IoT–Cloud Integration Security: A Survey of Challenges, Solutions, and Directions
Round 1
Reviewer 1 Report
Comments and Suggestions for AuthorsThis paper surveys security challenges in IoT and cloud integration, covering key risks, existing mitigation strategies, and research gaps. The discussion of threats such as data breaches, insecure APIs, and insider threats is interesting. However, the paper has several weaknesses that must be addressed before publication.
1) The paper highlights AI as a promising tool for intrusion detection and anomaly detection, but it lacks a detailed technical evaluation of its limitations. There should be a discussion on adversarial AI attacks, where attackers manipulate AI models to evade detection, and strategies like adversarial training or explainable AI should be explored as potential countermeasures.
2) The paper does not mention replay attacks, which are a significant threat in IoT systems, where attackers can capture and resend authentication data to gain unauthorized access. Given the paper’s focus on security challenges, it should discuss how replay attacks affect IoT-cloud communication and explore mitigation techniques such as nonce-based authentication and timestamp validation. For this point, please refer to https://ieeexplore.ieee.org/abstract/document/10494466
3)While the paper discusses encryption, it does not fully consider the computational limitations of IoT devices. Many IoT nodes have low processing power and battery constraints, making standard encryption methods like AES computationally expensive. The authors should include a review of lightweight cryptographic solutions such as Elliptic Curve Cryptography (ECC) or lightweight block ciphers like PRESENT and SIMON.
4) APIs are a critical attack vector in IoT-cloud integration, but the paper does not sufficiently discuss API security best practices. The authors should elaborate on secure authentication mechanisms for APIs, including OAuth 2.0, API gateways, and rate limiting to prevent excessive requests that could lead to denial-of-service (DoS) attacks .
5)The paper references several previous surveys but does not provide a comparative analysis of how it improves upon them. A structured comparison table showing key contributions, research gaps, and differentiators would help establish the novelty of this work.
Comments on the Quality of English LanguageThe English could be improved to more clearly express the research.
Author Response
Please see the attached file which contains the responses.
Author Response File: Author Response.pdf
Reviewer 2 Report
Comments and Suggestions for AuthorsStrengths:
- The paper provides a comprehensive overview of the IoT and cloud architectures, the protocols used, and the challenges faced in these architectures.
- The discussion on AI-driven anomaly detection, blockchain-based security frameworks, and lightweight cryptographic solutions is highly relevant to modern cybersecurity concerns.
- The paper also highlights several open research problems.
Weaknesses and suggestions:
- The paper would have benefitted from a case study on this issue, as it would have helped tie all the information provided.
- Although the paper says that part of the focus is on the solutions, there is not much covered in this aspect. Since this area is not new, there are several solutions and methodologies. They only covered about a dozen papers, several of which are from 2012, 2016, 2020 and so on which are dated.
- The paper could benefit from a re-organization. Focusing on identifying the challenges and categorizing them, and similarly, identifying different categories of solutions and providing them would benefit the reader more.
Author Response
Please see the attached file which contains the responses.
Author Response File: Author Response.pdf
Reviewer 3 Report
Comments and Suggestions for AuthorsThis pape make a survey on security challenges for IoT and Cloud integration, trying to understand the state of the art and the future directions and connected risks. The paper has serious flaws and need to be improved:
- In the Introduction Section, the authors should include in the text the description of the following chapters, like: Chapter 2 introduces the background, chapter 3 etc.
- Improve the quality of Figure 3
- I found some mistakes maybe due to copy and paste. For instance, in section 2.2. Network Layer, there are some numbers sparse in the text. It must be fixed.
- In the Chapter 2. Gaps and Weaknesses in IoT Security Solutions the author should mention physical attacks like Side-channel Attacks, Post-Quantum Cryptography (PQC) and the difficulty to apply countermeasures to PQC algorithms against side-channel attacks. One of the main security challenge in IoT is the transition from classical cryptography to PQC, and the application of side channel countermeasures, since IoT devices are susceptible to physical attacks. I suggest to cite some existing papers on secure and hardware implementation of PQC:
https://eprint.iacr.org/2021/1021
https://eprint.iacr.org/2022/527
https://ieeexplore.ieee.org/document/10439161
- The Section 3. Related works should be dedicated to the analysis of the state of the art. I do not see any paper cited in this Section. I suggest to do a real analysis of the state of the art, which is completely missing in this paper. I suggest to cite and review some existing papers like:
https://www.mdpi.com/2076-3417/10/12/4102
https://ieeexplore.ieee.org/abstract/document/9594183
https://link.springer.com/chapter/10.1007/978-981-15-6353-9_46
Any papers recommended in the report are for reference only. They are not mandatory. You may cite and reference other papers related to this topic.
Author Response
Please see the attached file which contains the responses.
Author Response File: Author Response.pdf
Round 2
Reviewer 1 Report
Comments and Suggestions for AuthorsThe authors addressed my comments.
Reviewer 2 Report
Comments and Suggestions for AuthorsThe authors have clearly addressed all the concerns mentioned in the previous review.
Reviewer 3 Report
Comments and Suggestions for Authorsthe paper has been improved