1. Introduction
IoT has been thriving as another global innovation in the last few years. It is expected that the world’s fortunes will be changed by implementing IoT in various systems over the coming years. IoT will likely revolutionize the way we live today. The Internet of Things foundation was established to improve communication and data exchange between humans and devices for massive data transfer [
1]. IoT’s motivation involves the association of registering gadgets, mechanical and computerized objects, humans, and machines through applications utilizing the web interface and portable applications. The IoT climate can move information through an organization without expecting human-to-human or human-to-computer correspondence [
2].
IoT is becoming a significant necessity for many industrial and communication technology applications. There has been an enormous increase in IoT implementation as it has been considered to have the massive number of 50 billion devices connected to the Internet by 2020 [
3]. Furthermore, IoT applications designed to assist the disabled or elderly provide ease and mobility at varying degrees of unconventionality for a reasonable price [
4]. In addition, IoT adds to numerous fields, for example, agribusiness, climate, clinical areas, the educational sector, transportation, and finance. These innovations and upgrades improve our everyday lives [
5].
Figure 1 shows the graph depicting the number of IoT devices in billions globally from 2018 to 2030 [
6].
Numerous organizations and scientific research associations are working on various aspects of the IoT. They have presented a functional outline for the IoT’s impacts on the economy and the vast majority of other existing fields over the next 10 years. Cisco is the primary organization that delivers numerous IoT undertakings, which included 24 billion smart objects by 2019. It is also expected that the Huawei company will introduce 100 billion IoT associations by 2025 [
7,
8,
9]. Every second in the world, 127 devices are linked to the Internet. By 2020, out of all electronic device use, 63% will be using IoT technology. Of all the massive, smart city commercial projects, 23% consist of IoT implementation, while by the end of 2020, 40% of all healthcare organizations were embedding IoT [
10].
Figure 2 depicts an analysis of the worldwide expenditure in billions of dollars on IoT from 2018 to 2023, which shows the cost of IoT is increasing day by day as enhancement in technology (such as automated machine systems, devices, etc.,) increases. In 2018 the expenditure was 616 billion USD, after that it increased slightly in 2019 and there was a significant change predicted for 2022–2023 [
11].
Via controllers and cloud management, autonomy can be generated for the self-sufficiency and decision-making of nodes [
12]. There is always a wide open door for intruders or hackers to utilize IoT devices for their potential benefit via various attacks, such as Denial-of-Service (DoS) attacks, phishing emails, and other unsafe worms or Trojans [
13]. The IoT layers present multiple risks such as sniffing, spoofing, eavesdropping, and intrusion. IoT utilizes hubs, sensors, and intelligent recognition gadgets to gather information. Because of the nonappearance of verification administration, unapproved access can change data integrity or even erase the stored data [
14,
15].
IoT systems can work under various conditions and, in most cases, have little computing capacity. Therefore, specific IoT devices can connect to many hubs, raising significant security concerns. As a result, security issues have proven to be more challenging to solve, as it is difficult to establish a nonexclusive security architecture or model [
16]. The Internet has undergone remarkable changes that offer both extraordinary opportunities and significant difficulties for users; troubles emerge from unauthorized users utilizing cyberspace and exploiting its numerous weaknesses. Various cyber insights are required for the Internet to assess risks and overcome challenges [
17].
The increasing proliferation of WSN devices in an actuating–communicating network has spawned the Internet of Things (IoT), in which data is seamlessly shared across platforms by fusing sensors and actuators with our surroundings. Medical and environmental monitoring can be automated using these low-cost WSN devices. RPL improves the utilization of these sensors in real-world applications by assessing their performance. Low-Power and Lossy Networks (LLNs) are mainly restricted nodes with limited processing power and fluctuating energy. Most traffic patterns are multipoint-to-point or multipoint-to-multipoint rather than point-to-point. As a result, data rates are often reduced, resulting in instability [
18]. Contiki is an operating system that allows RPL and lossless monitoring of Internet of Things devices. Topological node assignment is based on multi-hop transmissions and has been employed in environmental monitoring, health care, and other smart systems [
19]. Routing is a popular topic in the IoT community because of the limitations imposed by these devices. In many IoT networks, the Internet Engineering Task Force’s (IETF) routing protocol for low power and lossy networks (LPN) has become the norm since it was intended to effectively utilize the finite resources of IoT devices while delivering effective routing services. RPL’s architecture included many but optional security methods for ensuring reliable routing. Research on the security elements of RPL’s routing protocol, such as routing assaults, novel mitigation mechanisms and intrusion detection systems (IDSs), and goal functions with an eye on security, has exploded since the protocol’s 2012 standardization (OFs). The impacts of RPL’s security features against routing assaults have not yet been studied, which is strange. RPL’s security features have not been implemented in any of the existing IoT operating systems (OSs), such as Contiki OS and TinyOS.
RPL security features have been partially implemented in Contiki OS, with the addition of a preloaded secure mode (PSM) and an optional replay protection system. Using this approach, we were able to provide the groundwork for this paper. We summarize our contributions as follows.
We confirmed that, except for the wormhole, RPL in the preinstalled secure mode (PSM) could prevent external adversaries from entering the IoT network for the examined attacks (WH). Additionally, we demonstrated that the optional replay protection offers superior protection against the neighbor attack (NA). However, it needs more optimization to minimize its impact on energy usage. We observed and assessed the effect of the examined assaults on the routing topology and offered two simple strategies for mitigating the consequences of the investigated attacks without using external security measures, such as intrusion detection systems or other security mechanisms. Another performance comparison of the suggested methodologies’ implementation was undertaken. The findings indicated that RPL performed better in terms of end-to-end (E2E) latency and packet delivery rate (PDR) when subjected to Selective-Forward (SF) and Black-hole assaults.
This paper explored the numerous security challenges in wireless sensor networks (WSNs) and the IoT. The function of the IoT in Industry 4.0 demonstrates how various automated systems can be used to optimize processes. Similarly, the IoT-LPN protocols are examined in this paper, which describes each protocol’s strengths and weaknesses. This paper also discusses security objectives (availability, confidentiality, privacy, and so on), threats, and WSN and IoT-LPN problems. These attacks are further categorized into physical layer-based, network layer-based, software-based, and data-based attacks. In addition, the security processes associated with Industry 4.0 are addressed. The suggested research performed a comparative analysis with current work based on various criteria, indicating that the proposed work covers several factors, whereas existing work discusses fewer. Based on the preceding explanation, the proposed work focuses on four questions and targets them as follows:
- Q1.
What are the applications utilized in IoT-LPN?
- Q2.
What are the existing protocols in IoT-LPN and their strengths and limitations?
- Q3.
What are the security objectives of WSN-IoT?
- Q4.
What are the security issues and challenges in WSN-IoT?
Figure 3 depicts the research collection mechanism, including identifying the data, title screening, exclusion criteria, and finally, the included papers.
The rest of the paper can be described as follows.
Section 2 briefly discusses IoT in Industry 4.0. Similarly,
Section 3 is related to IoT-LPN architecture and its applications.
Section 4 is about security issues and challenges in WSN-IoT.
Section 5 covers the categories of network attacks in WSN-IoT layers.
Section 6 is related to the WSN-IoT security mechanism in Industry 4.0. Subsequently, the existing literature is discussed in
Section 7. Similarly, a comparative analysis of the proposed work with the current work is discussed in
Section 8, and finally, the conclusion and findings are described in
Section 9.
2. IoT in Industry 4.0
A company should adapt its manufacturing and logistics processes to follow emerging technology in this modern era. Profitability and cost-effectiveness have increased as business has expanded. Customer-centric development methods should be included, and internal business agility should be prioritized. Similarly, the transformation of all social and business structures around digital communication can be described as “digitalization.” Digital innovations are incorporated into corporate activity by digitalizing all conceivable operations [
20]. However, IoT provides the opportunity to view data from anywhere and share data between computers, devices, and nodes. Manufacturing processes are interconnected and there are real-time flows between all aspects of the supply chain [
21]. The IIoT is a particular IoT field that emphasizes its implementations and uses for new industries and intellectual development. It is a dynamic structure with a wide range of processes. Besides, it is a central feature of the manufacturing sphere and is closely tied to the fourth industrial revolution (IR 4.0) [
22]. It combines several cutting-edge critical technologies to produce a system that outperforms the sum of its parts. This one-of-a-kind domain stands out for its many innovative applications and services and its myriad integrated appliances and modern manufacturing operations [
23]. Through the use of core technologies such as Cyber-Physical Systems (CPSs); IoT; autonomous, scalable, cooperative robotics; the Internet of Services (IoS); simulations that exploit real-time data to create a computer model that reflects the actual world; big data analytics; and enhanced re-assembly, IR 4.0 aims to improve and update existing production plants, maintenance and management processes, and technology to an intellectual level [
24]. The term “responsibility” refers to determining whether a person is responsible for their actions. A top-down and bottom-up system would create an integrated network that helps an automated supply chain build skills, functions, divisions, and companies. The presentation, analysis, and interpretation of data from various sources, including industrial processes, warehouses, and corporate consumer information systems, has become the norm in IR 4.0 to aid real-time decision-making. Networking technology, smartphones, sensors, applications, middleware, and storage devices are all included.
Simply put, Industry 4.0 alters both living and working practices. However, a new era in human history becomes possible through technological developments comparable to the first, second, and third industrial revolutions. They provide more automation and act as a bridge between the physical and digital worlds by using a cyber-physical system (CPS), which is a fundamental component of the smart factory as envisioned by Industry 4.0. CPS is a manufacturing system that uses sensors and software throughout the manufacturing process. Sensors collect and preserve data, which is subsequently analyzed by a computer to make various decisions. These decisions immediately impact the physical system via actuators and human-machine interfaces.
Furthermore, CPS enhances automated machines with the help of industrial IoT. CPS also collects and distributes data from and about the plant’s assets and locations. Therefore, various approaches (cloud computing, AI, and machine learning) have been utilized to analyze this data and make decisions that improve system optimization. CPS and IoT work in tandem to develop smart factories. These competitive factories have decreased downtime, increased efficiency, produced better products, and increased output [
21]. A modified version of AntHocNet offers a unique routing mechanism for FANET. Compared to other traditional optimal path selection strategies, ant colony optimization, or metaheuristics in general, it has proven more reliable and effective. This study’s energy stabilizing parameter enhances network performance overall and energy efficiency. According to the simulation findings, the suggested protocol outperforms generic Ant Colony Optimization (ACO) and other established routing protocols used in FANET [
25].
3. IoT-LPN Architecture and Its Applications
The Internet of Things employs low-power and lossy networks, known as Low-Power and Lossy Networks (LLN), which may impose limits on infrastructure integration. It enables devices to interact with embedded devices, such as sensors, and can connect many nodes. The traffic variety of LLN systems is also defined; they use point-to-point, point-to-multipoint, and multipoint-to-multipoint architectures. Because of the intricacy of such a network, it is critical to have a routing protocol that serves the purpose. This has been one of the researchers’ primary problems. So, to achieve this goal, the IETF ROLL working group developed RPL, a protocol for LLNs. This protocol is built on a collection-based network in which nodes gather information at regular intervals and transfer it to the collection point. The entire communication architecture is built on low-power wide area networks (LPWA) using unlicensed spectrum (Sigfox, LoRa) and other LPWA technologies proposed by the 3rd Generation Partnership Project (3GPP) that works within a licensed frequency range (NB-IoT, LTE-M). At the same time, the unlicensed spectrum origins made it more challenging to meet the integration goal and increased the possibility of interference and congestion. A licensed frequency range reduces external interference and improves dependability, signal-to-interference-plus-noise ratio (SINR), and security. Similarly, getting a license for these bands comes with a high upfront cost and a regular renewal price. The rise in cost will inevitably be passed on to subscribers, raising capital expenditures for deployment and ongoing operational expenses.
Software-defined networking (SDN) architectural technology increases network performance and monitoring [
26,
27]. However, the network system is divided into device management, the Internet of Everything (IoE) gateway, and intelligent LPWA with the help of AI and deep learning. IoE services provide cellular communication in the licensed and unlicensed spectrum. Similarly, AI is responsible for smart wireless communication technology using smart applications and IoE services. Some typical IoT applications developed with the help of LPWA are the smart city, track and trace, and smart building applications.
5. IoT-LPN Research Challenges
So, here’s a quick rundown of the IoT-LLN challenges. We have seen that the entire communication strategy is based on LPWANs in an IoT-LLN. For LPWANs, scalability is a big challenge in the dense network [
41]. It enables several devices to connect to each base station and deploy more stations across the network. Resultantly, structural scalability was already insufficient to meet LPWANs’ use cases, so it required more devices to meet the requirements.
Similarly, most LPWANs are confined to star topologies. In contrast, cellular-based networks (EC-GSM-IoT, NB-IoT, LTE Cat. M1, 5G) depend on wired infrastructure to integrate networks and cover wider regions. So, the improper infrastructure hampers applications such as the agriculture IoT [
42]. The scalability of short-range and cellular wireless networks is the subject of current research. Offloading (from the licensed to the unlicensed spectrum), common in cellular-based technologies, is impractical for LPWANs operating in the unlicensed spectrum. To overcome the scalability issues, there is a need to approach some other strategies, such as adaptive data rate MAC protocols, the adaptation of spectrum-efficient modulation techniques, and LPWAN channel diversity exploration. Another significant issue is the collection of LPWAN-relevant data regarding methodologies and performances. Because the data of popular LPWANs (LoRaWAN, SigFox, and NB-IoT) is easily accessible, gathering the data for others is complicated due to fewer references. Nowadays, LPWANs are widespread and there is more demand among users to develop new applications because of the discovery of new methods applicable to their personal lives and business operations.
It is understood that security and privacy are the primary concerns in all fields. However, there has been little emphasis on LPWAN’s security in general. Unauthorized access can easily breach the security of a smart home controller. Using unauthorized access, attackers can steal information and completely control home appliances, causing inconvenience to their users.
Similarly, unauthorized access to smart cities, agriculture, and inter-vehicle communication can cause death and environmental harm. So there is a need for adequate security to authenticate the user or owner efficiently; otherwise, LPWANs are not viable for commercial purposes [
43]. Moreover, the essential components of security related to WSN-IoT are discussed in
Section 4. These components are considered necessary before implementing any WSN-IoT application; otherwise, it will be vulnerable.
6. Security Objectives of WSN-IOT
WSN-IoT’s security requirements are the essential characteristics necessary to be implemented to fulfill network security requirements. It consists of various preventive measures for the smooth functioning of the IoT framework [
4,
44,
45,
46,
47,
48,
49].
6.1. Availability
The nature of keeping the service accessible to clients is accessibility. The goal of accessibility is to provide clients with the ability to obtain services at any time and from any location. It is critical to keep assets regularly available to clients and the organization. Consequently, all clients must be confirmed to combat assaults and risks to the organization. Accessibility may help to avoid blockage circumstances such as framework conflicts and organizational blockages that disrupt the information flow.
6.2. Accountability
Accountability is one of the WSN-IoT framework’s basic properties, but it cannot preempt network attack risks and WSN-IoT vulnerabilities. However, rationing and supporting other security criteria such as data integrity and privacy are imperative. They are utilized to follow any node (device) that sends and receives information to notice and distinguish any obscure activities by providing guidelines for the device, clients, and their actions.
6.3. Confidentiality and Privacy
Confidentiality is otherwise known as privacy To fulfill the security requirements, it is implemented to prevent unauthorized clients from obtaining information. Confidentiality gives recognizable proof of verification and authorization for any sensitive item in the IoT network. Numerous security modules ensure the security of information. Maintaining data secrecy is a critical security requirement as it is vital to keep the framework intruder-proof. Privacy guarantees authorized users’ private data and preempts intruders from accessing network services or stealing any data. Privacy has to be implemented at many levels. Privacy for devices is necessary to maintain physical and data confidentiality, as a network can be exposed to data intrusion. Privacy during data transmission within IoT devices preserves sensitive information. Privacy is crucial during the processing and storing of data, as it is most vulnerable at this point. Privacy of location is intended to prevent the disclosure of the geographical position of IoT devices from intruders.
6.4. Auditing
Auditing is essential; without it, the framework’s criteria for meeting security requirements will not be accomplished. It is used to recognize the security shortcomings of WSN-IoT. Auditing is entirely related to accountability, yet it depends on assessing the framework and its services. Auditing measures how well the WSN-IoT framework meets its network performance criteria and components.
6.5. Integrity
Integrity is one security idea that empowers legitimate and authorized access to modify data according to requirements under limited conditions. Integrity can forestall inner attacks, the most hazardous issue in the network framework, as all users must be validated and authorized with access rights. Notwithstanding, cybercriminals may change information during network communication. Integrity may preempt outside attacks to get to or alter sensitive information.
6.6. Access Control
Network access control is verified by an authorized network administrator for the smooth management of user access. It gives clients/users explicit roles or verified admittance to utilize network assets to view, alter, or modify data. Access control offers certain rights to legitimate users to perform precise work.
6.7. Authentication and Authorization
Authentication is the user’s verification, the primary security necessity, as it recognizes users as validated clients utilizing security frameworks such as cryptography algorithms. After authentication, authorization plays a role in the approval of authentic users to use network services.
Table 2 shows the security objectives of WSN-IoT.
12. Conclusions and Findings
The WSN-IoT is recognized as a technology that has already had economic consequences and generated the hope that different sectors’ competitive domains will change dramatically. In the manufacturing industry, sensor-equipped machines can collect data from the production system in real-time and use it to store and synchronize real-world data on the cyber side. It is possible to continually develop and synchronize with the natural world by changing data in real-time and contrasting cyberspace with physical space simultaneously. IIoT, which acts as an inevitable IR 4.0 infrastructure, imposes high reliability, low latency, scalability, energy consumption, and security requirements. However, many low-power wireless specifications and infrastructure protocols aim to meet and conform to those criteria. The emphasis is on addressing the current problems and pursuing future exploration avenues to discover potential solutions. In particular, the “smart” side of IR 4.0 is focused on the availability of self-awareness, self-management, and self-healing intelligent networks. That includes technical concerns such as real-time cellular networking, 5G cellular networks, shallow power usage, and industrial cyber-security. The most trending WSN-IoT security mechanism techniques are blockchain, cryptography algorithms, and AI techniques. These can be an excellent solution to this problem and provide accuracy, autonomy, security, and efficient results.
This article aims to provide a detailed overview of WSN-IoT’s characteristics and aspects for low-powered IoT mechanisms; the paper throws light on the research gaps, including WSN-IoT issues and challenges. According to our findings, researchers have proposed WSN-IoT security mechanisms. However, the significant limitations are that these solutions are still under study and in progress. As previously stated, most of the work conducted so far is in its early stages, is only for research or academic purposes, and does not involve working in real-time scenarios. Considerable research has been for educational purposes and lacks proper deployment on a large scale and testing in the natural environment. Furthermore, frameworks’ functional and large-scale deployment are significant limitations in the context of current research and contributions.