Next Article in Journal
Mapping the Past: Unlocking Historical Explorer Narratives with AI and Geospatial Tools
Next Article in Special Issue
Investigating De-Identification Methodologies in Dutch Medical Texts: A Replication Study of Deduce and Deidentify
Previous Article in Journal
Influence of Environmental Factors on the Accuracy of the Ultrasonic Rangefinder in a Mobile Robotic Technical Vision System
Previous Article in Special Issue
Navigating the CISO’s Mind by Integrating GenAI for Strategic Cyber Resilience
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 14
Issue 7
10.3390/electronics14071394
Review Report
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Review
Peer-Review Record

IoT–Cloud Integration Security: A Survey of Challenges, Solutions, and Directions

Electronics 2025, 14(7), 1394; https://doi.org/10.3390/electronics14071394
by Mohammed Almutairi 1,2,* and Frederick T. Sheldon 1
Reviewer 1: Anonymous
Reviewer 3: Anonymous
Electronics 2025, 14(7), 1394; https://doi.org/10.3390/electronics14071394
Submission received: 16 February 2025 / Revised: 24 March 2025 / Accepted: 27 March 2025 / Published: 30 March 2025
(This article belongs to the Special Issue Digital Security and Privacy Protection: Trends and Applications, 2nd Edition)

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

This paper surveys security challenges in IoT and cloud integration, covering key risks, existing mitigation strategies, and research gaps. The discussion of threats such as data breaches, insecure APIs, and insider threats is interesting. However, the paper has several weaknesses that must be addressed before publication.  

1) The paper highlights AI as a promising tool for intrusion detection and anomaly detection, but it lacks a detailed technical evaluation of its limitations. There should be a discussion on adversarial AI attacks, where attackers manipulate AI models to evade detection, and strategies like adversarial training or explainable AI should be explored as potential countermeasures.  

2) The paper does not mention replay attacks, which are a significant threat in IoT systems, where attackers can capture and resend authentication data to gain unauthorized access. Given the paper’s focus on security challenges, it should discuss how replay attacks affect IoT-cloud communication and explore mitigation techniques such as nonce-based authentication and timestamp validation. For this point, please refer to https://ieeexplore.ieee.org/abstract/document/10494466  


3)While the paper discusses encryption, it does not fully consider the computational limitations of IoT devices. Many IoT nodes have low processing power and battery constraints, making standard encryption methods like AES computationally expensive. The authors should include a review of lightweight cryptographic solutions such as Elliptic Curve Cryptography (ECC) or lightweight block ciphers like PRESENT and SIMON.  


4) APIs are a critical attack vector in IoT-cloud integration, but the paper does not sufficiently discuss API security best practices. The authors should elaborate on secure authentication mechanisms for APIs, including OAuth 2.0, API gateways, and rate limiting to prevent excessive requests that could lead to denial-of-service (DoS) attacks . 

5)The paper references several previous surveys but does not provide a comparative analysis of how it improves upon them. A structured comparison table showing key contributions, research gaps, and differentiators would help establish the novelty of this work.

Comments on the Quality of English Language

 The English could be improved to more clearly express the research.

Author Response

Please see the attached file which contains the responses.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

Strengths:

  1. The paper provides a comprehensive overview of the IoT and cloud architectures, the protocols used, and the challenges faced in these architectures.
  2. The discussion on AI-driven anomaly detection, blockchain-based security frameworks, and lightweight cryptographic solutions is highly relevant to modern cybersecurity concerns.
  3. The paper also highlights several open research problems. 

Weaknesses and suggestions:

  1. The paper would have benefitted from a case study on this issue, as it would have helped tie all the information provided.
  2. Although the paper says that part of the focus is on the solutions, there is not much covered in this aspect. Since this area is not new, there are several solutions and methodologies. They only covered about a dozen papers, several of which are from 2012, 2016, 2020 and so on which are dated. 
  3. The paper could benefit from a re-organization. Focusing on identifying the challenges and categorizing them, and similarly, identifying different categories of solutions and providing them would benefit the reader more. 

 

Author Response

Please see the attached file which contains the responses.

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors

This pape make a survey on security challenges for IoT and Cloud integration, trying to understand the state of the art and the future directions and connected risks. The paper has serious flaws and need to be improved:

 

  • In the Introduction Section, the authors should include in the text the description of the following chapters, like: Chapter 2 introduces the background, chapter 3 etc.
  • Improve the quality of Figure 3
  • I found some mistakes maybe due to copy and paste. For instance, in section 2.2. Network Layer, there are some numbers sparse in the text. It must be fixed.
  • In the Chapter 2. Gaps and Weaknesses in IoT Security Solutions the author should mention physical attacks like Side-channel Attacks, Post-Quantum Cryptography (PQC) and the difficulty to apply countermeasures to PQC algorithms against side-channel attacks. One of the main security challenge in IoT is the transition from classical cryptography to PQC, and the application of side channel countermeasures, since IoT devices are susceptible to physical attacks. I suggest to cite some existing papers on secure and hardware implementation of PQC:

https://eprint.iacr.org/2021/1021

https://eprint.iacr.org/2022/527

https://ieeexplore.ieee.org/document/10439161

  • The Section 3. Related works should be dedicated to the analysis of the state of the art. I do not see any paper cited in this Section. I suggest to do a real analysis of the state of the art, which is completely missing in this paper. I suggest to cite and review some existing papers like:

https://www.mdpi.com/2076-3417/10/12/4102

https://ieeexplore.ieee.org/abstract/document/9594183

https://link.springer.com/chapter/10.1007/978-981-15-6353-9_46


Any papers recommended in the report are for reference only. They are not mandatory. You may cite and reference other papers related to this topic.

Author Response

Please see the attached file which contains the responses.

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

Comments and Suggestions for Authors

The authors addressed my comments.

Reviewer 2 Report

Comments and Suggestions for Authors

The authors have clearly addressed all the concerns mentioned in the previous review.

Reviewer 3 Report

Comments and Suggestions for Authors

the paper has been improved

Back to TopTop