitive information [15,76].
RF interference on RFIDs: The attacker sends noise signal to cause interference with the RFID to obstruct it from performing its normal functions [110,111,124]. Once the noise signal interferes with the radio frequency signal, communication between nodes becomes very difficult, which could partially disable the network and ultimately lead to DoS [100,104,110,111].
Sleep deprivation/sleep denial attacks: The battery lifetime of most IoT nodes or devices is very limited. To extend the lifetime of an IoT node or device, they are programmed to go into sleep mode in order to save energy. In this attack, the node is prevented from going into sleep mode so that it drains its resources in the shortest time possible. Due to the fast consumption of its resources, the battery, by keeping the node awake, this will result in a shutdown state of the IoT node or device [13,15,100,104,111,125].
Tag Cloning or spoofing attacks against RFID tags: The attacker copies the target victim's RFID tags information into another RFID tag, which is replicating another genuine tag. This is accomplished by capturing the communications between the RFID tag and its reader or physical tampering [76,104,126,127]. The attacker will copy information from the compromised RFID tag and copy it into another RFID tag as described in Figure 5 below. This information can be the Identifier (ID) or Electronic Product Code (EPC), which is a serial number that is broadcasted and can be read by any within range reader, or key for memory access [127]. The purpose is to mislead the reader, which gives the attacker access to sensitive information by RFID impersonation [76,104,126,127]. According to [16], the reader cannot recognize the difference between a genuine RFID tag and a compromised RFID tag. Tracking attacks against RFID tags: Since these tags are usually unprotected, anyone can read them. This provides the attacker with a wealth of tracking information about objects or individuals. This becomes more dangerous when this tag is tied to sensitive personal information [76,128,129]. Tracking information about individuals could be related to their movement, financial transactions and social communications by fixed readers that reads all passing by RFID tags. This date will then be correlated to come up with a pattern [129]. This is a major concern and threat to people's privacy. In the case of objects, this might cause dangerous and chaotic situations when infrastructure relies on RFIDs that might lead to a Denial of Service (DoS) attack.

Network Layer Attacks
One of the main functions of this layer is to transmit information. The main challenge is to keep the network available and functional. Moreover, the wireless links are susceptible to different security threats [13].
DoS attacks: This attack can drain IoT resources to the point that a device becomes unavailable and cannot provide services [15,16]. This attack can take different forms at different layers of the IoT architecture. At the network layer, it can overwhelm the network by generating an enormous amount of traffic, as shown in Figure 6 below, or attack the IoT network protocols, which leads to the unavailability of an IoT device or system [15,16]. This includes many attacks, such as SYN flood, UDP flood, ping of death, etc. [13,104]. One of the main threats is leaking unencrypted information about the user [16]. Spoofing attacks: The attacker uses spoofing attacks to spread malicious information through the IoT system [104]. IoT spoofing includes IP spoofing [130], where the attacker spoofs an IP address of a genuine node or device in the IoT system to gain access to the system. This allows the attacker to send contaminated data that appears to be from legitimate node or device. In RFID, spoofing is when the attacker uses legitimate spoof RFID tag information and spread data through the system that appears to be from a genuine RFID tag to execute harmful or illegal activity [13,102,103,110,131]. This is achieved by targeting the RFID signal. The attacker then uses this tag information to transmit its own data [132] as if it were the original owner of the spoofed tag id [133], which allows the attacker to gain access to the system [100,104,111].
Selective forwarding: In this attack, the attacker targets a victim by either dropping some or all packets destined to a certain IoT node or delay the forwarding of packets [13,102,109]. This attack can disrupt communications between different parties in the IoT system by causing DoS by selectively forwarding packets [134].
Packet replication attack: The attacker retransmits/replays previously received packets to the entire network or to a cluster of nodes in the IoT system, which will drastically degrade the performance of the system due to the overuse and consumption of resources such as power, memory and bandwidth [76,109]. This is considered as one of three different attacks of injecting fraudulent packets.
Man in the middle attack: This is a real time attack where the attacker places itself between two IoT devices or nodes using a malicious device [16,135]. By being in the middle of communications between two different entities, the attacker gains access to the traffic being communicated between the two victims' devices. This attack infringes the privacy, integrity and confidentiality of information being exchanged between the two victims [13,15,16,102,111,136]. This attack can be launched remotely by employing the communications protocols used in IoT system [71,100,104].
Sinkhole attacks: In this attack, a compromised IoT node or device broadcast false metrics about its capabilities to its neighboring nodes in order to attract these nodes to use it as a forwarding node (next hop) in their routing path [137]. The compromised node or device will attract so much traffic to it, then it drops these packets or inspect it and gain access to sensitive information [13,16,102,104,111,138]. In a Wireless Sensor Network (WSN), all packets generated from WSN nodes are redirected to the same sink point where they are later dropped instead of being forwarded to their destination [139]. This is carried out by the malicious node announcing fake preeminent routes using different metrics, such as having optimal bandwidth, minimum delay, shortest path, etc. [100,109,111].
Routing information attacks: Such attacks targets the routing protocols employed in IoT systems. Routing information is modified to cause routing loops, dropping packets, increase latency [104], forward false information or result in network segmentation [13,102,104,111,140]. Routing protocols at the network layer are vulnerable to impersonation, spoofing, and routing attacks [104,110,141]. The attacker might use this attack to drop, redirect, spoof or send misleading error messages throughout the system. There are many types of routing attacks, such as altering (change the routing information), Wormhole, Sybil attack, Black hole, Gray hole, and Hello flood [134,142,143] all described below. Address Resolution Protocol (ARP), Domain Name System (DNS) poisoning and Internet Control Message Protocol (ICMP) redirect are redirection attacks against the network layer and are carried out to disrupt the communications between two devices in the IoT system [76,100,109,110].
Wormhole attacks: In this attack, two malicious IoT nodes or devices are placed in two far away locations throughout the IoT system with one hop private link in between them which is exclusively used by the attacker. Through the false one hop transmission link (a wormhole tunnel) between the two malicious nodes or devices, many IoT devices will choose the malicious devices or nodes as a next hop in their routing path [13,102,109,144]. In other words, this attack will record messages from one geographic zone and replay it in another geographic zone [144]. Once there is an amount of traffic flowing through the tunnel between the two malicious nodes, the attacker can drop or delay the traffic which can be very critical and have serious consequences in case of critical mission applications. This attack can be carried out by either compromising an IoT device which is known as in-band wormhole or through out-of-band wormhole when high-gain directional antenna is used [144].
Sybil attacks: The attacker compromises an IoT device that can pretend to have many genuine identities in the IoT system and imitate them [16,104,145,146]. Having different identities, the compromised device (Sybil device) sends fabricated information to its neighboring devices. In addition, routes that include the Sybil device as a forwarding node could be deceived that many routes are available when there is only one route available where all traffic transmitted will go. This can lead to different attacks, such as a DoS or jamming attack [13,111]. In a sybil attack, sybil nodes with fraudulent identities are added or used which could outnumber the genuine nodes in the network [76]. An example of this attack would be a voting system where a malicious node claims the identity of many nodes and impersonates them to vote on their behalf [147].
Black hole attack: A malicious node is inserted in the network and advertises wrong routing information to its neighboring nodes that it has the shortest path to the destination [142]. Upon receiving the packets, the malicious node either processes or drops the packets [76,109]. In a gray hole attack, the malicious node drops some selected packets. The attacker captures packets at one site in the network and then tunnels them to a different site [76,142]. In a hello flood attack [76,134,148], the attacker inserts a malicious node with high transmission radius and then uses it to broadcast the hello message to nodes within the transmission range claiming to be their neighbor. This could be used to launch other attacks [76].
RFID unauthorized access: Due to the absence of an RFID tag authentication process (i.e., no standardized secure authentication procedure) and accessibility, these tags are vulnerable to attacks and are easy target to manipulate [100,104,111]. The information contained in the tag can easily be modified, or deleted by the attacker [13,104,149,150].
Sniffing attack: The attacker uses certain tools, applications or devices to capture traffic on the network and perform analysis to carry out an actual attack [16].
Traffic analysis attacks: Due to the wireless medium characteristics in IoT, which mainly relies on RFID technology, the attacker analyzes the traffic using a sniffing tool to get confidential information [15,16,119,151]. This is usually the initial step in launching the actual attack. This type of reconnaissance might include port scanning, vulnerability scanning and network sniffing [100,104,111,152]. In addition, this attack can be used on encrypted traffic. The more of the traffic that is captured and analyzed, the more that can be extracted from the packets captured [16].

Application Layer Attacks
The role of the application layer is to assist in providing on-demand services to the user. The layer also processes data from the network layer. This layer is mainly vulnerable to software attacks (i.e., the exploitation of vulnerabilities in programs or application layer protocols) and lifetime permissions [13,16]. These attacks target accessing sensitive information of IoT users, which leads to violations of data confidentiality and users' privacy.
Phishing attack: The attacker uses infected email or phishing website, as shown in Figure 7 below to get users' private information (i.e., authentication credentials) such as ID and password [16,100,104,111,153]. The attacker gains access to sensitive information such as login credentials once the victim accesses their email account [16]. Malicious virus/worm/trojan horse, spyware: IoT applications suffer from vulnerabilities to malware that can replicate and disseminate on its own which is considered to be one of the most challenging attacks to the IoT system [104]. Once the attacker succeeds in infecting the IoT application, s/he will intrude into the system and gain access to sensitive confidential information [102,111]. In addition, malicious software can infect the system, which could lead to DoS, tampering with or stealing data [100,108,111].
Malicious scripts: These scripts contaminate the application by adding or modifying the software in order to purposely cause harm to the IoT system and its functionality [104]. An attacker achieves his goal when the victim tries to access a service on the internet since IoT applications are all internet based. The attacker can send a malicious script to the user when the latter requests a service from the internet. Executing an ActiveX script by the user might give the attacker an access to the system [100,106,111] Examples of such scripts are Java attack applets and ActiveX scripts. The attacker can access confidential data or cause the system to crash [104].
XMPPilot attack: The attacker uses the command line tool XMPPilot to launch an attack against the XMPP connection established between client and server. The attack prevents the encryption of communications on the client side. This enables the attacker to monitor the communications [118].
Denial of service: Attackers can gain access to the application layer and confidential sensitive information in a database as a result of DoS or DDoS, which will cause service unavailability [7,100,111,120,153].
Software vulnerabilities: Software vulnerabilities are still considered a main threat since software engineers and developers do not consider writing secure code because of an absence of standardization to do so. This enables attackers to launch attacks such as buffer overflows, as explained below, for example, to redirect the execution to malicious code [7,16,100,122].
Code injection: The attacker exploits some vulnerabilities in the programs. The main aim of code injection is to get credentials, expose the confidentiality data, gain access to the system, steal data, or propagate worms to infect other IoT devices in the system. HTML and script injections are the most common types of code injection [7,16,153].
Buffer overflow: The attacker takes advantage of vulnerabilities in the program to carry out the attack as most programs have some security issues related to pre-allocated memory. The attacker writes a piece of code that is larger than the fixed pre-allocated memory size for a certain program. The consequences are modifying other information stored in other memory locations, interruption of program control flow and redirecting the control of the program to run malicious code redirecting the stack pointer. Many mechanisms exist to launch the attack, such as string buffer overflow, heap or stack overflow, and integer overflow [16].
Data aggregation distortion: the attacker modifies the data collected by a node and forwards it to the base station. So, the base station will gather false information about the observed surroundings [100,109].
Sensitive Data Permission/Manipulation: The attack exploits the vulnerabilities in IoT design flaws and, in particular, in the permission model to control applications [16]. The main target of this attack is based on communications between smart devices and smart applications. In this scenario, the smart device sends sensitive data to the application where the latter monitors the smart device [16]. This might have serious consequences on users and violate their privacy.
Clock Skewing: The attacker desynchronizes the IoT devices' clocks by generating bogus timing information. This causes victims' devices to be out of sync with the aggregation nodes [100,109].
Data leakage: An attacker, by exploiting vulnerabilities in the IoT application or service, is able to access sensitive and confidential data [7].
Authentication and Authorization: At the time of writing this paper, there is no standardized authentication mechanism for IoT devices. Therefore, no authentication mechanism exists to fit all kinds of IoT devices requirements [16]. For example, when updating an application, the attacker might use the update to inject a harmful payload to gain access to an IoT device or have control over the IoT device or system [16].

Impact of Attacks on Security Objectives
Attacks may affect the security objectives of Confidentiality, Integrity, and Availability (the CIA triad). The potential impact of the loss of one of these three security objectives is defined in NIST's publication FIPS 199 [24]:


Low: limited effect on operations, assets, or individuals  Moderate (Mod): serious effect on operations, assets, or individuals  High: severe or catastrophic effect on operations, assets or individuals  Not applicable: only applies to Confidentiality The potential impact may vary due to the context in which an attack occurs. In Table 7, we consider the potential impact of select attacks on the CIA triad for user information depending on the general type of device at which the attacks are directed. In one case, the attacks are directed at a smart light bulb, in the other, at a smart health monitor; the difference in applications can make a difference in the severity of the impact [25].

Mitigation and Countermeasures
Mitigation and countermeasures against threats and attacks may be developed for and directed at each layer of the IoT architecture, but they may also be considered more broadly across multiple layers, as summarized in Figure 8, and described in detail below.

Functionality Trade-Offs
Because of the limited resources present on IoT devices, trade-offs must be made between functionality and device capabilities on all respective IoT layers [26][27][28]. In order to best manage these functionality trade-offs while maintaining the greatest level of security, certain architectures can be adapted. This includes the "Event Driven Architecture" (EDA) Model, or alternatively the "Event Driven Adaptive Security Model" (EDAS). Because of the nature of IoT devices, adaptive security models tend to be strongest for creating a functionality trade-off architecture, but also must be balanced with system capabilities [154].

Physical Security
Physical Layer-directed security can primarily be mitigated by the physical security of device design. Individual device components should not be interchangeable, for example [155]. Techniques that provide anonymity, such as the "Zero-Knowledge" technique [156] or "K-anonymity" technique [157], mitigate physical layer security risks by hiding sensitive information such as location and address [26]. Physical security also goes hand-in-hand with chosen protocols; the assessment of device and program needs alongside connection protocols assists in determining functionality and risk trade-offs [158]. For example, RFID is more vulnerable to tracking, while WiFi is more vulnerable to eavesdropping [27]. Physical security can also simultaneously mitigate threats in other layers. The interlocking nature of functional elements in IoT means that a more secure physical environment results in more secure application and processing layers. Some studies have proposed this through SIM-based authentication alongside key agreements, or suggesting a lack of direct device to device communication at all [159]. Some research has indicated that malware can be detected physically as well as in software; this has been considered through "path delay testing", "temperature analysis", and "power based analysis" [158].

Risk Assessment
Dynamic risk assessment techniques provide confidentiality and assist in avoiding security breaches, especially on the physical layer [100]. Risk assessment can also mitigate vulnerability on the application layer alongside preexisting architectures [26,160].

Network Protections
Network protections such as routing security through pathing algorithms and security aware ad-hoc routing (SAR) can prevent attacks from adversaries by adding security measurements to packets [161] and applying confidentiality toward sensor nodes in IoT systems [26,162]. Network security options also exist on the application layer, particularly in protocols used for communication security; this is derivative of the wireless communication used at the top level. For example, protocols with TCP-based transport can use TLS/SSL for security to mitigate eavesdropping or man-in-themiddle attacks, while UDP-based transport systems can use DTLS [27]. Some studies have suggested a methodology of securing networks through non-routable TCP/IP addressing, a stark contrast to the typical network computing done elsewhere. The application of such prevents data traffic from being maliciously intercepted by sniffing or injected into by man-in-the-middle attacks [159]. Further network protections can be achieved through communication protocols which support M2M communication, such as AMQP or MQTT. The protocol used is dependent on the needs of the system; AMQP assures reliability by guaranteeing delivery, while MQTT is best on limited-memory devices that require a "publish-subscribe" architecture for data transfer. Furthermore, it has been proposed that moving from IPv4 to IPv6 for IoT devices can help with improved network security by more specific identification, especially due to the mass deployment of these devices versus non-IoT computational counterparts [30]. Alternatively, it has been proposed to eliminate modern paradigms and opt for a peer-to-peer networking protocol [163].

Key Distribution
As much as encryption and cryptographic techniques are vital for the security of all data transfers, key distribution minimizes cyberattack risks and can function within lightweight frameworks [34]. Key distribution techniques are dependent on the form of cryptography deployed by other aspects of the individual device as well as by the wider IoT ecosystem. These must be paired alongside processing power. Some forms of pre-distributed keys can provide greater security and less processing power, but may result in reverse engineering risks. Certain studies have shown hybrid encryption systems can be paired alongside key distribution systems to mitigate such risks, however [36,164]. Key administration is another element that goes hand-in-hand with key distribution. Key administration must be considered alongside secure routing systems and detection systems trilaterally. Safe key distribution methodologies can minimize protection risks in cryptographic frameworks [40,165]. Key distribution systems should also only be arranged in IoT networks in which pre-authentication make sense; otherwise, key distribution schemes can demand resources from IoT devices without proportionally secure returns [36,166].

Cryptography and Encryption
In order to avoid tampering and ensure the confidentiality, privacy, and integrity of data transactions, data between devices must be encrypted. There is a debate as to whether symmetric or asymmetric encryption is preferred, but generally because of device limitations, algorithms which consume less power are preferred. Algorithms such as RSA have been applied with success in the past, encryption, combined with authentication, can also help prevent illegal access to nodes [29]. Cryptographic hash mechanisms are used to check data integrity for data transmission between nodes and detection of errors on the network layer [31]. Homomorphic encryption is often used within the processing layer as a secure measure of data transmission, but requires high computing power. Encryption, in general, can be applied to overcome various interception or sniffing style of cyberattacks, as well as circumvent otherwise exploitable side-channel attacks [26,167]. Furthermore, encryption can be applied in various forms, and should be designed and allocated according to device resources and functionality. The balance of functionality and processing power in a device should be equivalent to the framework of cryptography used within it, as well as the risk assessment of using said device in its respective setting [36,168]. The use of shared key cryptography for secure communication reduces the overhead for IoT gateways, which compared is important due to lower power consumption capabilities [34]. While symmetric key and/or public key cryptography suites provide better security than alternatives, their high-power consumption is often a challenge. However, lightweight alternative frameworks can provide similar security standards on minimal hardware, on which additional research has been conducted [41,168,169]. Some studies have shown that Hybrid encryption models are the best for securing information robustness and confidentiality in data exchanges at optimal speeds, without having to sacrifice power consumption [8,57]. Service Level Agreements (SLA) can be used to provide data encryption within the processing layer [30]. Since many encryption suites are compromised because of misconfiguration or user error, it is important to deploy accurate user configurations in addition to cryptographic systems for security [28]. Since devices are not heterodox, deployed encryption standards can differ between devices. Devices that communicate with each other should optimally use the same cryptographic suites. Alternatively, a standardized cryptographic method would eliminate many of the risks arising from device heterodoxy [42]. Multi-factor cryptographic schemes are best suited for larger networks with vital security applications, such as in smart cities or healthcare systems [166].

Digital Signatures
Digital signatures, encapsulated often in hybrid encryption technique models, are one specific cryptographic technique used in heterogeneous deployments to prevent cyberattacks and ensure both the integrity and confidentiality of transmitted data. These techniques require lower processing speeds than algorithms such as AES, and also faster processing speeds than RSA [164]. Digital signatures can also be deployed as a measure of warding off "puppet attacks.'' However, certain forms of digital signatures are dependent on the routing protocols used by individual IoT devices [170].

Processing Protocols
Protocols in the processing layer, such as "Fragmentation redundancy" scattering, minimize data theft by splitting and allocating data into fragments between a cloud and a direct transfer between devices [26]. End-to-end data protection frameworks are best suited for transmissions that happen in this layer as well for assuring the security of data during its life cycle between devices. Service Level Agreements can be implemented to ensure protections for sensitive data, and also to reduce DoS attacks [30].

Application Security
Application layer security, through Access Control Lists, can moderate traffic by whitelisting or blacklisting both incoming and outgoing requests [26,36]. Similar to physical layer selections, the assessment of protocols used in the application layer can help to balance risk with functionality. Bluetooth leaves open the risk of "bluejacking", for example, so applications built around Bluetooth should not be created in a way that their functionality lends themselves to this risk outweighing the functionality of the device [27]. Proper access control helps ensure confidentiality, while authentication in the application layer helps ensure integrity. "Service Level Agreement[s] (SLA)" and "Virtual Machine Monitor[s] (VMM)" are processes deployed in the application layer alongside Intrusion Detection Systems in order to achieve availability and protect data during downtime or malicious attacks [30]. Data loss prevention systems can also be implemented within IoT networks in order to prevent data theft [28,36].

Patching
Regular updates to software and firmware on IoT devices can help to mitigate vulnerabilities and lower risks associated with individual devices. However, this is often left to user responsibility, as auto-patching software must be balanced alongside other security measures against available system resources [28,30].

Intrusion and Threat Detection
Intrusion Detection Systems (IDS) secure ecosystems by producing alarms when detecting threats that either are hostile, suspicious, or uncertain within the application layer [26,36,159,171]. The application of intrusion and threat detection can be used to quell vulnerabilities that are not picked up upon by active defensive systems or firewalls; since anomalies are recorded, logs can be traced to malicious or suspicious activities. For this reason, it is important for threat detection systems to transcend all IoT layers; threat detection must include "physical damages, attacks, malicious codes, vulnerabilities, [and] misuses" [172]. Because of the often small storage on IoT devices, best practice is for security warnings from these systems to be forwarded to a secondary source, such as over email, SMS, or logs on a remote cloud [172]. There are two popularly used types of IDS for IoT devices, "Host-based Intrusion Detection Systems (HIDS)" and "Network-based Intrusion Detection Systems (NIDS)". They typically are deployed for securing the network layer, but can also run on the application layer depending on the needs of the device [30]. In a general sense, most well-known forms of network attacks can be prevented by an IDS, which include brute forcing, DDoS attacks, and malware requests [28]. If nuances in security as distinguished by sensors can be detected by threat detection systems, then systems can be stated to be more secure on the physical layer [40]. Due to the sheer diversity of the IoT ecosystem, some studies have recommended the introduction of adaptive intrusion systems to better combat against vulnerabilities arising from a heterogeneous environment. This has been recommended through the notion of using machine learning techniques as opposed to matching threats to database records [36,173].

Antivirus/Firewall
Web application scanners can help identify threats, especially when deployed alongside firewalls for detecting potential attackers. Firewalls, when deployed alongside ACLs, can block unauthorized access and assist in packet filtration on the application layer. Antivirus software can also work on this layer to detect and mitigate known threats, vulnerabilities, and cyberattacks from a database, but must be balanced with computational power for the device they are stored on [26]. Since Antivirus software and firewalls are not universal, they are best paired alongside IDS and/or Honeypot detection software in order to best mitigate attacks [28,30,171].

Blockchain
Some studies have proposed blockchain as a multi-layer solution for securing IoT networks. Blockchain networks can be deployed in either centralized or decentralized models, with their own weaknesses and strengths. The former is better for processing large data transfers from heterogeneous devices, while the latter is better for flexibility and real-time services. Blockchain can help standardized transactions among different forms of devices, as well as increase trust factors between heterodox communications or device functionalities which cross-communicate. Proposed blockchain techniques ensure an increased level of security through global trust and universal identification, standardized and high-level authentication, contextual privacy, and exponential mitigation against high-level attackers without an exponential increase in capabilities, which diminish IoT flexibility [32,33].

Honeypot Detection
Honeypot detection is another form of intrusion and/or threat detection based on system and network architecture. Instead of simply logging vulnerabilities or attacks, honeypot detection helps prevent attacks by the presentation of a separate zone outside of the typical scope of the network, such as in a "DMZ"; in this approach, vulnerabilities can still be detected and logged without putting the rest of the IoT network at larger risk [26,172]. Because honeypot detection systems do not need to be stored within the device itself, but just on the same network, they can act as a tool for measuring the dynamic nature of threats and preventing intrusion without burdening system resources [174].

Standardization
The lack of universal standards for IoT devices has resulted in a largely heterodox field, which has spawned a complexity for developing cross-device security methods. Researchers [43,44] have suggested that the standardization of security protocols would be one form of mitigating risks which spawn from device nuances [36,41]. In lieu of a lack of standardization, some studies have suggested a lack of device to device communication at all to prevent cross-device communication vulnerabilities from arising [159]. Standardization is most important on the network layer rather than the physical layer. Standardized protocols ensure a safe and simplified ecosystem for cross-device communications [30,36]. Just as the standardization of protocols for home and professional computing helped create a more secure world wide web, research has shown that a foundational standardization of protocols helps ensure an "interoperability" of security between IoT devices [40,42,45]. Software-defined networking (SDN) has also been proposed as an alternative to hardware standardization, which ensures a similarly secure return with a greater level of manufacturing and performance flexibility [175].

Traffic Filtering
Filtering traffic signals between IoT devices on the physical layer, even without IDS or threat detection on software-based layers, is one form of securing IoT networks and preventing malicious signals or cross-communications. Depending on the filter, this is also one way of implementing security despite a lack of device standardization [30]. Traffic filtering employed alongside an IDS can result in a significant decrease in malicious attacks, as well as general lessened risks within an IoT ecosystem [28].

End-to-End and Point-to-Point Security
End-to-end security mitigates risks in any wireless communication between devices, regardless of the protocol used; however, different suites must be applied depending on the protocol(s) used within respective layers [34]. Similarly, point-to-point connectivity solutions, which may take the form of IPSec VPNs or MPLS, provide similar security as end-to-end, but with greater power consumption needs [30,159]. It has also been noted that one critical strength of end-to-end security trust models is the circumvention of tertiary vulnerabilities. As cloud-reliant systems are only as secure as the remote systems facilitating processes and security, end-to-end security systems circumvent security risks proposed by such [176]. End-to-end security has also been proposed as a form of maintaining data integrity and privacy within a peer-to-peer networking system, although it is not inherently dependent on that form of networking architecture [163].

Authentication
Secure authentication is important for risk mitigation across all layers. On the physical layer, device authentication and identification must take place before signals are sent or received [35]. Authentication mechanisms prevent illegal access to data on sensor nodes in the network layer. The most common type of attack on this layer are DoS attacks, which authentication can assist in preventing [26]. Furthermore, authentication techniques can be deployed in a variety of ways, depending on the needs of the device and device application(s); these are usually, in best practice, deployed alongside access controls [36]. Various forms of authentication can be done through key exchanges, username/password (login) systems, or unique techniques such as "Identity Authentication and Capability-based Access Control (IACAC)" [37]. Furthermore, Message Authentication Codes used for device authentication can help prevent man-in-the-middle attacks [13]. An issue often pointed to for authentication is the heterodoxy of the IoT ecosystem; while some research has suggested standardization for this, authentication can still be achieved through methods such as cryptography suite-based access control, or a multitude of other formats. However, this heterodoxy means that devices which are not homogeneous and require safeguarded authentication should not be used within the same network [36,41]. Different forms of authentication are implemented at different layers, with respective security nuances based on such. Physical authentication can be achieved versus RFID-based identity authentication, whereas application authentication can be achieved through prior mentioned forms of authentication such as login or key exchanges. In comparison to these forms of authentication, physical authentication can help secure software layers additionally, but software layers cannot secure physical layers bi-directionally [177]. Applying authentication methods into sensor nodes of IoT devices is required in order to prevent malicious attacks; some studies have suggested that this is best achieved through symmetric cryptography suites. Furthermore, authentication should be setup in a distributive form, so users and nodes can only ever be authenticated to aspects that access needs to directly be attained. This can be done, for example, through Attribute-Based Access Control (ABAC); studies such as [30] propose that ABAC is most suitable over other access control methods because it requires minimal resources, is based on attribute instead of user, and uses randomized values per-session [30]. ABAC could potentially be used as a defense against man-in-the-middle, sniffing, replay, and node capture attacks [30]. Devices that connect to cloud servers and "control" devices are most in need of forms of user authentication, as well as input validation [28]. Authentication can also be deployed as a way of circumventing spoofing attacks on geospatial data [178]. Multi-factor authentication can ensure a high layer of security, but at the cost of flexibility of capabilities. In highly sensitive environments however, this trade-off is important to consider [166].
Another promising method for access control, which has been proposed within the sphere of IoT, has been NoSQL authentication. NoSQL provides performance, flexibility, and scalability for handling high data volumes, and has already found a place within the data storage and analysis layer(s) of the Internet of Things [93]. Using NoSQL as a framework for authentication within the Internet of Things is thus intuitive, especially because of the aforementioned need for implementation of access controls. Studies such as [93] have shown that NoSQL datastores can be used to implement access controls. In the past, using NoSQL for this purpose has been subject to criticism, as NoSQL datastores suffer from poor data protection; the aforementioned study [93] proposes a fix to this, and thus a possible springboard for IoT systems, by the integration of "fine-grained access controls" (FGAC). FGAC has previously been used in other systems, such as social networks and service and mobile applications [93]. The usage of FGAC allows for straightforward enforcement mechanisms and policy encoding, which suit the access control needs of IoT devices. [93]

Trust Establishment
Third parties are often introduced for trust establishment techniques, such as third-party-based key exchanges, or certification. In order to do this, devices must be able to access third parties typically, or have these trust stores built into their architecture by default. Trust stores help with safeguarding uniform transactions and preventing untrusted communications and attacks, but, depending on their implementation, must also be balanced with reverse engineering risks, or the need for constant remote authentication [34]. Trust establishment is best used alongside authentication frameworks or mechanisms in order to prevent trust tampering. This goes hand in hand with key distribution; best practices show that unique device IDs and distributive permissions are best practices [13,30].

Active Defense
In contrast to antivirus or firewallesque software, "deep packet inspection" has been proposed as a method of real-time detection of abnormal data or behavior. This type of behavior often indicates malicious activity; this behavior could be contrasted with IDS systems, but done directly as traffic is received or sent, rather than within a separate software process [159]. Active defense can be considered the primary segment of defense architecture and can encapsulate a number of other mechanisms, such as backup, authentication, access control, and encryption; however, this is based on both the needs and capabilities of the device. As active defense cannot inherently prevent all forms of threats, but generally known or up-front ones instead, it is important to be coupled with other mitigation tactics [172]. Active defense techniques are most important for devices with remote connections, such as to cloud servers, and are best deployed alongside antivirus, IDS, and firewalls, as a system administrator would otherwise secure a non-IoT computational network [28].

Location-Based Data Security
GPS spoofing occurs as an attack within the network layer. Techniques such as the "GPS Location Technique" [179] have been used to successfully mitigate location-based system attacks [26]. In order to counter spoofing, techniques that match identity and location to service requests can be deployed [176]. Authentication, as well as geo-spatial validation, can be deployed in order to combat most vital spoofing attacks [178].

Open Research Ideas
Current open areas of research into Internet of Things have primarily been focused on addressing countermeasures for recognized security and usability flaws. More broadly, this has included topics such as security, scalability, and standardization, as described in Figure 9. Research has been focused on areas of improvement surveyed for application in fields such as smart environments (such as cities), and healthcare. As such, there has been an emphasis on the aforementioned importance of universalized security paradigms and standardization of device operations [27,42,180]. This has manifested in studies over proposed architectures and protocols; although there has not been a consensus on this, some proposals have been shown to be more recurrent than others, such as structural decentralization [181] and involvement of blockchain [32,33,163,182].
Architectural Internet of Things research has primarily been divided into two fields from a wider pool of options, three-layer architecture and SoA-based architecture [180]. However, alternate architectural frameworks have been drafted and proposed as a result of distinct perspective issues in individual layers, such as the physical and network layers. These new architectures have largely been driven by a secure desire for standardization, especially within the field of research itself, due to dissonance in research resulting from industry fragmentation [183]. The lack of standardization within the field has created a vacuum for large-scale deployability. Because of the "multidisciplinary" nature of the field, research has demanded a universal, international standardization for Internet of Things protocols and communications [27,184]. Standardization, however, has proved to be a regulatory challenge, because of the mass variation of both consumer and industrial needs within the field internationally, as operations which result from legal and physical challenges, as shown for example by the impact of 5G technology, as well as the recent trend of technology-focused digital legislature, such as the European GDPR [35].
The relationship between the wider Internet and the Internet of Things has remained a tenuous topic for both security and functionality reasons. Open research has been done into the development of Web-based APIs for the purpose of devices securely accessing the web for functional reasons [185] as well as theoretical implementation of TCP as a transport-layer protocol, based on past historical applications of such in the field [186]. While this research exists, there has yet to be a generalized consensus on the usability of such in a wider scope. This, of course, relates back to the issue of lack of standardization, as the development and applicable testing of protocols and other proposals are predicated on their ability to be universally deployed, which is not currently viable without a consensus within the field [30,187].
Similarly, lack of standardization is also an issue that has pervaded studies into security improvements. However, it has not had as critical of an effect, due to many security proposals being intrinsically proposed in a vacuum for mitigating threats within certain architectures, or as a response to certain externalities [187]. Authentication, for example, has remained an open area of research; consensus agrees that authentication must be utilized in any secure Internet of Things architecture, but individual application of such has differed. Some open-ended papers have proposed protocols for key management schemes to strengthen resilience against cyber attacks [45,166,188]. Other research has taken a more generalized approach, surveying threats (which have shown to be more widely agreed upon) and proposing hybrid encryption schemes to protect against both data theft and hijacking [189]. However, besides standardized practices, other challenges are proposed for Internet of Things devices compared to more traditional computing; balancing security alongside energy consumption and available resources, for example, has remained a large problem, due to the complexities of stronger encryption competing with available system resources [158,187,189]. Looking to balance such attributes, studies have shown a sharp contrast in proposed solutions; some have proposed authentication through continuous authorization, or authentication based on direct user interaction [189]. Other studies have taken the route of providing security through cloud, or "fog computing" solutions [183]. Many studies, however, have incorporated security concerns into architectural proposals; this, typically, has intersected with proposals for Blockchain and decentralization [32,33,163,181,182]. Going back to Section 3 and in particular discussing access c, many approaches have been proposed to provide control access The usage of "fog computing" as a proposed solution has spurred a diverse sector of research [190]. The term itself, "fog computing", refers to a computing architecture which extends cloud computing methodology through employing peer entry nodes as middle-men between communicative devices and cloud networks. Some studies focus on more peer-to-peer based implementations, while others treat fog-computing as a layer in otherwise traditional cloudcomputing architectures [190]. "Fog computing" has competed against cloud-computing within IoT spheres by providing similar security benefits but with overcoming many of the challenges cloudcomputing otherwise faces, such as "latency requirements" or "bandwidth" or "resource" "constraints" [190]. Similar to cloud-computing, it allows for external and on-demand access to additional computing resources and virtual infrastructures with remote deployability and management [190]. As this is an open field of research, however, exact implementations of fog computing are not fully agreed upon. Many of the considered benefits have overlapped between studies, but implementations have widely varied. Some studies, for example, believe that Blockchain should be used to foster fog computing paradigms [191], while others believe that fog computing should simply act as a middleware-type framework for otherwise traditional cloud computing methods [192]. The exact architecture is also highly debated between studies [190,192,193]; some focus on optimized architecture for real time performance [190,192], while others are focused more on synchronization between nodes [193]. Others acknowledge the need for both synchronization and real-time efforts, but instead focus on adjacent implementations, such as sensor virtualizations [190].
While both Blockchain and decentralized architectures (generally, peer-to-peer or end-to-end) are fairly common, even within such proposals, there is a large distinction between papers as to theoretical implementation of such, and little case study or proof of concept within the field, due to the inherent large scale of such proposals [187]. Blockchain is often used as a means of proposing trust-based systems for ensuring integrity and non-repudiation [182]. Proposals have been more uniform among peer-to-peer studies, generally focusing on challenging the status quo by providing decentralized solutions based on improving scalability and privacy [176]. Most of these proposals have discussed forms of end-to-end encryption in tandem, but there are disagreements stemming from such, for example, how to distribute keys, or how to ensure standardization within a decentralized system across different hardware, manufacturers, and applications [159,176,180].
Other research has been conducted on scalability, which also intersects with proposals of standardization and security. Solutions regarding IPv6 for the further scalability of device connectivity has been proposed [194] but has yet to manifest as proof of concept with tangible results outside of theory. The scalability of the Internet of Things has remained an open topic, since, while it relies on standardization, it is also immediately striking as relevant technology is rolled out to consumer and industrial causes [187].

Conclusions
IoT is exponentially becoming part of our daily lives to increase efficiency, provide unlimited services, to increase the quality of life, and provide convenience via connecting different technologies, devices, and applications. As the number of IoT devices increases and adopted in different domains and applications, the number of threats and enormous security and privacy risks increase, creating an Internet of Vulnerabilities (IoV).
In this survey paper, we perform an in-depth systematic, comprehensive review and taxonomy of the state of the art and urgent security and privacy concerns that most matter to IoT. First, we present an overview of IoT, its underlying technologies and its limitations, approaches, as well as applications of IoT in different domains. Then, we follow that up with the coverage of previous diverse and significant similar related work that has been done for the past few years and the contribution of each work. Moreover, we explain the need for security in the context of IoT and why it is different from other systems due to its different applications' heterogeneity. In addition, we explore the most recent IoT security frameworks that address security and privacy concerns in IoT and propose a solution to maintain security and give more opportunities for IoT to become an integral part of different domains and fully embraced.
Moreover, the paper investigates attacks, threats and vulnerabilities and provides classification of them based on the severity and impact according to NIST's FIPS 199 definitions on the violation of Confidentiality, Integrity and Availability (CIA), which, to the best of our knowledge, is a unique contribution of this work and the first article to describe attacks, threats and vulnerabilities based on this criterion. Furthermore, we provide a multi-faceted approach to the mitigation of, and countermeasures to, these security concerns.
Finally, we discuss several current research challenges associated with IoT ecosystem that need further research and investigation in order for IoT to be fully adopted from convenience to missioncritical applications