Previous Article in Journal
Characterization of a Bow-Tie Antenna Integrated UTC-Photodiode on Silicon Carbide for Terahertz Wave Generation
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Telecom
Volume 7
Issue 1
10.3390/telecom7010010
telecom-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Trustworthiness in Resource-Constrained IoT: Review and Taxonomy of Privacy-Enhancing Technologies and Anomaly Detection

by
Madalin Neagu
*,
Codruta Maria Serban
,
Anca Hangan
and
Gheorghe Sebestyen
Department of Computer Science, Faculty of Automation and Computer Science, Technical University of Cluj-Napoca, 400027 Cluj-Napoca, Romania
*
Author to whom correspondence should be addressed.
Telecom 2026, 7(1), 10; https://doi.org/10.3390/telecom7010010
Submission received: 25 November 2025 / Revised: 26 December 2025 / Accepted: 6 January 2026 / Published: 16 January 2026
(This article belongs to the Special Issue Advances in Wireless Sensor Networks and Applications)
Browse Figure
Versions Notes

Abstract

Resource-constrained Internet of Things (IoT) devices are increasingly deployed in critical domains but remain vulnerable to stealthy attacks that can bypass conventional defenses. At the same time, privacy constraints limit centralized data collection and processing, complicating anomaly detection. This systematic review surveys methods for privacy-preserving anomaly detection in resource-constrained IoT and introduces a five-dimension taxonomy covering deployment paradigms, resource constraints, real-time requirements, protection techniques, and communication constraints. We review how the literature measures and reports resource and privacy costs and identify three major gaps: (1) a shortage of co-designed detector-plus-privacy solutions tailored to constrained hardware, (2) inconsistent reporting of resource and privacy trade-offs, and (3) limited robustness against adaptive attackers and realistic deployment noise. We conclude with actionable recommendations and a prioritized research roadmap. Furthermore, the multi-dimensional taxonomy we introduce provides a structured framework to guide design choices and systematically improve the comparability, deployability, and overall trustworthiness of anomaly detection systems for constrained IoT.

1. Introduction

The Internet of Things (IoT) has reshaped many industries by enabling ubiquitous connectivity and autonomous data sharing [1,2]. Across domains—from remote health monitoring to automated manufacturing—IoT solutions hold considerable promise for improving operational efficiency and quality of life [3,4,5]. At the same time, this growth creates serious security concerns, especially for the resource-limited devices that underpin most IoT deployments [6,7]. The rapid uptake of IoT has therefore driven research into privacy-preserving methods such as lightweight cryptography, federated learning, and differential privacy [8,9]. Nonetheless, protecting constrained environments remains challenging and requires holistic strategies that balance data confidentiality, user privacy, and robust anomaly detection [10].
IoT trustworthiness refers to the justified confidence in a system’s ability to deliver its intended service while maintaining critical properties throughout its operational lifecycle [11]. This concept comprises several interdependent pillars: security (confidentiality, integrity, and availability), privacy, safety, reliability, and resilience. Frameworks like zero-trust explicitly operationalize these pillars through principles such as least-privilege access, continuous verification, and data confidentiality by design [10]. Confidentiality restricts data access to authorized parties; integrity protects data and systems from unauthorized modification; and availability ensures timely, dependable access to services and information. Authenticity—verifying device identities and data provenance—underpins both integrity and confidentiality. Privacy guarantees that personal and sensitive information is managed according to applicable policies and regulations (e.g., GDPR and CCPA) and fundamentally depends on security controls such as confidentiality. Safety denotes the absence of unacceptable physical-harm risks, which can be undermined by breaches of security (for example, integrity failures). Reliability is the capability to perform required functions under specified conditions and relies on sustained integrity and availability. Resilience denotes the capacity to withstand, adapt to, and recover from disruptions—an advanced expression of reliability and availability, especially under adversarial conditions. These properties appear at device/node, data, and system levels, together forming a comprehensive trust model for IoT environments.
Resource-constrained devices—typically class 0/1 with strict limits on CPU, memory, and energy [12]—are widespread in IoT deployments and introduce distinct security challenges. Their limited resources demand tailored solutions that carefully trade off protection and cost [13], as seen in adaptations of federated learning and cryptographic protocols for heterogeneous IoT networks [9]. Even though edge/fog devices (class 2) provide greater capability, they remain far more constrained than cloud infrastructure and therefore require security mechanisms optimized for limited environments.
This review argues that achieving robust IoT trustworthiness requires combining privacy-enhancing technologies (PETs) with anomaly detection (AD). PETs deliver preventive protection via cryptographic and privacy-preserving controls, while AD supplies reactive, behavior-based monitoring. Together they form complementary defense layers: PETs preserve the integrity and confidentiality of data that AD relies on, and AD can reveal threats that evade cryptographic boundaries. This integrated strategy is recognized as crucial for next-generation secure IoT, aligning with paradigms that fuse federated learning with behavioral analytics [9] and embed zero-trust principles [10]. Consequently, it helps mitigate the enlarged attack surface and the evolving adversary tactics documented in recent IoT threat reports [14,15,16].
Our work advances the field through three key contributions:
  • A novel multi-dimensional taxonomy for IoT anomaly detection (Section 4) addressing deployment paradigms, resource constraints, real-time requirements, protection techniques, and communication constraints.
  • A critical review of hybrid security frameworks integrating lightweight cryptography with distributed intelligence for constrained environments.
  • Actionable mitigation strategies derived from real-world breach analysis, providing practical guidance for industry practitioners.
Our review contributes two practical things. First, we present a clear taxonomy and gap analysis that help guide research into resource-efficient security designs, particularly for hybrid frameworks and modern cryptography. Second, we translate those findings into tangible recommendations for industry practitioners—for example, better edge–AI integration, clearer standards, and mitigation strategies drawn from real breaches to improve resilience against evolving threats. As IoT moves into high-stakes domains like smart energy grids and elderly-care monitoring, this work gives researchers and practitioners scalable, trustworthy approaches they can actually apply.
This review progresses as follows: Section 2 outlines the methodology; Section 3 analyzes IoT security foundations, constraints, and core techniques; Section 4 presents our anomaly detection taxonomy and its application; Section 5 discusses the integrated implications and core tensions; Section 6 identifies future research directions; and Section 7 concludes this study.

2. Methodology

This review adapted the PRISMA 2020 guidelines [17] to ensure methodological transparency and reproducibility. The approach comprised four phases: search strategy, screening and selection, quality assessment, and data synthesis.
Systematic queries were executed across six academic databases (IEEE Xplore, ACM Digital Library, SpringerLink, ScienceDirect, Scopus, and Web of Science) using the following Boolean search string:
(“Internet of Things” OR IoT) AND (“security” OR “privacy”) AND (“anomaly detection” OR “lightweight cryptography”) AND (“resource-constrained devices”)
While the search used “lightweight cryptography” as a key term, subsequent screening actively included studies on broader privacy-enhancing technologies (PETs), such as federated learning and differential privacy. The initial search yielded 2427 records (January 2025).
Studies were filtered using explicit inclusion/exclusion criteria (Table 1), focusing on resource-constrained IoT devices (class 0/1 per [12]) with empirical validation. After removing 292 records failing basic criteria and 1051 duplicates, 1084 studies underwent title/abstract screening. We conducted a full-text review of 571 studies and performed a structured, qualitative appraisal. This appraisal assessed the robustness of empirical studies by considering factors such as experimental validity (including sample size and dataset characteristics), reproducibility of methods, transparency of reported performance metrics, IoT context relevance, and comparative analysis of evaluation practices. Studies that provided sufficient methodological detail and reported results in the context of class 0/1 device constraints were prioritized in our synthesis. Ultimately, 97 studies qualified for synthesis.
The synthesis of findings was necessarily qualitative rather than quantitative. The high heterogeneity across studies—in hardware platforms, evaluation metrics, experimental conditions, and reporting formats—precluded a formal meta-analysis or the application of a unified scoring rubric. Instead, we focused on identifying common themes, design patterns, and research gaps through a structured comparative analysis, which is organized within the framework of our taxonomy (Section 4) and supported by comparative tables presented in later sections, along with the Supplementary Tables S1–S4.
We acknowledge that excluding non-English publications may introduce language bias and affect the review’s comprehensiveness, given IoT’s global research landscape. While we mitigated this by scanning reference lists of key reviews for prominent non-English works, our synthesis primarily reflects the English-language literature. This limitation should be considered when interpreting the findings.
The included studies were systematically classified into three thematic categories aligned with our research objectives: (1) inherent security constraints and real-world breaches; (2) privacy-preserving techniques and lightweight cryptography; and (3) anomaly detection methodologies optimized for constrained environments.

3. IoT Security Foundations: Constraints and Core Techniques

Resource-constrained IoT devices face particular security challenges that originate from fundamental hardware limitations, trust management complexities, and systemic architectural vulnerabilities. This section analyzes these core constraints and their implications for implementing effective security measures in constrained environments, establishing the foundation for understanding why specialized privacy-enhancing and anomaly detection approaches are necessary.

3.1. Security Limitations in Resource-Constrained IoT

3.1.1. Hardware and Computational Constraints

Resource-constrained IoT devices (RFC 7228 classes 0 and 1 [12]) operate under strict CPU, memory, and energy budgets that fundamentally dictate feasible security mechanisms. Typical devices in these classes are built around sub-100 MHz microcontrollers, often with less than 50 KB of RAM and 100 KB of flash storage, and are frequently powered by batteries or energy harvesting. These limitations have direct consequences: (1) computationally intensive cryptographic operations significantly increase latency and energy consumption; (2) scarce memory prevents large buffering or complex stateful protocols; and (3) stringent energy budgets force a trade-off between core functions (e.g., sensing) and security operations (e.g., authentication and secure over-the-air updates). In continuous operation, security mechanisms can consume up to 60% of the total power budget [18], making this trade-off critical.
These constraints impede the use of full protocol stacks and standard security libraries. Consequently, node software is designed for minimal code size and runtime memory at the expense of extensibility and comprehensive security [19]. The resulting processing limitations severely degrade cryptographic implementations. The absence of hardware crypto-accelerators, a common cost-saving measure, forces inefficient software-based execution (e.g., of AES) that drastically reduces system performance and responsiveness [20]. While studies like that of Lachner et al. [21] demonstrate performance variation across hardware, they often overlook energy costs—a critical oversight for IoT. This often forces the adoption of compressed protocol variants or the delegation of complex functions, such as asymmetric cryptography, to nearby gateways or edge proxies [22].
Limited RAM and persistent storage severely restrict cryptographic choices and key management on class 0/1 devices. These devices often cannot store certificate chains, multiple large keys, or the runtime state required by standard TLS/DTLS sessions. As a result, practitioners resort to weaker security parameters, static key provisioning, or very compact cryptographic schemes [23]. These trade-offs raise the risk of key extraction and key reuse attacks and make secure credential lifecycle management more difficult [24].
The cumulative effect of these constraints creates systemic security weaknesses. Forced software implementations and simplified protocols introduce new attack surfaces, and even more capable edge devices require continued optimization. These hardware and computational constraints establish the main challenge that subsequent sections address through specialized privacy-enhancing technologies and optimized anomaly detection approaches.

3.1.2. Trust and Security Management Challenges

The resource-constrained nature of IoT devices makes it hard to build and maintain trust at the device, data, and system levels. Trustworthiness in IoT environments goes beyond conventional security [25] and must account for multiple interdependent properties (see Section 1). In practice, constrained memory, compute, and connectivity force designers to rethink what “trustworthy” means for each layer of the stack.
Implementing trust evaluation models on constrained hardware is challenging. Frameworks such as T-safe [26] illustrate how complex it is to assess trust across different device roles, such as source nodes (sensing data) and relay nodes (forwarding data). However, these models are validated only in MATLAB R2018a or rely on cloud-centric assumptions that do not translate well to distributed edge deployments. This gap between proof-of-concept and field-ready validation limits the models’ practical usefulness [26].
Putting trust mechanisms alongside security protocols exposes further weaknesses. Many current approaches are reactive and fragmented, and suggestions to combine edge computing with AI for trust management frequently lack real-world deployment tests, which hides important scalability and sustainability problems [7]. Without deployment evidence, it is difficult to know whether these integrations will hold up under realistic constraints.
Protocol fragmentation and interoperability issues make trust even harder to achieve. The absence of unified security standards across IoT ecosystems creates trust boundaries that are difficult to bridge, particularly in cross-vendor and cross-domain scenarios [27,28]. This fragmentation is exacerbated by legacy device integration challenges and the proliferation of proprietary protocols that resist standardized trust evaluation.
Data ownership and sharing models add another layer of complexity. Proposed shared-ownership frameworks try to capture dynamic trust relationships [29] but face scalability challenges and inherent trust assumptions that may not hold in practical deployments. The systematic failure to ensure clear data ownership fuels uncontrolled data sharing with third parties, creating cascading trust violations across the IoT ecosystem.
Regulatory fragmentation complicates these technical issues by adding legal and compliance burdens. Conflicting cross-border data flow rules create divergent trust requirements, and many compliance frameworks do not prevent privacy erosion in centralized systems [30]. Effective trust models therefore need to be adaptable to different legal regimes without compromising security or usability.
Taken together, these problems produce a trust management landscape dominated by reactive solutions, unvalidated theoretical frameworks, and scalability paradoxes. Current work too often addresses single trust properties in isolation instead of the holistic, interdependent trustworthiness that constrained IoT ecosystems require. Moving forward will require deployment-validated approaches that balance technical, organizational, and legal realities.

3.1.3. Architectural and Protocol Vulnerabilities

The distributed, heterogeneous structure of IoT ecosystems creates architectural weak points that go beyond any single device’s limitations. Protocol fragmentation and gaps in interoperability become especially harmful when devices are resource-constrained, amplifying systemic security risks.
Protocol security is a major attack surface in many deployments. Wireless Personal Area Network (WPAN) protocols, while tuned for low power, frequently omit full-featured security controls and therefore expose exploitable attack vectors [31]. Inadequate encryption increases the risk of Man-in-the-Middle (MITM) attacks, and simplified authentication mechanisms in constrained protocols facilitate unauthorized access [32,33].
Architectural fragmentation prevents the adoption of unified security standards across IoT. A growing set of proprietary protocols and vendor-specific implementations creates interoperability barriers that compromise standardized security frameworks [27,28]. This fragmentation is particularly problematic in cross-domain scenarios where devices from different manufacturers must exchange trust without a common baseline.
Data-sharing architectures add another layer of risk. When ownership and control are unclear, data routinely flows to vendors and third parties without adequate oversight, producing cascading privacy violations [29,34]. Proposed shared-ownership models try to formalize dynamic trust relationships but still struggle with scalability and fragile trust assumptions that may not hold in practical deployments [29].
Vulnerabilities in communication protocols open many different attack paths. Insecure implementations allow injection attacks that can disable or corrupt core functionality, and ubiquitous connectivity creates endpoints that can be extorted or taken offline [35,36]. Protocol-specific weaknesses in constrained networking standards also enable traffic analysis, replay attacks, and denial of service.
Regulatory and compliance fragmentation amplifies these technical problems. Cross-border data flow regulations create conflicting security requirements, while jurisdictional loopholes are exploited to normalize data exploitation practices [30,37]. Many compliance frameworks focus on enterprise settings and fail to address the special needs of constrained IoT deployments.
Industrial IoT introduces sector-specific architectural challenges. Merging operational technology with information technology surfaces new vulnerabilities, and industry protocols—often legacy or proprietary—frequently lack modern security controls [38]. Compatibility issues between legacy industrial systems and new IoT components further complicate secure integration.
Many proposed multi-layer security frameworks for smart environments remain largely theoretical and untested in constrained, real-world deployments [39,40]. Conceptual, holistic approaches often hit practical limits, computational overhead, interoperability gaps, and scalability problems, when applied across heterogeneous device networks.
These architectural and protocol issues create a security landscape with systemic weaknesses that device-level fixes alone cannot resolve. Addressing this requires integrated solutions that cover protocol design, architecture, and cross-layer defenses, all tailored for resource-limited IoT contexts.
A comprehensive analysis of the key studies examining these hardware, trust management, and architectural challenges is provided in Table 2, which summarizes their contributions and the limitations identified in our review. An extended quantitative analysis of these studies, including performance metrics, energy consumption, and device class specifics, is provided in Supplementary Table S1.

3.2. Lightweight Cryptography and Authentication

Lightweight cryptographic solutions are essential for securing resource-constrained IoT devices while maintaining acceptable performance levels. This section analyzes the trade-offs between leading encryption algorithms and authentication protocols optimized for constrained environments.

3.2.1. Lightweight Encryption Algorithms

The choice of encryption for IoT is a trade-off: stronger cryptography provides security but incurs computational overhead, memory usage, and energy consumption. NIST-standardized ASCON [45] has emerged as a practical favorite for constrained devices because it delivers authenticated encryption with low overhead. ASCON’s Authenticated Encryption with Associated Data (AEAD) capability gives both confidentiality and integrity in one step [46], and benchmark studies report efficient software and hardware performance [47,48]—for example, mean processing times of about 80 ms in CupCarbon-simulated IoT networks while keeping strong security guarantees [48].
Traditional AES remains a robust choice for long-term protection, but it depends on hardware acceleration to be practical on ultra-constrained nodes. Comparative analysis reveals that ASCON often outperforms AES when running purely in software on class 0/1 devices, whereas AES keeps the edge on platforms with dedicated crypto hardware [49]. When AES acceleration is not available, ChaCha20-Poly1305 is an efficient alternative: it offers AEAD functionality with good software performance and moderate-term security properties [50], and some resource-constrained implementations report faster software execution for ChaCha20-Poly1305 than for AES-based modes [51].
Specialized, ultra-lightweight ciphers and hybrid schemes solve specific problems but bring additional trade-offs. Algorithms like SPECK are designed for speed and tiny footprints, yet they may raise concerns about long-term cryptanalytic strength [49]. Hybrid compression-plus-encryption schemes reduce transmission volume but overload the endpoints, which can create system-level bottlenecks [52,53]. For multimedia IoT use-cases, crypto-compression approaches have shown roughly 30% faster processing, but they usually require server-side reconstruction, limiting suitability for fully distributed deployments [52].
For images, researchers have explored specialized ciphers that aim for greater diffusion and confusion than general-purpose algorithms can deliver. Notably, Liao et al.’s 3DSFF [54] combines a 3D hyperchaotic generator, a dynamic S-box, and a Fibonacci Q-matrix and reports near-ideal Shannon entropy and strong resistance to differential attacks. However, this security comes at a cost: encrypting a 512 × 512 frame requires roughly 0.55 s on a modern CPU, making real-time video or very large images impractical; even on a Raspberry Pi 5 (class 2 device [12]) the scheme is still well outside the resource envelope of class 0/1 microcontrollers. In short, high-strength, image-specific encryption occupies a different design space from the lightweight primitives intended for ultra-constrained sensing nodes.
In practice, encryption selection must also align with data sensitivity and protection lifespan. Long-term sensitive data (health records and credentials) justifies the use of ASCON or AES despite higher resource costs. For moderate-term protection, ChaCha20-Poly1305 achieves a good balance. For short-lived, low-sensitivity data, performance-optimized options such as SPECK may be acceptable despite potential security trade-offs.

3.2.2. Resource-Efficient Authentication Protocols

Authentication on resource-constrained IoT devices must minimize computational overhead while still verifying identities reliably. Physically Unclonable Functions (PUFs) are attractive here because they provide hardware-rooted trust without storing long-term keys and they resist some forms of physical tampering [55,56].
PUF-based schemes show clear benefits in low-resource settings. For example, PLAKE [55] uses device-specific PUF responses to authenticate devices without key storage, but it can struggle to scale and often depends on backend servers for large deployments. SRAM-PUFs [56] are lightweight and produce high entropy, yet aging and reliability issues mean they need careful provisioning and error correction. Dual-PUF mutual authentication [57] can increase robustness by combining physical traits, but it may create server bottlenecks and stability problems if devices reset frequently.
Cryptographic authentication protocols offer alternative approaches with different trade-offs. ECC paired with HMAC keeps computation low but still lacks broad real-world testing [58]. Identity-Based Cryptography using ECC removes certificates but reintroduces a centralized Private Key Generator as a single point of failure [59]. More experimental ideas—for example, key-exchange schemes inspired by nature and neural techniques—can be energy-efficient but often suffer from synchronization and heterogeneity issues across diverse devices [60].
Choosing an authentication approach means balancing efficiency, storage, and decentralization. PUFs minimize runtime computation overhead and avoid stored keys, but they tie security to hardware quality and lifecycle reliability. Purely cryptographic methods run in software and are more flexible, yet they usually require more processing and can reintroduce centralized trust or coordination points. Practical deployments often use hybrids or add corrective mechanisms (e.g., error correction for PUFs and lightweight key management) to manage these trade-offs.
A compact comparison of security strength, resource cost, and decentralization for the lightweight encryption and authentication options discussed here is presented in Table 3. A more detailed breakdown of the individual studies and their limitations is provided in Table 4. Supplementary Table S2 offers an extended comparative analysis of these schemes, detailing testbed environments, performance benchmarks, and resource costs for constrained hardware.
The cryptographic landscape for constrained IoT is fundamentally a set of trade-offs: stronger guarantees usually cost CPU cycles, memory usage, and battery life. Lightweight AEAD schemes such as ASCON [45] are a good starting point, and PUF-based authentication [55] can provide hardware-rooted identity verification. That said, a secure, practical deployment depends on matching choices to device class, realistic threat models, and how devices operate in the field (e.g., connectivity patterns, update cadence, and expected lifetime).
Key implementation considerations are as follows:
  • Hardware dependencies significantly affect algorithm throughput and energy use (e.g., AES with hardware accel vs. pure-software ASCON);
  • Distributed key management remains challenging—provisioning, rotation, and revocation must fit constrained lifecycles;
  • Protocol interoperability determines how well a solution scales across vendors and domains;
  • Long-term security requirements (e.g., how long data must remain confidential) should be weighed against immediate resource limits.
Therefore, effective IoT cryptography needs tailored approaches. It requires encryption algorithms and authentication mechanisms chosen for the target hardware, validated on representative devices, and supported by realistic operational practices, like threat modeling, lifecycle plans, and interoperable protocols, so security gains do not collapse under real-world constraints.

3.3. Privacy-Enhancing Technologies for Constrained Environments

Privacy-enhancing technologies (PETs) provide critical protection for sensitive IoT data while addressing the fundamental constraints of resource-constrained devices. These techniques balance privacy preservation with the computational, memory, and energy limitations of class 0/1 IoT devices, enabling secure data processing without compromising device viability.

3.3.1. Federated Learning for Distributed Privacy

Federated learning (FL) lets many IoT devices train a shared model without sending raw data to a central server. Devices keep sensitive records locally and only share model updates, which helps with privacy and reduces bandwidth needs in constrained deployments [9].
Edge-focused implementations show that FL can work even on class 0/1 devices. For instance, PrivStream [68] executes lightweight MLP/RNN models locally and applies differential privacy noise to the model updates, thereby minimizing the attack surface for applications such as healthcare monitoring, albeit with some loss of generality. Likewise, Astillo et al. [69] demonstrate that compressed and quantized CNN/MLP models running on Raspberry Pi nodes can support diabetes management tasks, preserving accuracy while avoiding centralized data aggregation.
At the same time, FL brings practical and security headaches in constrained settings. Frequent model update exchanges can overwhelm low-bandwidth links and drain batteries, so efficient communication protocols, compression, and sparsification are essential. In this context, feature selection can dramatically reduce FL communication overhead. Wang et al. [70] used mutual information to reduce features from 85 to 16, enabling federated DNN training with only a 4.32 MB communication cost versus 3.54 GB for centralized approaches while achieving 99.4% accuracy in simulations—showing how preprocessing optimizations make deep learning feasible in federated IoT settings.
Statistical heterogeneity—clients holding non-independent and identically distributed data—slows convergence and can bias global models, which is why recent work favors personalization layers, meta-learning, and client-aware aggregation strategies to make FL robust in real-world IoT networks [71].
Cross-layer optimization offers one route to lowering the resource burden associated with FL on constrained devices. Hajj et al. [72] combine cluster-based sampling with a federated baseline K-means model, reducing inference latency on an Arduino Nano 33 from 32 ms to 9 ms while retaining a recall of 0.97 for intrusion detection. This result further demonstrates that thoughtful preprocessing can make FL feasible even for class 0 hardware.
In real-world deployments, slow devices, intermittent connectivity, and devices frequently joining or leaving make synchronized model updates difficult. To handle this, FL systems require robust scheduling or must adopt asynchronous or hierarchical designs. Lastly, model update privacy and integrity are open concerns: naive update aggregation can leak private information and is vulnerable to corruption or backdoor attacks, requiring secure aggregation, differential privacy mechanisms, and Byzantine-resilient aggregation to defend against malicious clients [73]. Note that many of these protections increase computation and communication overhead, so their deployment must be budgeted against device constraints [74].
To make FL practical and privacy-preserving for IoT, a co-design approach is essential. This involves tailoring model architectures, compression (e.g., quantization), secure aggregation, and scheduling policies to real-world device profiles. Such integration is the key to managing the inherent computational overhead and overcoming deployment hurdles like synchronization challenges and heterogeneous device capabilities in practical IoT scenarios.

3.3.2. Differential Privacy for Data Protection

Differential privacy (DP) protects individuals by adding carefully calibrated noise to data or computations, making re-identification much harder while still allowing useful analysis [75]. The mathematical guarantee—applied locally on the device or to model updates—fits well with constrained IoT because it can be implemented with modest overhead in some constrained setups when carefully tuned, but overhead depends on privacy parameters, aggregation scheme, and implementation. In short, DP lets devices keep raw data on-device and share only noisy summaries, which preserves aggregate utility while reducing privacy risk [68].
On-device DP work shows that this approach can be both practical and fast. For example, an OCSVM-based method with DP guarantees [76] reported 99.18% detection accuracy while running locally on constrained hardware, and it processed flows about 40× faster than deep learning alternatives in the authors’ tests. These kinds of results make DP attractive for latency-sensitive, privacy-critical use cases (e.g., health monitoring or local anomaly detection), where sending raw data off-device is unacceptable.
That said, DP requires careful tuning to be useful. The noise level—commonly controlled by the epsilon parameter—directly trades privacy for utility. This parameter should be chosen with the application’s sensitivity and the device’s capabilities in mind. In ultra-constrained devices, simplified or hybrid DP variants (e.g., reduced computation, coarser noise injection mechanisms, or occasional offload to gateway nodes) can offer practical protection without the full cost of a complete DP stack.

3.3.3. Edge–Cloud Privacy Frameworks

Hybrid edge–cloud architectures split work between local devices and remote servers: sensitive data stays on the edge while computationally heavy tasks such as model training, complex analytics, or large-scale encryption run in the cloud. This trade-off makes privacy-preserving workflows feasible even for class 0/1 devices by offloading expensive operations while keeping raw data local, which also helps with bandwidth and latency constraints.
Cloud-assisted frameworks show how this can scale in practice. For example, RT-PPS [77] uses multi-authority encryption and separated trust domains to enable secure cross-organizational sharing with low latency. Likewise, MPC-based solutions process encrypted data shares across multiple clouds for tasks such as real-time fall detection [78]; however, their reliance on cloud infrastructure can limit applicability in truly decentralized or intermittently connected deployments.
Beyond cloud-assisted frameworks, lightweight tokenization schemes [79] offer practical on-device privacy for traffic inspection, helping block MITM threats with minimal processing overhead. Similarly, adaptive privacy mechanisms [80] allow devices to dynamically adjust protection levels—such as using stronger encryption for sensitive health data while relaxing it for routine telemetry—based on context and available resources.
Techniques for encrypted processing extend protection to data in use. Encrypted image retrieval systems [81,82] let IoT data from cameras and sensors be analyzed without exposing raw imagery, using methods like locality-sensitive hashing and CNNs on encrypted representations. These approaches reduce surveillance risk and keep computation tractable through careful algorithmic optimization, though they do add complexity and sometimes extra latency that must be accounted for in system design.
In summary, selecting PETs for constrained IoT involves choosing the minimal set of protections that match the operational context. Federated learning preserves raw data on-device but requires communication optimization. Differential privacy provides mathematical guarantees with tunable noise. Edge–cloud hybrids offload intensive tasks while keeping sensitive data local. Complementary lightweight privacy primitives—including tokenization, adaptive mechanisms, and efficient encryption schemes—offer additional, context-aware layers of protection. The viability of these techniques for class 0/1 devices is summarized in Table 5.
PETs for constrained IoT force a simple trade-off: better privacy usually costs CPU, memory, or battery. Federated learning and differential privacy are good fits for many class 0/1 scenarios—FL when you can tolerate periodic model exchanges and DP when noisy summaries are sufficient—while edge–cloud hybrids let tiny devices participate in stronger workflows by offloading the heavy work. Choosing the right mix depends on the device class, how sensitive the data are, and what the application can tolerate in latency and energy use.
Implementation guidelines for constrained environments are as follows:
  • Match model complexity to the device’s capabilities;
  • Set privacy budgets that reflect data sensitivity and real-world risk, not arbitrary defaults;
  • Use hybrid architectures to push intensive tasks to the cloud while keeping raw data and short-lived processing at the edge;
  • Prefer adaptive schemes that raise protection for critical data and relax it for low-value telemetry when resources are tight.
PET research continues to narrow the gap between strong privacy guarantees and tight resource budgets. Current work focuses on communication-efficient FL, lightweight DP variants, and edge-aware encrypted processing so that deployed systems can offer robust privacy without overwhelming constrained hardware. Table 6 summarizes the studies discussed in this section and the specific constraints they identify for class 0/1 devices. For a detailed breakdown of implementation performance, privacy guarantees, and resource metrics across these PET studies, see Supplementary Table S3.

3.4. Real-World Breach Analysis and Mitigations

Real-world IoT security breaches provide critical insights into systemic vulnerabilities and the practical consequences of security failures in constrained environments. Analysis of high-impact cases reveals recurring patterns that highlight the necessity of integrated privacy-enhancing technologies and anomaly detection strategies.

3.4.1. High-Impact Breach Case Studies

Mirai shows how a small flaw becomes a huge problem. By probing devices that still used factory-default credentials, the malware quickly turned large numbers of IP cameras and routers into a botnet used for massive DDoS attacks [85,86]. That the same basic technique keeps resurfacing in later variants underlines how often fundamental authentication gaps go unaddressed [87,88].
The Jeep Cherokee case highlighted risks in connected vehicles. Security researchers were able to reach the infotainment system remotely and from there interfere with steering, braking, and acceleration—a clear demonstration that entertainment and safety functions must be separated and strongly controlled [89]. Later incidents such as the reported Kia web portal vulnerabilities [90] show that these interface problems are still a real threat.
Consumer IoT failures tell a similar story. In the Ring doorbell incident, attackers captured Wi-Fi credentials during a reconfiguration flow that exposed them in plaintext over HTTP, allowing unauthorized access to users’ networks and devices [91]. This failure in basic data protection highlights the consequence of inadequate encryption.
Complex devices multiply the danger. The Akuvox intercom compromise combined multiple flaws that allowed unauthorized entry, remote code execution, and covert use of cameras and microphones [92]. This case illustrates how complex IoT devices can introduce multiple attack vectors when security is not integrated throughout the design lifecycle.
Trend Micro’s work found internet-connected speakers exposing data and network details through unauthenticated web interfaces—items that are trivial to find with tools like Nmap and Shodan [93]. The same pattern appears in odd places too: researchers even demonstrated how insecure Bluetooth-enabled toys can leak audio and personal information [94].
Recent large-scale incidents underline the stakes. A 2025 leak exposed billions of Wi-Fi credentials and device records from a poorly protected database, showing how misconfigured data stores become high-value targets [95]. Long-term monitoring studies also reveal accelerating attack cycles and a bias toward ARM-targeting malware, stressing that default settings, weak segmentation, and exposed data remain systemic problems [96].

3.4.2. Systemic Vulnerability Patterns

Analysis of these breaches shows a handful of recurring failures. The easiest entry point remains default credentials: attackers exploited unchanged factory logins to build the Mirai botnet at scale [85]. Poor patch management compounds the problem—unpatched firmware gives malware a steady target and shortens attackers’ time to exploit, as long-term monitoring studies demonstrate [96]. Insecure APIs and web interfaces expose critical functions that accept remote commands without strong authentication. These software gaps are worsened when data in transit is left unencrypted, making secrets like Wi-Fi passwords easy to intercept, and when networks lack segmentation, allowing attackers to move from compromised consumer-facing systems into safety-critical zones.

3.4.3. Derived Mitigation Strategies

The incidents point to a compact set of practical defenses that work together. First, eliminate default credentials and enforce device-unique identities—preferably anchored in hardware roots of trust (e.g., PUFs or secure elements) so credentials cannot be trivially cloned. Second, put robust firmware lifecycle controls in place: signed, integrity-checked over-the-air updates with mandatory verification before installation. Third, harden all exposed interfaces by applying strict API security practices (e.g., input validation, authentication, authorization, and rate limiting) and by minimizing administrative surfaces. Fourth, require end-to-end encryption for all sensitive channels so credentials and telemetry are never sent in plaintext. Finally, adopt fine-grained network micro-segmentation to isolate non-critical services from safety-critical functions, limiting lateral movement after a compromise. Combined, these measures address the common failure modes observed across the case studies.
Underpinning all these technical controls is the demonstrated need for an integrated privacy-enhancing technology and anomaly detection (PET-AD) approach; for instance, while Mirai exploited an authentication failure, anomaly detection could have flagged its unusual network behavior, just as behavioral monitoring could have detected the interface bypassing in the Jeep Cherokee and Kia hacks.
These breach cases, their corresponding technical mitigations, and the essential role of an integrated PET-AD approach are systematically mapped in Table 7.
These vulnerabilities keep reappearing long after they were first exposed, which makes one thing clear: small fixes are not enough. The pattern of repeat incidents shows that we need deeper changes to how IoT systems are designed and protected. Combining privacy-enhancing technologies (PETs) with anomaly detection (AD) gives a layered defense that tackles both prevention failures and the detection gaps exposed by real-world breaches.
Practically, that means shifting from retrofitting security to a “security by design” mindset. Start with hardware-rooted trust (secure elements or PUFs) and automated integrity-checked update mechanisms that work on constrained devices and pair them with continuous monitoring and preventive controls at the edge and in the network. When these elements are integrated—cryptographic protections, access controls, and behavior-based detection—they form a resilient defense-in-depth approach.
The case-study evidence in this review shows that the PET–AD integration is not just theoretical: it is a necessary, practical strategy for addressing the kinds of compromises we keep seeing in the wild. Real gains will come from implementing, testing, and iterating these integrated solutions on representative devices and deployments.

3.5. Advanced Security Enablers: AI/ML and Blockchain

In the context of constrained IoT, the integrated PET–AD paradigm is supported by two technological domains: artificial intelligence and machine learning (AI/ML) and blockchain. AI/ML supplies the adaptive capability required for efficient, on-device anomaly detection and forms the methodological foundation for privacy-preserving approaches such as federated learning. Blockchain, by contrast, provides an architectural means to distribute trust and produce verifiable audit trails, thereby addressing vulnerabilities in distributed PET–AD workflows—most notably secure model aggregation and tamper-evident logging. Rather than regarding these technologies as adjacent, this section examines AI/ML and blockchain as enablers of the PET–AD framework and evaluates their practical viability in light of the severe computational, memory, and energy constraints characteristic of class 0/1 devices and the systemic gaps identified in our breach analysis (Section 3.4).

3.5.1. Artificial Intelligence and Machine Learning for IoT Security

Within the PET-AD framework, AI/ML’s primary value lies in implementing resource-aware anomaly detection and enabling scalable privacy-preserving computation. For instance, ML models form the core of detection agents in systems like R-IDPS [97] in Software-Defined Networking and reports 97–99% accuracy against certain attacks, though its coverage is limited and it has mainly been tested in simulated settings. Work by Illy et al. [98] shows modest accuracy gains (around 5–10%) when multiple features are combined in home environments, and hybrid methods such as the Artificial Orca Algorithm with ensemble learning [99] can improve detection further, at the cost of added computational complexity.
Researchers are actively pushing ML toward the edge so that these gains become practical on constrained hardware. Hardware acceleration approaches like Al-rubaye et al. [100] pair Google Coral TPUs with Raspberry Pi 5 and use quantized models that reduce inference latency by more than half. Such hardware-aware optimizations are not just for standalone detection; they are prerequisites for deploying practical federated learning (a key PET) on edge nodes, making local model training and update generation feasible within tight power budgets.
For severely constrained devices, offline SVM training techniques have shown dramatic energy savings (up to 350× lower energy in [101]), although they introduce longer training times and risks like SRAM overflow. Hybrid IoT–cloud setups, such as Shahid et al.’s ensemble framework for water quality prediction [102], can be useful in practice but face challenges with dataset overfitting and unvalidated energy consumption.
Communication-efficient deep learning is important for distributed IoT security. Wang et al. [70] demonstrated that federated DNNs with mutual information feature selection outperform centralized and other FL methods in both accuracy (99.4%) and communication efficiency in simulation environments, providing a template for privacy-preserving deep learning in resource-aware deployments.
Therefore, the evolution of AI/ML for constrained IoT is pivoting from pure accuracy metrics towards co-designing lightweight models and training schemes that align with the taxonomy’s resource dimensions (Section 4). This enables their dual role as both efficient anomaly detectors and as the computational backbone for privacy-preserving techniques like FL and DP.

3.5.2. Blockchain-Enabled Security for IoT

Blockchain technology helps resolve a central tension in distributed PET–AD systems: how to establish verifiable trust and coordination in the absence of a central authority. This capability is important for securing operations such as model aggregation in federated learning and for maintaining immutable logs of detected anomalies. The attributes typically associated with blockchain—decentralized trust, verifiability for audit, and the reduction in single points of failure—can therefore mitigate many of the risks inherent to centralized architectures that have been exploited in past breaches [86,90]. For example, hybrid approaches that combine searchable symmetric encryption with neural network-based analytics offer a promising path for protecting data access while keeping latency within acceptable bounds; nevertheless, challenges remain with legacy system compatibility and additional computational overhead [103].
To make blockchain practical for constrained IoT, researchers propose hybrid architectures that mix lightweight ledgers with off-chain computation. Some implementations demonstrate acceptable latency on devices such as ESP32 and Raspberry Pi, but they still depend on platform-specific features and may expose unquantified risks from external services [104]. Decentralization helps against attacks that exploit centralized update and credential mechanisms (as with Mirai [85]), but it does not remove all operational or integration hurdles. These hybrid models represent a specific trade-off within our taxonomy Section 4, opting for a fog/cloud deployment paradigm to manage the communication and computational constraints of class 0/1 devices, while still providing a decentralized trust layer for PET-AD operations.
In summary, AI/ML and blockchain are not peripheral but pivotal to realizing the integrated PET-AD vision for constrained IoT. AI/ML provides the adaptive intelligence for both efficient anomaly detection and the machinery of privacy-preserving computation. Blockchain offers an architectural paradigm to decentralize trust, critical for secure and verifiable PET-AD operations in distributed networks. The paramount challenge, as with all components in this review, is their co-design into resource-conscious protocols that respect the strict energy, memory, and computational limits of the IoT edge, transforming theoretical robustness into deployable trustworthiness.

4. Anomaly Detection in IoT Data

Anomaly detection in IoT matters for both safety and security. It spots faults that could cause physical harm and flags malicious activity that threatens system integrity. In practice, this means continuously monitoring sensors, logs, and data streams for deviations from expected behavior—for example, an unexpected temperature spike on an industrial sensor or an unusual sequence of control commands. Because it protects multiple trust properties (see Section 1), anomaly detection is a versatile building block for resilient IoT systems.

4.1. Classification of Anomaly Detection Techniques in IoT

Most existing taxonomies classify anomaly detection along a single axis (e.g., by application or algorithm). Even multi-view efforts such as [105]—which consider the nature of the anomaly, analyzed data, detection principles, and application domain—do not fully capture the constraints unique to IoT deployments. To close this gap we propose a five-dimension taxonomy (Figure 1) that explicitly incorporates IoT realities: deployment paradigm (edge/fog/cloud), resource constraints (computation/memory/energy), real-time needs (stream vs. batch processing), protection techniques (privacy/security requirements), and communication constraints (compression/event-driven reporting). This multi-dimensional view makes it easier to pick detection approaches that actually fit the device class and operational context.
The five-dimensional taxonomy emerged through an iterative, grounded examination of the studies collected in our systematic review. We extracted key design attributes—such as hardware platform, energy footprint, and privacy mechanisms—from each work and grouped them into clusters. Through successive refinements, these clusters converged into five dimensions that, taken together, offered a sufficiently concise yet expressive structure for capturing the main design tensions and constraints reported in the literature. In this way, the taxonomy remains closely tied to empirical evidence and reflects the practical challenges faced in constrained IoT settings.
To explore the taxonomy’s usefulness in practice, we applied it to three representative IoT anomaly detection systems: PrivStream [68], TEDA [106], and IoTREPAIR [107]. As shown in Table 8, the taxonomy captures the central design trade-offs embodied in each system, supporting comparative analysis and broader design space reasoning. While this internal validation indicates that the taxonomy is consistent and applicable across diverse cases, its value would be strengthened through external expert assessment and use in guiding the development of new system architectures. We therefore present the taxonomy as a conceptual tool intended to support more systematic research and design in resource-constrained IoT environments, rather than isolated solution-specific advances.
Considering the deployment, there are three well-known computing architectures: edge, fog, and cloud computing. The anomaly detection mechanism can be implemented in any of them, but its performance will be affected by the characteristics of the computing paradigm. Powerful computations can be performed in the cloud; thus a more complex algorithm and a larger amount of data can be used for anomaly detection. Performing it in the fog or edge layer leads to reduced latency.
The resource constraints refer to the challenges that often characterize IoT systems: reduced computational power, memory, and energy resources. To overcome them, anomaly detection techniques must be optimized. This category contains the following sub-criteria:
  • Computation—lightweight algorithms are designed to overcome the problem of the limitation of computational power. They include simple statistical methods (e.g., min–max thresholds and moving average), dedicated designed algorithms (e.g., TinyML), and lighter machine learning models (e.g., decision trees and kNN). Approximate computing helps to reduce computational load by trading off solution accuracy for significant computational savings (e.g., lower-precision arithmetic for distance calculations in k-NN or approximate nearest neighbor search [108]).
  • Memory usage—storing all read sensor data to be used at once by the anomaly detection method cannot always be performed due to the device specifications. In streaming algorithms one record can be examined in only a few passes, typically just one (e.g., streaming K-means [109]). Incremental learning models learn from new data as it arrives. Similarly to humans, they square new information over time. Incremental principal component analysis is a good solution when the dataset to be decomposed is too large to fit in memory.
  • Energy consumption—optimizing the data processing pipeline can reduce energy consumption [110]. Data collection can be triggered by specific events or thresholds (e.g., sudden temperature increase). Thus, anomaly detection will be performed less often.
In most IoT applications, real-time or almost-real-time anomaly detection is expected to enable timely responses. Only the results can be stored or transmitted further, so that IoT devices still have resources. Using this criterion, we can identify the following classes:
  • Stream processing—data streams are processed in real time, for instance stream clustering or real-time filtering [111].
  • Batch processing—a specific quantity of data [112] (e.g., daily electricity consumption [113]) is used to detect anomalies.
Protection techniques are crucial in IoT systems, as most of them operate with sensitive data. In this category, the following sub-criteria can be used:
  • Privacy preservation techniques—the identity and sensitive information of individuals or entities can be protected by implementing anomaly detection in an FL environment [114]. Only parameters of the detection models are shared. Another solution is localized anomaly detection. Anomalies are identified locally on the IoT device, and the results are transmitted further, not the raw data.
  • Secure data processing—this refers to protecting data during storage, transmission, and computation. Encryption and anonymization techniques ensure secure data processing (e.g., differential privacy [75]). Secure hardware builds trusted execution environments able to perform anomaly detection to identify unauthorized access.
Anomaly detection technique implementation should consider minimizing the amount of data transmitted so that the communication constraints are respected. Considering these, two classes have been identified:
  • Data compression—not transmitting all the collected data reduces the communication load. Lossless compression techniques reduce data size but conserve the encapsulated information. These approaches are suitable for applications where data integrity is crucial [115]. Lossy compression reduces data size by losing the less important information [116]. It is suitable for applications where cost reduction is more important than accuracy in anomaly detection.
  • Event-driven communication—data transfer is triggered by specific events, resulting in reduced data amounts transmitted over the network [117]. In anomaly-driven reporting, only the anomalous data is transmitted.
Table 8 applies the taxonomy to three real systems to show how different design choices suit different IoT needs. For example, PrivStream [68] is well suited to latency-sensitive elderly-care monitoring because it runs on the edge and uses differential privacy for streaming data. By contrast, TEDA [106] fits ultra-constrained scenarios with low privacy requirements (such as vehicular pavement anomaly detection) since it demands very little computation, even though it lacks privacy safeguards. For large-scale malware hunting across distributed networks, IoTREPAIR [107] is the pragmatic choice because it shifts work to the fog layer and uses federated learning with gradient compression to strike a balance between computational load and privacy.
This classification reveals that no single technique excels in all dimensions; each represents different trade-offs appropriate for specific contexts. The taxonomy makes these trade-offs explicit, moving beyond one-size-fits-all approaches to enable a systematic, context-aware anomaly detection method selection for resource-constrained IoT environments.

4.2. Causes of Anomalies in IoT Systems

Anomaly detection techniques identify abnormal behavior that may indicate various faults or failures within IoT systems. The most common causes are summarized in Table 9, ranging from hardware degradation to complex cyber attacks.
Faulty sensors are a persistent problem in long-term IoT deployments. The method in [118] separates normal, faulty, and compromised sensor behavior by combining spatial correlation theory with machine learning. In a smart-farming testbed, the authors report 98.9% accuracy using CART, Random Forest, and SVM classifiers.
Detecting cybersecurity threats calls for different techniques. IoTREPAIR [107] uses federated learning with MLPs and autoencoders to spot malware, but its validation is simulation-based, which limits confidence in field deployments. DIOT [119] treats network traffic like language and applies Gated Recurrent Unit (GRU) neural networks, reporting 95.6% detection with a 257 ms response time.
Anomalies in data quality crop up across many domains. Studies on water systems [121] and electricity consumption [122,123] typically blend statistical checks with machine learning models. These hybrid approaches perform well, but their need for centralized data often clashes with privacy constraints in real deployments.
The causes and corresponding detection techniques demonstrate that anomaly detection spans both safety and security domains. In IoT environments, these domains frequently intersect—security breaches can directly cause safety hazards, necessitating comprehensive monitoring approaches.

4.3. Anomaly Detection on Embedded Devices

Edge-based anomaly detection on embedded devices requires specialized approaches to balance detection accuracy with resource constraints. Hardware platforms like Arduino, ESP, and Raspberry Pi enable real-time processing while minimizing latency and bandwidth usage.
Mechanical anomaly detection demonstrates the feasibility of embedded ML implementations. Lord & Kaplan [126] deploy autoencoder and variational autoencoder networks on Arduino Nano 33 BLE Sense for washing machine monitoring, achieving 92% accuracy with 5-s inference intervals. The significant performance difference between autoencoder (92%) and VAE (66%) models highlights the importance of model selection for constrained devices.
TinyML solutions optimize for ultra-low-resource environments. Andrade et al. [106] implement the TEDA algorithm on Arduino Nano 33 IoT for pavement anomaly detection, achieving 99% accuracy with minimal computational and memory overhead. However, TEDA’s sensitivity to feature representation and threshold selection requires careful context-specific tuning.
In an industrial IoT context with extreme environmental constraints, Antonini et al. [83] report a fully autonomous TinyML-based anomaly detection system built around an ESP32 microcontroller. The prototype executes an Isolation Forest model locally, with inference latencies below 16 ms and a memory footprint of roughly 84 KB RAM. A notable aspect of their design is the use of blockchain to provide auditability: anomaly events are signed and recorded on the Ethereum network, yet raw sensor readings remain on the device. This work illustrates how coordinated design across edge computing, TinyML inference, and blockchain-backed logging can support trustworthy monitoring in demanding industrial settings, although the blockchain layer introduces non-trivial overhead (560 bytes per transaction).
In the network security domain, Hajj et al. [72] present an intrusion detection system based on federated k-means running on the Arduino Nano 33 platform. Rather than transmitting raw records, the nodes share only cluster statistics during the learning process. Their cross-layer design illustrates how lightweight unsupervised models paired with selective communication can support collaborative defense while remaining within the device’s strict memory limit of 256 KB RAM.
Medical IoT applications demonstrate privacy-preserving edge detection. Astillo et al. [69] combine federated learning with CNN/MLP models on Raspberry Pi devices for diabetes management, achieving 99.17% accuracy while maintaining data confidentiality through model compression and quantization.
These embedded implementations demonstrate practical applications of the taxonomy’s resource constraints dimension, showing how detection algorithms must be optimized for specific hardware capabilities. This is further evidenced by frameworks that combine lightweight statistical anomaly detection with efficient encryption on Raspberry Pi and ESP8266 nodes, achieving real-time analysis without cloud dependency [51].
A detailed comparative analysis of the key anomaly detection methods discussed, including their performance on specific hardware classes, accuracy, and resource usage, is consolidated in Supplementary Table S4.

4.4. Adversarial Attacks on IoT Anomaly Detection Models

The integration of AI/ML models introduces vulnerabilities to adversarial attacks, where carefully crafted perturbations cause misclassifications while appearing normal to human observers. In IoT, attackers can exploit this by tweaking sensor readings or shaping network traffic so detectors miss intrusions or raise false alarms [127].
The consequences are most severe in safety-critical settings such as health monitoring [128], where a manipulated signal could hide a real emergency or trigger unnecessary emergency responses. Because many IoT nodes are resource-constrained to run heavy defenses or stream everything to the cloud, we need lightweight, practical countermeasures that work on-device or at nearby edge nodes.
Useful directions include simple input-cleaning filters like feature smoothing that strip out adversarial noise [129] and training strategies that account for low-precision deployment, such as quantization-aware adversarial training [130]. Field studies like IoTREPAIR [107] also show that adversarial attacks can sharply reduce federated learning accuracy, which means that aggregation rules and validation checks must be hardened as well.
However, applying such defenses to severely resource-constrained nodes presents significant challenges. The practical deployment of defenses such as quantization-aware adversarial training on class 0/1 devices remains severely constrained. Generating adversarial examples and performing robust training introduces memory and computational demands that typically exceed the resources of microcontrollers equipped with less than 50 KB of RAM and sub-100 MHz CPUs (Section 3.1.1). For these ultra-constrained nodes, defensive measures must therefore rely on extremely lightweight runtime mechanisms. Examples include the following: (1) basic consistency checks and plausibility filters—such as rejecting readings that violate physical bounds or exhibit implausible transitions—which provide an initial barrier against simple perturbations; (2) ensemble arrangements of very small models (e.g., combining a compact decision tree with a statistical threshold), compelling an attacker to evade multiple independent detectors simultaneously; and (3) the use of hardware-protected execution environments or trusted sensing modules, where supported, to isolate critical detection routines.
By contrast, more capable edge platforms (class 2) can accommodate techniques such as feature squeezing through aggressive input quantization or selectively offloading suspicious samples to a nearby gateway for higher-fidelity inspection. Across these design points, a consistent principle emerges: in constrained IoT settings, low-complexity and deterministic defenses that impose minimal latency and energy cost are often preferable, even when this entails accepting incomplete adversarial robustness in exchange for practical deployability.
In short, adversarial threats change how we should design anomaly detectors: accuracy and efficiency are not enough. The taxonomy’s protection techniques dimension matters because effective models must be built from the ground up to resist adversarial manipulation while still fitting tight IoT resource budgets.

5. Discussion

This review shows that trustworthy IoT requires a shift away from one-off fixes toward integrated architectures where privacy-enhancing technologies (PETs) and anomaly detection (AD) work together. PETs protect data confidentiality and integrity so detection systems can trust their inputs, and AD provides continuous, behavior-based monitoring that catches bypasses, failures, or novel attacks that would otherwise undermine privacy controls. In practice this is a two-way partnership: PETs enhance the reliability of AD by securing its data inputs, while AD ensures the long-term effectiveness of PETs by detecting failures or bypasses.
The literature provides many concrete examples of this synergy. PrivStream [68] uses differential privacy to protect edge data before running on-device ML detection. Federated systems such as IoTREPAIR [107] and DIOT [119] enable collaborative threat detection while keeping raw data local. Other deployments combine strong AEAD ciphers (ASCON/ChaCha20-Poly1305) with lightweight statistical anomaly detectors on edge nodes, creating a defense-in-depth stack that both protects data in transit and watches for sensor tampering or suspicious behavior in real time [51]. While these examples demonstrate practical PET-AD integration, they often represent layering or sequential composition rather than true co-design from first principles. A systematic methodology for ground-up co-design, where privacy and detection mechanisms are jointly optimized from the architecture’s inception, remains largely unexplored, as we elaborate in Section 6.

5.1. Core Tensions in IoT Trustworthiness

Our analysis of the foundational constraints and techniques reveals three central, interconnected tensions that challenge practical IoT security implementations. The first one is between security and resource constraints. Class 0/1 hardware limits (see Section 3.1) force trade-offs: suitable candidates include efficient ciphers like ASCON [48] or ChaCha20-Poly1305 [50], but real-world deployment still bumps into systemic issues. Gateway-centered key management and some PUF-based or layered AES setups create single points of failure [61], and the large number of legacy devices continues to cause operational problems—Mirai exploited default credentials at scale [86], and recent automotive portal flaws show that access control gaps persist [90]. Good algorithms matter, but they will not fix fragmented operations by themselves.
The second tension is privacy versus utility. Privacy-enhancing tools like federated learning protect local data, yet they struggle with device heterogeneity and synchronization in real IoT fleets; multi-party computation can protect data but adds latency and cloud dependence, which break real-time needs [78]. Differential privacy needs careful tuning of the epsilon parameter [75]—too much noise kills detection, too little leaves data exposed. Likewise, blockchain-audited systems [83] maintain privacy through local anomaly detection but incur substantial bandwidth and monetary overhead for transaction logging, further illustrating the cost of verifiable trust. Systems such as PrivStream [68] hit a workable privacy–utility balance for their models, but they do not generalize across environments, which shows the need for more adaptive, context-aware privacy solutions.
The third tension involves rapid innovation against the need for standards. The field is fragmented: many vendors and research projects pursue novel AD algorithms in isolation, which makes integration and large-scale deployment hard (see Section 3.1.3). Our five-dimension taxonomy for anomaly detection (Section 4) helps by forcing choices to be made in context—deployment tier, resource budget, latency needs, protection techniques, and communication limits. The trade-offs are concrete: TEDA [106] delivers extreme efficiency at the cost of adaptability, while autoencoders [126] can boost accuracy but demand more energy. The taxonomy gives a practical path away from one-size-fits-all thinking toward methods chosen for the actual operating context. A synthesis of the quantitative trade-offs between privacy, performance, and resource cost for the core PET and AD techniques reviewed is provided in Supplementary Table S5, illustrating the concrete implications of these tensions.

5.2. Synthesis of Field Maturation and Adversarial Robustness

IoT research is fragmented but progressing. Papers cover everything from lightweight statistical filters and classic one-class detectors to deep learning models and hybrid pipelines that pair on-device preprocessing with cloud analysis [43,131,132]. Recent work is increasingly practical: researchers now factor in device energy, latency, and deployment constraints rather than just chasing isolated metric gains [110,133]. Hajj et al. [72] validated their FL-based IDS on actual Arduino hardware, quantifying how sampling rates affect both detection performance (0.97 recall) and resource consumption—providing concrete guidelines for balancing privacy preservation with operational constraints in real deployments. Still, many studies stay narrow—single devices, single threats, or synthetic datasets—which makes meaningful cross-paper comparison difficult [11].
Adversarial attacks and robustness are also rising concerns. Standard gradient-based and other adversarial attacks show that learning-based detectors break unless robustness is explicitly built in [127,129,134]. Defensive ideas (e.g., quantization-aware defenses, certified bounds, and feature squeezing) look promising but often assume compute and energy budgets that constrained devices do not have [130]. This gap matters because adversarial degradation can weaken both privacy protections and detection in integrated PET–AD systems, so the community needs lightweight, hardware-aware defenses that are provably or empirically robust on embedded platforms [107,123,134].

5.3. Operational Imperatives and Integration Challenges

Real-world breaches repeatedly show that operational failures consistently bypass theoretical defenses. The Jeep Cherokee compromise exploited unsecured interfaces [89], and the ongoing effectiveness of Mirai-style attacks [85] highlights how default credentials remain a live problem [87]. Long-term monitoring efforts, such as Panasonic’s honeypot study [96], further confirm that attackers focus on poorly maintained or unpatched devices. Together, these incidents make it clear that closing operational gaps is at least as important as improving algorithms. Practical controls that address those gaps include the following:
  • Dynamic credential management to remove static, factory-default logins.
  • Network micro-segmentation to limit lateral movement after a compromise.
  • Hardware-enforced trust boundaries (secure elements or PUFs) to reduce the risk of cloned or stolen credentials.
Bringing the technologies we reviewed into real deployments—from lightweight on-device crypto and PUF-based authentication to edge AI inference and blockchain-backed logging—creates real engineering friction that theory often understates. Stacking multiple security services increases CPU, memory, and energy demands, often pushing limited IoT hardware past its capacity. Interoperability is also non-trivial: APIs, data schemas, and lifecycle processes must line up; otherwise you end up with weak, monolithic solutions that are hard to maintain in the field.

5.4. Standardization and Adoption Pathways

This review shows that trustworthy IoT requires security designed together with real operational constraints—a balance rarely achieved in the current literature. Federated learning and lightweight cryptography are useful tools, but deployed on their own they often move problems around rather than solving them. The tensions discussed above point to a clear need for coordinated standardization and practical, field-oriented solutions. Immediate, high-impact actions to prioritize are as follows:
  • Certify ASCON as the go-to authenticated encryption primitive for constrained devices, building on its selection as a NIST lightweight AEAD standard; [45]. Consolidating around a recognized primitive will reduce fragmentation and interoperability friction.
  • Require hardware-rooted device identities (e.g., PUF-backed identity) to replace hardcoded or default credentials, following designs like PLAKE [55] and SRAM-PUF deployments [56]. This moves identity out of software-only control and reduces credential cloning risks.
  • Define and adopt adversarial resilience benchmarks that test systems under realistic, evolving attack models so solutions (including federated learning setups) are validated against the threats that actually degrade deployed systems [107].
These steps feed directly into the research and adoption roadmap in Section 6, providing practical pathways for industry and researchers to move from isolated proofs of concept toward deployable, trustworthy IoT ecosystems.

6. Future Research Directions

The literature shows real progress in individual IoT security components, but their integration into a cohesive, trustworthy system remains elusive. Key tensions—between security, privacy, and resource constraints—keep reappearing. One core problem is that PETs and AD are usually developed as separate layers rather than being co-designed, as discussed in Section 5. Joint optimization frameworks that coordinate detector architectures, quantization, and PET parameters (e.g., DP’s epsilon or FL compression rates) are essential for meeting the strict energy, memory, and CPU constraints of class 0/1 devices [12,18]. For instance, Wang et al. [70] demonstrate such co-design, using mutual information for feature selection to enable a federated DNN that reduces communication overhead while maintaining 99.4% detection accuracy. Concrete research should explore integrated micro-architectures, such as a “Privacy-Aware Feature Scheduler” that dynamically selects between raw, differentially private, or homomorphically encrypted data streams for anomaly detection based on a real-time energy–privacy budget. Another direction is hardware–software co-design of a “TinyCrypt-Detector” co-processor, sharing logic between ASCON AEAD operations and statistical feature extraction to minimize area and power overhead. This line of inquiry directly addresses gap 1 (co-design shortage) by creating unified systems and gap 2 (inconsistent trade-off reporting) by making the privacy–energy–accuracy trade-off a tunable, measurable parameter of the architecture. Adopting a co-design perspective facilitates the balancing of privacy, utility, and resource constraints.
Concurrently, the energy–security paradox demands new runtime strategies. Security mechanisms can consume a very large share of a device’s power budget [18], so architectures must adapt: scale cryptographic strength (ASCON [48] or ChaCha20-Poly1305 [50]) and detection complexity based on current battery state and assessed threat level. This requires energy-aware scheduling in distributed schemes such as federated learning so participant selection preserves the global model without compromising the integrity—a challenge noted in [71]. A promising hybrid architecture to embody this is an “Adaptive PET-AD Mesh.” In this design, a local cluster of heterogeneous devices is orchestrated by a designated, slightly more capable “lead node.” This lead node performs energy-aware participant selection for FL, aggregates locally generated DP-noised anomaly alerts, and interfaces with a lightweight blockchain ledger for tamper-evident logging of critical events, distributing trust and computational load efficiently. This hybrid design tackles gap 3 (robustness against adaptive attackers) through distributed trust and layered defenses, while its energy-aware scheduling mechanism provides a concrete framework for reporting resource trade-offs (gap 2). We also need lightweight, hardware-aware defenses against adversarial attacks (e.g., quantization-aware adversarial training [130] and feature squeezing [129]) so robustness measures actually fit on microcontrollers.
Legacy devices make the problem systemic rather than academic. Mirai-style botnets [85,87] and massive breaches [95] show that billions of poorly maintained units are a continuing threat. Research should prioritize secure retrofitting: hardware–software co-designs that add hardware-rooted trust (PUFs) while using federated methods to refresh entropy and manage aging [55,56]. Pair those ideas with blockchain-anchored, integrity-checked OTA updates to block firmware tampering and aim for backward-compatible approaches that work across heterogeneous fleets. A tangible research artifact to this end is a “Security Proxy Dongle”—an external module equipped with a PUF and secure element that attaches to legacy sensors via UART or GPIO. This dongle is intended to encrypt local data, execute a minimal anomaly detection technique, and mediate secure over-the-air (OTA) updates for the host device. The principal research challenge is the design of a reliable, zero-touch bootstrapping protocol that can autonomously establish mutual trust among the dongle, legacy endpoint, and network gateway. Framed as a retrofit strategy, this approach addresses gap 3 (protecting vulnerable legacy systems from adaptive attacks) and exemplifies the co-design principle (gap 1) by combining dedicated security hardware with existing software stacks. To reduce reliance on centralized authorities—and thereby avoid well-documented Private Key Generator (PKG) weaknesses in Identity-Based Cryptography [59]—we propose investigating a hybrid of hardware-rooted identifiers (e.g., dual-PUF mechanisms [57]) and sharded blockchain ledgers to support scalable, device-to-device authentication without continuous cloud dependence [27,28]. While promising, this direction must contend with practical constraints such as PUF stability, ledger overhead, and interoperability with legacy platforms.
Our taxonomy (Section 4) also reveals a blind spot: memory constraints during model training are often ignored. Many studies optimize only inference (see [106,126]), which misses SRAM and training time constraints on MCUs. TinyML pipelines should therefore include quantization-aware SVM training with overflow guards—building on Edge2Train’s energy wins while addressing memory safety [101]. Unsupervised models like TEDA [106] require systematic, cross-environment benchmarking against the taxonomy’s resource dimension so we can compare adaptability as well as raw efficiency. To systematically address this, the community needs an open-source benchmark framework that profiles not just inference but training-phase memory peaks, energy per epoch, and adversarial robustness for TinyML models on popular MCUs. This framework should operationalize the multi-dimensional taxonomy from Section 4, forcing evaluations to report across deployment, resource, and protection axes, thereby creating comparable data to guide architecture choices. This benchmarking initiative is fundamental to closing gap 2 (inconsistent reporting) by standardizing metrics and gap 3 (robustness) by mandating evaluation under adversarial and noisy conditions.
The field clearly needs common benchmarks and reporting practices. Right now papers measure different things in different ways, which blocks reproducibility and meaningful comparison across sensor-to-cloud stacks (Section 3 and Section 4). Future work must develop end-to-end benchmarks that jointly evaluate detection performance, privacy leakage, energy use, and latency under realistic deployment conditions, including factors such as sensor drift, network variability, and adaptive adversaries. Metrics like “cryptographic bit-strength per joule” or “detection accuracy under a specified DP epsilon” would make evaluations comparable and help push the community from isolated prototypes toward deployable systems. Establishing such benchmarks is a necessary precursor for meaningful quantitative meta-analyses that could compare normalized metrics—such as energy cost per detection, accuracy under privacy constraints, or latency–security trade-offs—across diverse approaches.
To bridge the co-design gap identified in this review, we propose a systematic framework for integrating PETs and AD from initial conception through deployment. Building on the integration patterns observed in existing work—such as PrivStream’s DP-enhanced detection [68], IoTREPAIR’s federated anomaly hunting [107], DIOT’s communication-optimized GRU networks [119], Antonini et al.’s blockchain-audited TinyML system [83], Hajj et al.’s cross-layer federated k-means [72], Wang et al.’s feature-selected federated DNN [70], and Serban et al.’s combined encryption–detection stack [51]—this framework consists of four iterative phases with concrete design considerations.
The first phase involves joint requirement specification and threat modeling, where privacy guarantees, detection requirements, and resource constraints are defined simultaneously. This extends beyond the sequential approach seen in current deployments by requiring that privacy parameters, detection accuracy targets, and hardware limitations be optimized jointly rather than sequentially.
The second phase focuses on unified algorithm selection and compatibility analysis, moving beyond the layered compositions common in existing work. Rather than retrofitting PETs atop existing detectors, this phase selects detection algorithms inherently compatible with chosen PETs—such as noise-robust models for DP or communication-efficient architectures for FL—as suggested by the optimizations in DIOT [119] and Edge2Train [101] and the cross-layer FL approach of Hajj et al. [72]. Wang et al.’s [70] work exemplifies this through mutual information feature selection that enables federated deep learning with minimal communication overhead.
The third phase involves cross-layer resource sharing and optimization, identifying opportunities to share computations, memory, and communication between PET and AD components. This goes beyond the defense-in-depth stacking seen in current deployments [51] by seeking unified execution paths where cryptographic operations directly inform detection features and vice versa. For instance, Antonini et al.’s [83] system shares the same ESP microcontroller for both TinyML inference and blockchain transaction signing, optimizing memory usage to just 84KB for real-time anomaly detection.
Finally, the fourth phase requires integrated validation and trade-off characterization, developing comprehensive metrics that simultaneously measure privacy-loss budget versus detection performance degradation, energy consumption per private detection event, and end-to-end latency. While IoTREPAIR [107] begins to approach this through multi-dimensional evaluation, the studies analyzed in this review—including [70,72,83]—demonstrate varying approaches to reporting these critical trade-offs, highlighting the need for a standardized assessment framework.
This structured methodology provides concrete guidance for evolving from the layering and sequential integration observed in current deployments toward truly co-designed systems where privacy and detection are mutually reinforcing and collectively optimized from the ground up for constrained IoT environments.

7. Conclusions

This review examined the evolving landscape of security and privacy for resource-constrained IoT systems and argued that isolated measures rarely provide robust protection in practice. Effective defenses instead arise from integrating privacy-enhancing technologies (PETs) with anomaly detection (AD): PETs reduce exposure of sensitive inputs and preserve confidentiality, while AD supplies continuous, behavior-based monitoring that uncovers misconfiguration, bypasses, or novel attack patterns that would otherwise invalidate privacy assumptions.
Our primary contribution is a practical, multi-dimensional taxonomy for anomaly detection that organizes design choices along five actionable axes: deployment paradigms, resource constraints, real-time requirements, protection techniques, and communication constraints. The taxonomy is meant to guide concrete trade-offs and to highlight how PET and AD decisions interact in deployment.
Despite advances in lightweight algorithms and distributed intelligence, key bottlenecks persist: fragmented protocols and vendor-specific implementations, scalability and latency limitations in federated or blockchain approaches, and large fleets of legacy devices that are difficult to retrofit. Several incidents illustrate that theoretical guarantees alone do not ensure operational resilience. To systematically overcome these barriers, the research roadmap in Section 6 provides a targeted strategy to address each of the three core gaps identified in our analysis.
Gap 1, concerning the lack of co-design, is addressed through the use of integrated micro-architectures together with a structured, four-phase co-design methodology. To respond to gap 2, which relates to inconsistent reporting practices, we propose embedding instrumentation that enables real-time monitoring of design trade-offs and adopting open-source benchmarking frameworks that require multi-dimensional evaluation. Gap 3, the limited robustness of existing systems, is approached through distributed trust architectures, hardware-based retrofit mechanisms, and explicit benchmarking requirements for adversarial testing. By mapping each line of research to its corresponding deficiency, the roadmap seeks to provide a coherent progression from identified limitations to implementable solutions.
Translating this roadmap into practice requires pragmatic standardization—lightweight AEAD cryptography, hardware-rooted authentication, and shared benchmarks that jointly measure security, privacy leakage, energy, and latency on representative constrained hardware.
Looking forward, research should prioritize co-design, energy-aware scheduling, and adversarial robustness tailored to tiny/quantized models: jointly tuning detectors, quantization, and PET parameters within hard resource budgets; runtime adaptations that trade privacy, accuracy, and latency; and lightweight defenses appropriate for constrained devices. Supported by open benchmarks and interoperable standards, these directions make PET–AD integration a realistic path to trustworthy IoT systems in healthcare, industry, and other critical domains.

Supplementary Materials

The following supporting information can be downloaded at https://www.mdpi.com/article/10.3390/telecom7010010/s1: Table S1—Extended analysis of hardware and trust (extended from Table 2); Table S2—Extended comparative analysis of lightweight cryptography and authentication schemes (extended from Table 4); Table S3—Extended analysis of privacy-enhancing technology implementations (extended from Table 6); Table S4—Detailed analysis of key anomaly detection methods for resource-constrained IoT (from Section 4); and Table S5—Synthesis of quantitative privacy–performance trade-offs in IoT PETs and anomaly detection.

Author Contributions

Conceptualization, C.M.S., M.N., A.H., and G.S.; methodology, C.M.S., M.N., A.H., and G.S.; software, C.M.S. and M.N.; validation, A.H. and G.S.; formal analysis, C.M.S., M.N., A.H., and G.S.; investigation, C.M.S. and M.N.; resources, C.M.S. and M.N.; data curation, C.M.S. and M.N.; writing—original draft preparation, C.M.S., M.N., A.H., and G.S.; writing—review and editing, C.M.S., M.N., A.H., and G.S.; visualization, C.M.S., M.N., A.H., and G.S.; supervision, A.H. and G.S.; project administration, M.N.; funding acquisition, M.N. All authors have read and agreed to the published version of the manuscript.

Funding

This work was supported by the “Disponibilitate, confidențialitate și detecție de anomalii în sisteme IoT-DeCiD” grant funded by the National Grant Competition-GNaC ARUT 2023.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

No new data were created or analyzed in this study. Data sharing is not applicable to this article.

Conflicts of Interest

The authors declare no conflicts of interest. The funders had no role in the design of the study; in the collection, analyses, or interpretation of data; in the writing of the manuscript; or in the decision to publish the results.

Abbreviations

The following abbreviations are used in this manuscript:
ABEAttribute-Based Encryption
ADAnomaly Detection
AEADAuthenticated Encryption with Associated Data
AESAdvanced Encryption Standard
AIArtificial Intelligence
APIApplication Programming Interface
CCPACalifornia Consumer Privacy Act
CNNConvolutional Neural Network
CPUCentral Processing Unit
CVSSCommon Vulnerability Scoring System
DDoSDistributed Denial of Service
DESData Encryption Standard
DLDeep Learning
DPDifferential Privacy
DTLSDatagram Transport Layer Security
ECCElliptic Curve Cryptography
ECDHElliptic Curve Diffie–Hellman
FLFederated Learning
GDPRGeneral Data Protection Regulation
GSAGravitational Search Algorithm
HMACHash-based Message Authentication Code
HTTPHypertext Transfer Protocol
HWHardware
IBCIdentity-Based Cryptography
IDPSIntrusion Detection and Prevention Systems
IoTInternet of Things
kNNk-Nearest Neighbors
LSHLocality-Sensitive Hashing
LWCLightweight Cryptography
LWELearning With Errors
MCUMicrocontroller Unit
MIoTMultimedia Internet of Things
MITMMan in the Middle (attack)
MLMachine Learning
MLPMultilayer Perceptron
MPCMulti-Party Computation
NISTNational Institute of Standards and Technology
NNNeural Network
OCSVMOne-Class Support Vector Machine
PETsPrivacy-Enhancing Technologies
PKGPrivate Key Generator
PUFPhysical Unclonable Function
RAMRandom Access Memory
RNNRecurrent Neural Network
RSARivest–Shamir–Adleman
SDNSoftware-Defined Networking
SLRSystematic Literature Review
SRAMStatic Random Access Memory
SRGANsSuper-Resolution Generative Adversarial Networks
SURFSpeeded Up Robust Features
SVMSupport Vector Machine
TCPTransport Layer Protocol
TLSTransport Layer Security
VMVirtual Machine
WPANWireless Personal Area Network

References

  1. Yalli, J.S.; Hasan, M.H.; Badawi, A. Internet of Things (IoT): Origin, Embedded Technologies, Smart Applications, and Its Growth in the Last Decade. IEEE Access 2024, 12, 91357–91382. [Google Scholar] [CrossRef]
  2. Gyamfi, E.K.; Kropczynski, J.; Johnson, J.S.; Yakubu, M.A. Internet of Things Security and Data Privacy Concerns in Smart Farming. In Proceedings of the IEEE World AI IoT Congress (AIIoT), Seattle, WA, USA, 29–31 May 2024; pp. 575–583. [Google Scholar] [CrossRef]
  3. Li, C.; Wang, J.; Wang, S.; Zhang, Y. A review of IoT applications in healthcare. Neurocomputing 2024, 565, 127017. [Google Scholar] [CrossRef]
  4. Ni, C.; Li, S.C. Machine learning enabled Industrial IoT Security: Challenges, Trends and Solutions. J. Ind. Inf. Integr. 2024, 38, 100549. [Google Scholar] [CrossRef]
  5. Abir, S.M.A.A.; Anwar, A.; Choi, J.; Kayes, A.S.M. IoT-Enabled Smart Energy Grid: Applications and Challenges. IEEE Access 2021, 9, 50961–50981. [Google Scholar] [CrossRef]
  6. Oliveira, F.; Costa, D.G.; Assis, F.; Silva, I. Internet of Intelligent Things: A convergence of embedded systems, edge computing and machine learning. Internet Things 2024, 26, 101153. [Google Scholar] [CrossRef]
  7. Aqeel, M.; Ali, F.; Iqbal, M.W.; Rana, T.A.; Arif, M.; Auwul, R. A Review of Security and Privacy Concerns in the Internet of Things (IoT). J. Sens. 2022, 2022, 5724168. [Google Scholar] [CrossRef]
  8. Schiller, E.; Aidoo, A.; Fuhrer, J.; Stahl, J.; Ziörjen, M.; Stiller, B. Landscape of IoT security. Comput. Sci. Rev. 2022, 44, 100467. [Google Scholar] [CrossRef]
  9. Dritsas, E.; Trigka, M. Federated Learning for IoT: A Survey of Techniques, Challenges, and Applications. J. Sens. Actuator Netw. 2025, 14, 9. [Google Scholar] [CrossRef]
  10. Li, K.; Li, C.; Yuan, X.; Li, S.F.; Zou, S.; Ahmed, S.S.; Ni, W.; Niyato, D.; Jamalipour, A.; Dressler, F.; et al. Zero-Trust Foundation Models: A New Paradigm for Secure and Collaborative Artificial Intelligence for Internet of Things. IEEE Internet Things J. 2025, 12, 46269–46293. [Google Scholar] [CrossRef]
  11. Junior, F.M.R.; Kamienski, C.A. A Survey on Trustworthiness for the Internet of Things. IEEE Access 2021, 9, 42493–42514. [Google Scholar] [CrossRef]
  12. Bormann, C.; Ersue, M.; Keränen, A. Terminology for Constrained-Node Networks. RFC 7228, 2014. Available online: https://www.rfc-editor.org/info/rfc7228 (accessed on 15 September 2025).
  13. Saleh, S.S.; Al-Awamry, A.A.; Taha, A. Tailoring AES for resource-constrained IoT devices. Indones. J. Electr. Eng. Comput. Sci. 2024, 36, 290–301. [Google Scholar] [CrossRef]
  14. Forescout-Research. 2024 Global Threat Roundup Report; Technical Report; Forescout Technologies: San Jose, CA, USA, 2025. [Google Scholar]
  15. Forescout-Research. The Riskiest Connected Devices of 2025; Technical Report; Forescout Technologies: San Jose, CA, USA, 2025. [Google Scholar]
  16. Sasi, T.; Lashkari, A.H.; Lu, R.; Xiong, P.; Iqbal, S. A comprehensive survey on IoT attacks: Taxonomy, detection mechanisms and challenges. J. Inf. Intell. 2024, 2, 455–513. [Google Scholar] [CrossRef]
  17. Page, M.J.; McKenzie, J.E.; Bossuyt, P.M.; Boutron, I.; Hoffmann, T.C.; Mulrow, C.D.; Shamseer, L.; Tetzlaff, J.M.; Akl, E.A.; Brennan, S.E.; et al. The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. BMJ 2021, 372. [Google Scholar] [CrossRef]
  18. Thakor, V.A.; Razzaque, M.A.; Khandaker, M.R.A. Lightweight Cryptography Algorithms for Resource-Constrained IoT Devices: A Review, Comparison and Research Opportunities. IEEE Access 2021, 9, 28177–28193. [Google Scholar] [CrossRef]
  19. Altaibek, M.; Issainova, A.; Aidynov, T.; Kuttymbek, D.; Abisheva, G.; Nurusheva, A. A Survey of Cross-Layer Security for Resource-Constrained IoT Devices. Appl. Sci. 2025, 15, 9691. [Google Scholar] [CrossRef]
  20. Brahmeshwar, S.U.; Upadhyay, N.K.; Sharma, N.; Jaswal, K. Lightweight Cryptography for Securing IoT Networks: Balancing Performance, Scalability, and Security in Resource-Constrained Environments. Int. J. Res. Appl. Sci. Eng. Technol. 2024, 12, 2154–2160. [Google Scholar] [CrossRef]
  21. Lachner, C.; Dustdar, S. A performance evaluation of data protection mechanisms for resource-constrained IoT devices. In Proceedings of the IEEE International Conference on Fog Computing (ICFC), Prague, Czech Republic, 24–26 June 2019; pp. 47–52. [Google Scholar] [CrossRef]
  22. Hudda, S.; Haribabu, K. A review on WSN based resource constrained smart IoT systems. Discov. Internet Things 2025, 5, 56. [Google Scholar] [CrossRef]
  23. Soto-Cruz, J.; Ruiz-Ibarra, E.; Vázquez-Castillo, J.; Espinoza-Ruiz, A.; Castillo-Atoche, A.; Mass-Sanchez, J. A Survey of Efficient Lightweight Cryptography for Power-Constrained Microcontrollers. Technologies 2025, 13, 3. [Google Scholar] [CrossRef]
  24. Canavese, D.; Mannella, L.; Regano, L.; Basile, C. Security at the edge for resource-limited IoT devices. Sensors 2024, 24, 590. [Google Scholar] [CrossRef]
  25. Aldowah, H.; Ul Rehman, S.; Umar, I. Trust in IoT Systems: A Vision on the Current Issues, Challenges, and Recommended Solutions. In Advances on Smart and Soft Computing: Proceedings of the ICACIn 2020, Casablanca, Morocco, 13–14 April 2020; Springer: Singapore, 2021; Volume 1188, pp. 329–339. [Google Scholar] [CrossRef]
  26. Dass, P.; Misra, S.; Roy, C. T-safe: Trustworthy service provisioning for IoT-based intelligent transport systems. IEEE Trans. Veh. Technol. 2020, 69, 9509–9517. [Google Scholar] [CrossRef]
  27. Sayed, A. Challenges in Interoperability of IoT Devices: Towards a Unified Standard. Int. J. Multidiscip. Res. 2021, 3, IJFMR210520549. [Google Scholar] [CrossRef]
  28. Albouq, S.S.; Sen, A.A.A.; Almashf, N.; Yamin, M.; Alshanqiti, A.; Bahbouh, N.M. A Survey of Interoperability Challenges and Solutions for Dealing With Them in IoT Environment. IEEE Access 2022, 10, 36416–36428. [Google Scholar] [CrossRef]
  29. Zhang, H.; Agarwal, Y.; Fredrikson, M. TEO: Ephemeral ownership for IoT devices to provide granular data control. In Proceedings of the 20th Annual International Conference on Mobile Systems, Applications and Services, Portland, OR, USA, 27 June–1 July 2022; pp. 302–315. [Google Scholar] [CrossRef]
  30. Laidlaw, E. Privacy and Cybersecurity in Digital Trade: The Challenge of Cross Border Data Flows. Available at SSRN 3790936. 2021. Available online: https://ssrn.com/abstract=3790936 (accessed on 10 January 2025).
  31. Kambourakis, G.; Kolias, C.; Geneiatakis, D.; Karopoulos, G.; Makrakis, G.M.; Kounelis, I. A State-of-the-Art Review on the Security of Mainstream IoT Wireless PAN Protocol Stacks. Symmetry 2020, 12, 579. [Google Scholar] [CrossRef]
  32. Anand, P.; Singh, Y.; Selwal, A.K.; Singh, P.K.; Felseghi, R.A.; Răboacă, M.S. IoVT: Internet of Vulnerable Things? Threat Architecture, Attack Surfaces, and Vulnerabilities in Internet of Things and Its Applications towards Smart Grids. Energies 2020, 13, 4813. [Google Scholar] [CrossRef]
  33. Yu, M.; Zhuge, J.; Cao, M.; jun Shi, Z.; Jiang, L. A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices. Future Internet 2020, 12, 27. [Google Scholar] [CrossRef]
  34. Anil, A.; Babu, A.R.; Antony, J.; Vilson, K.E.; Koshy, S. Security And Privacy Concern In IoT Devices. Int. J. Eng. Technol. Manag. Sci. 2023, 7, 491–502. [Google Scholar] [CrossRef]
  35. Zahra, S.R.; Ahsan Chishti, M. RansomWare and Internet of Things: A New Security Nightmare. In Proceedings of the 9th International Conference on Cloud Computing, Data Science & Engineering (Confluence), Noida, India, 10–11 January 2019; pp. 551–555. [Google Scholar] [CrossRef]
  36. Ruminot, N.; Estevez, C.; Sánchez, S.M. A Novel Approach of a Low-Cost Voltage Fault Injection Method for Resource-Constrained IoT Devices: Design and Analysis. Sensors 2023, 23, 7180. [Google Scholar] [CrossRef]
  37. Odeh, A.; Taleb, A.A.; Alhajahjeh, T.; Aparicio, F.; Hamed, S.; Al Daradkeh, N.; Al-Jarallah, N.A. Data Privacy and Compliance in IoT. In Smart and Agile Cybersecurity for IoT and IIoT Environments; IGI Global: Palmdale, PA, USA, 2024; Chapter 6; pp. 128–144. [Google Scholar] [CrossRef]
  38. Da Silva, R.S.; De Araújo Filho, R.M.; De Oliveira Júnior, M.H.G.; Scoton, M.L.R.P.D.; Brito, P.H.L.; Dias, E.M.; Oliveira, M. IoT: Applications, potentialities and challenges in the context of Quality Infrastructure 4.0. In Proceedings of the 11th International Conference on Internet of Things: Systems, Management and Security (IOTSMS), Malmö, Sweden, 2–5 September 2024; pp. 90–97. [Google Scholar] [CrossRef]
  39. Hassan, Y.G.; Collins, A.; Babatunde, G.O.; Alabi, A.A.; Mustapha, S.D. Secure smart home IoT ecosystem for public safety and privacy protection. Int. J. Multidiscip. Res. Growth Eval. 2024, 5, 1151–1157. [Google Scholar] [CrossRef]
  40. Cambosuela, L.; Kaur, M.; Astya, R. The Vulnerabilities and Risks of Implementing Internet of Things (IoT) in Cyber Security. In Proceedings of the 11th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO), Noida, India, 14–15 March 2024; pp. 1–5. [Google Scholar] [CrossRef]
  41. Tanksale, V. Efficient Elliptic Curve Diffie–Hellman Key Exchange for Resource-Constrained IoT Devices. Electronics 2024, 13, 3631. [Google Scholar] [CrossRef]
  42. Montoya, M.; Hiscock, T.; Bacles-Min, S.; Molnos, A.M.; Fournier, J.J.A. Adaptive Masking: A Dynamic Trade-off between Energy Consumption and Hardware Security. In Proceedings of the IEEE 37th International Conference on Computer Design (ICCD), Abu Dhabi, United Arab Emirates, 17–20 November 2019; pp. 559–566. [Google Scholar] [CrossRef]
  43. Magara, T.; Zhou, Y. Internet of Things (IoT) of Smart Homes: Privacy and Security. J. Electr. Comput. Eng. 2024, 2024, 7716956. [Google Scholar] [CrossRef]
  44. Shafiq, M.; Gu, Z.; Cheikhrouhou, O.; Alhakami, W.; Hamam, H. The Rise of “Internet of Things”: Review and Open Research Issues Related to Detection and Prevention of IoT-Based Security Attacks. Wirel. Commun. Mob. Comput. 2022, 2022, 8669348. [Google Scholar] [CrossRef]
  45. Sönmez Turan, M.; McKay, K.; Chang, D.; Kang, J.; Kelsey, J. Ascon-Based Lightweight Cryptography Standards for Constrained Devices: Authenticated Encryption, Hash, and Extendable Output Functions; NIST: Gaithersburg, MD, USA, 2024. [CrossRef]
  46. Dobraunig, C.; Eichlseder, M.; Mendel, F.; Schläffer, M. Ascon v1.2: Lightweight authenticated encryption and hashing. J. Cryptol. 2021, 34, 33. [Google Scholar] [CrossRef]
  47. Khan, S.; Lee, W.K.; Hwang, S.O. Evaluating the Performance of Ascon Lightweight Authenticated Encryption for AI-Enabled IoT Devices. In Proceedings of the TRON Symposium (TRONSHOW), Tokyo, Japan, 7–9 December 2022; pp. 1–6. [Google Scholar]
  48. Cagua, G.; Gauthier-Umaña, V.; Lozano-Garzon, C. Implementation and Performance of Lightweight Authentication Encryption ASCON on IoT Devices. IEEE Access 2025, 13, 16671–16682. [Google Scholar] [CrossRef]
  49. Radhakrishnan, I.; Jadon, S.; Honnavalli, P.B. Efficiency and Security Evaluation of Lightweight Cryptographic Algorithms for Resource-Constrained IoT Devices. Sensors 2024, 24, 4008. [Google Scholar] [CrossRef]
  50. Degabriele, J.P.; Govinden, J.; Günther, F.; Paterson, K.G. The Security of ChaCha20-Poly1305 in the Multi-User Setting. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, 15–19 November 2021; pp. 1981–2003. [Google Scholar] [CrossRef]
  51. Serban, C.M.; Neagu, M.; Hangan, A.; Sebestyen, G. Towards Trustworthy IoT Ecosystems: Efficient Encryption and Anomaly Detection for Resource-Constrained Devices. In Proceedings of the 25th International Conference on Control Systems and Computer Science (CSCS), Bucharest, Romania, 27–30 May 2025; pp. 404–411. [Google Scholar] [CrossRef]
  52. Azar, J.; Noura, H.N.; Couturier, R. Lightweight Image Crypto-Compression Using Haar Transform and Selective Encryption for Grayscale IoT Images. In Proceedings of the International Wireless Communications and Mobile Computing (IWCMC), Ayia Napa, Cyprus, 27–31 May 2024; pp. 969–974. [Google Scholar] [CrossRef]
  53. Kadhim, A.N.; Manaa, M.E. Improving IoT data Security Using Compression and Lightweight Encryption Technique. In Proceedings of the 5th International Conference on Engineering Technology and Its Applications (IICETA), Al-Najaf, Iraq, 31 May–1 June 2022; pp. 187–192. [Google Scholar] [CrossRef]
  54. Liao, Y.; Lin, Y.; Xing, Z.; Li, Q.; Huang, G.; Chen, D.; Yuan, X. Using 3D-LMM-Based Encryption to Secure Digital Images With 3-D S-Box and Fibonacci Q-Matrix. IEEE Internet Things J. 2025, 12, 55182–55195. [Google Scholar] [CrossRef]
  55. Roy, S.; Das, D.; Mondal, A.; Mahalat, M.H.; Sen, B.; Sikdar, B.K. PLAKE: PUF-Based Secure Lightweight Authentication and Key Exchange Protocol for IoT. IEEE Internet Things J. 2023, 10, 8547–8559. [Google Scholar] [CrossRef]
  56. Farha, F.; Ning, H.; Ali, K.; Chen, L.; Nugent, C. SRAM-PUF-Based Entities Authentication Scheme for Resource-Constrained IoT Devices. IEEE Internet Things J. 2020, 8, 5904–5913. [Google Scholar] [CrossRef]
  57. Modarres, A.M.A.; Sarbishaei, G. A Lightweight Authentication Protocol for IoT-Based Applications Using Reconfigurable Noisy PUFs. IEEE Trans. Ind. Inform. 2024, 20, 11384–11392. [Google Scholar] [CrossRef]
  58. Ding, X.; Wang, X.; Xie, Y.; Li, F. A Lightweight Anonymous Authentication Protocol for Resource-Constrained Devices in Internet of Things. IEEE Internet Things J. 2021, 9, 1818–1829. [Google Scholar] [CrossRef]
  59. Upadhyay, A.; Maity, S.; Venkatesan, S. Lightweight Authentication Protocols for IoT Networks. In Proceedings of the IEEE Pune Section International Conference (PuneCon), Pune, India, 14–16 December 2023; pp. 1–6. [Google Scholar] [CrossRef]
  60. Sarkar, A.; Singh, M.M.; Khan, M.Z.; Alhazmi, O.H. Nature-Inspired Gravitational Search-Guided Artificial Neural Key Exchange for IoT Security Enhancement. IEEE Access 2021, 9, 76780–76795. [Google Scholar] [CrossRef]
  61. King, J.; Awad, A.I. A Distributed Security Mechanism for Resource-Constrained IoT Devices. Informatica 2016, 40, 133–143. [Google Scholar]
  62. Yang, H. Comparison of Encryption Algorithms for Wearable Devices in IoT Systems. arXiv 2024. [Google Scholar] [CrossRef]
  63. Kumar, S.; Kumar, D.; Dangi, R.; Choudhary, G.; Dragoni, N.; You, I. A Review of Lightweight Security and Privacy for Resource-Constrained IoT Devices. Comput. Mater. Contin. 2024, 78, 31–63. [Google Scholar] [CrossRef]
  64. Alluhaidan, A.S.D.; Prabu, P. End-to-End Encryption in Resource-Constrained IoT Device. IEEE Access 2023, 11, 70040–70051. [Google Scholar] [CrossRef]
  65. Ibrahim, N.S.A.; Agbinya, J.I. Design of a Lightweight Cryptographic Scheme for Resource-Constrained Internet of Things Devices. Appl. Sci. 2023, 13, 4398. [Google Scholar] [CrossRef]
  66. Kumar, N.A.; Ramesh, D.; Prashant, H.S.; Pallavi, R.; Veena, B.G. Securing Iot Data Transmission: A Comprehensive Approach Integrating Two-Fish Encryption with Wireless Smart Energy Systems And Iot Cloud Services. Migr. Lett. 2023, 21, 972–993. [Google Scholar] [CrossRef]
  67. Lachner, C.; Rausch, T.; Dustdar, S. ORIOT: A Source Location Privacy System for Resource-Constrained IoT Devices. In Proceedings of the IEEE Global Communications Conference (GLOBECOM), Waikoloa, HI, USA, 9–13 December 2019; pp. 1–6. [Google Scholar] [CrossRef]
  68. Wang, D.; Ren, J.; Wang, Z.; Zhang, Y.; Shen, X.S. PrivStream: A privacy-preserving inference framework on IoT streaming data at the edge. Inf. Fusion 2022, 80, 282–294. [Google Scholar] [CrossRef]
  69. Astillo, P.V.; Duguma, D.G.; Park, H.; Kim, J.; Kim, B.; You, I. Federated intelligence of anomaly detection agent in IoTMD-enabled Diabetes Management Control System. Future Gener. Comput. Syst. 2022, 128, 395–405. [Google Scholar] [CrossRef]
  70. Wang, X.; Wang, Y.; Javaheri, Z.; Almutairi, L.; Moghadamnejad, N.; Younes, O.S. Federated deep learning for anomaly detection in the internet of things. Comput. Electr. Eng. 2023, 108, 108651. [Google Scholar] [CrossRef]
  71. Kairouz, P.; McMahan, H.B.; Avent, B.; Bellet, A.; Bennis, M.; Nitin Bhagoji, A.; Bonawitz, K.; Charles, Z.; Cormode, G.; Cummings, R.; et al. Advances and Open Problems in Federated Learning; Now Publishers, Inc.: Norwell, MA, USA, 2021; Volume 14, pp. 1–210. [Google Scholar] [CrossRef]
  72. Hajj, S.; Azar, J.; Bou Abdo, J.; Demerjian, J.; Guyeux, C.; Makhoul, A.; Ginhac, D. Cross-Layer Federated Learning for Lightweight IoT Intrusion Detection Systems. Sensors 2023, 23, 7038. [Google Scholar] [CrossRef]
  73. Li, L.; Fan, Y.; Tse, M.; Lin, K.Y. A review of applications in federated learning. Comput. Ind. Eng. 2020, 149, 106854. [Google Scholar] [CrossRef]
  74. Lim, W.Y.B.; Luong, N.C.; Hoang, D.T.; Jiao, Y.; Liang, Y.C.; Yang, Q.; Niyato, D.; Miao, C. Federated Learning in Mobile Edge Networks: A Comprehensive Survey. IEEE Commun. Surv. Tutor. 2020, 22, 2031–2063. [Google Scholar] [CrossRef]
  75. Anwar, S.S.; Asaduzzaman; Sarker, I.H. A differential privacy aided DeepFed intrusion detection system for IoT applications. Secur. Priv. 2024, 7, e445. [Google Scholar] [CrossRef]
  76. Asulba, B.; Souto, P.F.; Almeida, L. Bringing IoT Intrusion Detection to the Edge. In Proceedings of the 8th International Conference on Future Networks & Distributed Systems (ICFNDS ’24), Marakech, Morocco, 11–12 December 2024; pp. 295–304. [Google Scholar] [CrossRef]
  77. Elhoseny, M.; Riad, K. RT-PPS: Real-time privacy-preserving scheme for cloud-hosted IoT data. J. High Speed Netw. 2024, 31, 71–89. [Google Scholar] [CrossRef]
  78. Mainali, P.; Shepherd, C. Privacy-enhancing fall detection from remote sensor data using multi-party computation. In Proceedings of the 14th International Conference on Availability, Reliability and Security, Canterbury, UK, 26–29 August 2019; pp. 1–10. [Google Scholar] [CrossRef]
  79. Chen, D.; Wang, H.; Zhang, N.; Nie, X.; Dai, H.; Zhang, K.; Choo, K.R. Privacy-Preserving Encrypted Traffic Inspection With Symmetric Cryptographic Techniques in IoT. IEEE Internet Things J. 2022, 9, 17265–17279. [Google Scholar] [CrossRef]
  80. Karthikeyan, P.; Teotia, S.; Pawan, T.; Ardly, B.; Reena, M.; Vibhakar, C.; Priya, K. Privacy-Preserving Techniques for IoT Data Sharing. In Proceedings of the 9th International Conference on Science Technology Engineering and Mathematics (ICONSTEM), Chennai, India, 4–5 April 2024; pp. 1–5. [Google Scholar] [CrossRef]
  81. Abduljabbar, Z.A.; Jin, H.; Ibrahim, A.; Hussien, Z.A.; Hussain, M.A.; Abbdal, S.H.; Zou, D. Privacy-Preserving Image Retrieval in IoT-Cloud. In Proceedings of the IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Tianjin, China, 23–26 August 2016; pp. 799–806. [Google Scholar] [CrossRef]
  82. Li, X.; Lei, W.; Tang, W.; Wang, Y.; Yang, X.; Liao, X. Segmented Hash-Based Privacy-Preserving Image Retrieval Scheme in Cloud-Assisted IoT. IEEE Internet Things J. 2024, 11, 35250–35265. [Google Scholar] [CrossRef]
  83. Antonini, M.; Pincheira, M.; Vecchio, M.; Antonelli, F. An Adaptable and Unsupervised TinyML Anomaly Detection System for Extreme Industrial Environments. Sensors 2023, 23, 2344. [Google Scholar] [CrossRef] [PubMed]
  84. Bindra, S.; Malik, A. An Analysis Of Anomaly Detection Techniques for IoT Devices: A Review. In Proceedings of the Third International Conference on Secure Cyber Computing and Communication (ICSCCC), Jalandhar, India, 26–28 May 2023; pp. 275–280. [Google Scholar] [CrossRef]
  85. Kolias, C.; Kambourakis, G.; Stavrou, A.; Voas, J. DDoS in the IoT: Mirai and Other Botnets. Computer 2017, 50, 80–84. [Google Scholar] [CrossRef]
  86. Antonakakis, M.; April, T.; Bailey, M.; Bernhard, M.; Bursztein, E.; Cochran, J.; Durumeric, Z.; Halderman, J.A.; Invernizzi, L.; Kallitsis, M.; et al. Understanding the Mirai Botnet. In Proceedings of the 26th USENIX Security Symposium, Vancouver, BC, Canada, 16–18 August 2017. [Google Scholar]
  87. Lakshmanan, R. Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign. The Hacker News, 27 November 2024. Available online: https://thehackernews.com/2024/11/matrix-botnet-exploits-iot-devices-in.html (accessed on 12 September 2025).
  88. Black Lotus Labs. Derailing the Raptor Train. Black Lotus Labs, 18 September 2024. Available online: https://blog.lumen.com/derailing-the-raptor-train (accessed on 14 September 2025).
  89. Miller, C.; Valasek, C. Remote Exploitation of an Unaltered Passenger Vehicle; Technical Report; Black Hat USA, 2015. Available online: https://www.ioactive.com/wp-content/uploads/pdfs/IOActive_Remote_Car_Hacking.pdf (accessed on 12 September 2025).
  90. Greenberg, A. Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug. 2024. Available online: https://www.wired.com/story/kia-web-vulnerability-vehicle-hack-track/ (accessed on 10 September 2025).
  91. BitDefender. Ring Video Doorbell Pro Under the Scope. White Paper. 2019. Available online: https://www.bitdefender.com/en-us/blog/labs/ring-video-doorbell-pro-under-the-scope (accessed on 2 September 2025).
  92. Eddy, N. Unpatched Zero-Day Bugs in Smart Intercom Allow Remote Eavesdropping. 2023. Available online: https://www.darkreading.com/cloud-security/unpatched-zero-day-bugs-smart-intercom-remote-eavesdropping (accessed on 16 September 2025).
  93. Hilt, S. The Sound of a Targeted Attack; Technical Report, Trend Micro, 2017. Available online: https://documents.trendmicro.com/assets/pdf/the-sound-of-a-targeted-attack.pdf (accessed on 10 September 2025).
  94. Franceschi-Bicchierai, L. How This Internet of Things Stuffed Animal Can Be Remotely Turned Into a Spy Device. 2017. Available online: https://www.vice.com/en/article/how-this-internet-of-things-teddy-bear-can-be-remotely-turned-into-a-spy-device/ (accessed on 23 September 2025).
  95. Fowler, J. 2.7 Billion Records Exposed in IoT Devices Data Breach. 2025. Available online: https://www.vpnmentor.com/news/report-marshydro-breach/ (accessed on 20 September 2025).
  96. Newman, L.H. Panasonic Warns That Internet-of-Things Malware Attack Cycles Are Accelerating, 2023. Available online: https://www.wired.com/story/panasonic-iot-malware-honeypots/ (accessed on 12 September 2025).
  97. Mazhar, N.; Saleh, R.; Zaba, R.; Zeeshan, M.; Hameed, M.M.; Khan, N.A. R-IDPS: Real Time SDN-Based IDPS System for IoT Security. Comput. Mater. Contin. 2022, 73, 3099–3118. [Google Scholar] [CrossRef]
  98. Illy, P.; Kaddoum, G.; Kaur, K.; Garg, S. ML-Based IDPS Enhancement with Complementary Features for Home IoT Networks. IEEE Trans. Netw. Serv. Manag. 2022, 19, 772–783. [Google Scholar] [CrossRef]
  99. Allafi, R.; Alzahrani, I.R. Enhancing Cybersecurity in the Internet of Things Environment Using Artificial Orca Algorithm and Ensemble Learning Model. IEEE Access 2024, 12, 63282–63291. [Google Scholar] [CrossRef]
  100. Al-rubaye, M.; Aral, A. Towards Enhanced AI-Driven Security in Monitoring Systems with Low-Cost IoT Devices. In Proceedings of the 14th International Conference on the Internet of Things (IoT ’24), Oulu, Finland, 19–22 November 2024; pp. 255–260. [Google Scholar] [CrossRef]
  101. Sudharsan, B.; Breslin, J.G.; Ali, M.I. Edge2Train: A framework to train machine learning models (SVMs) on resource-constrained IoT edge devices. In Proceedings of the 10th International Conference on the Internet of Things (IoT ’20), Malmö, Sweden, 6–9 October 2020. [Google Scholar] [CrossRef]
  102. Shahid, M.S.B.; Rifat, H.R.; Uddin, M.A.; Islam, M.M.; Mahmud, M.Z.; Sakib, M.K.H.; Roy, A. Hypertuning-Based Ensemble Machine Learning Approach for Real-Time Water Quality Monitoring and Prediction. Appl. Sci. 2024, 14, 8622. [Google Scholar] [CrossRef]
  103. Ali, A.; Almaiah, M.A.; Hajjej, F.; Pasha, M.F.; Fang, O.H.; Khan, R.; Teo, J.; Zakarya, M. An Industrial IoT-Based Blockchain-Enabled Secure Searchable Encryption Approach for Healthcare Systems Using Neural Network. Sensors 2022, 22, 572. [Google Scholar] [CrossRef]
  104. Sharma, R.K.; Goveas, N. Use of Blockchain in Securing IoT systems with Resource Constrained Devices. In Proceedings of the IEEE 20th International Conference on Software Architecture Companion (ICSA-C), L’Aquila, Italy, 13–17 March 2023; pp. 216–223. [Google Scholar] [CrossRef]
  105. Sebestyen, G.; Hangan, A.; Czako, Z.; Kovacs, G. A taxonomy and platform for anomaly detection. In Proceedings of the IEEE International Conference on Automation, Quality and Testing, Robotics (AQTR), Cluj-Napoca, Romania, 24–26 May 2018; pp. 1–6. [Google Scholar] [CrossRef]
  106. Andrade, P.; Silva, I.; Signoretti, G.; Silva, M.; Dias, J.; Marques, L.; Costa, D.G. An unsupervised tinyml approach applied for pavement anomalies detection under the internet of intelligent vehicles. In Proceedings of the IEEE International Workshop on Metrology for Industry 4.0 & IoT (MetroInd4.0 &IoT), Rome, Italy, 7–9 June 2021; pp. 642–647. [Google Scholar] [CrossRef]
  107. Norris, M.; Celik, B.; Venkatesh, P.; Zhao, S.; McDaniel, P.; Sivasubramaniam, A.; Tan, G. IoTRepair: Systematically addressing device faults in commodity IoT. In Proceedings of the IEEE/ACM Fifth International Conference on Internet-of-Things Design and Implementation (IoTDI), Sydney, NSW, Australia, 21–24 April 2020; pp. 142–148. [Google Scholar] [CrossRef]
  108. Zhu, R.; Ji, X.; Yu, D.; Tan, Z.; Zhao, L.; Li, J.; Xia, X. KNN-Based Approximate Outlier Detection Algorithm Over IoT Streaming Data. IEEE Access 2020, 8, 42749–42759. [Google Scholar] [CrossRef]
  109. Wang, Z.; Zhou, Y.; Li, G. Anomaly Detection by Using Streaming K-Means and Batch K-Means. In Proceedings of the 5th IEEE International Conference on Big Data Analytics (ICBDA), Xiamen, China, 8–11 May 2020; pp. 11–17. [Google Scholar] [CrossRef]
  110. Ni, C.; Wu, J.; Wang, H. Energy-Aware Edge Computing Optimization for Real-Time Anomaly Detection in IoT Networks. Appl. Comput. Eng. 2025, 139, 42–53. [Google Scholar] [CrossRef]
  111. Qi, L.; Yang, Y.; Zhou, X.; Rafique, W.; Ma, J. Fast anomaly identification based on multiaspect data streams for intelligent intrusion detection toward secure industry 4.0. IEEE Trans. Ind. Inform. 2021, 18, 6503–6511. [Google Scholar] [CrossRef]
  112. Abderrahim, N.W.; Benosman, A. Adaptive intrusion detection in IoT: Combining batch and incremental learning for enhanced security. Eng. Res. Express 2025, 7, 015278. [Google Scholar] [CrossRef]
  113. Zhou, X.; Yang, T.; Liang, L.; Zi, X.; Yan, J.; Pan, D. Anomaly detection method of daily energy consumption patterns for central air conditioning systems. J. Build. Eng. 2021, 38, 102179. [Google Scholar] [CrossRef]
  114. Serban, C.M.; Sebestyen, G.; Hangan, A. ECG Data Classification with Privacy Preservation in the IoT Context. In Proceedings of the IEEE 3rd Conference on Information Technology and Data Science (CITDS), Debrecen, Hungary, 26–28 August 2024; pp. 1–6. [Google Scholar] [CrossRef]
  115. Chang, Y.; Sobelman, G.E. Lightweight Lossy/Lossless ECG Compression for Medical IoT Systems. IEEE Internet Things J. 2023, 11, 12450–12458. [Google Scholar] [CrossRef]
  116. El Sayed, A.; Ruiz, M.; Harb, H.; Velasco, L. Deep learning-based adaptive compression and anomaly detection for smart B5G use cases operation. Sensors 2023, 23, 1043. [Google Scholar] [CrossRef]
  117. Marah, H.; Lima, L.; Vangheluwe, H.; Challenger, M. An Agent-Oriented Twinning Architecture for Complex Event-Driven Anomaly Detection in Distributed CPS. In Proceedings of the IEEE 22nd International Conference on Software Architecture Companion (ICSA-C), Odense, Denmark, 31 March–4 April 2025; pp. 205–214. [Google Scholar] [CrossRef]
  118. Sood, K.; Nosouhi, M.R.; Kumar, N.; Gaddam, A.; Feng, B.; Yu, S. Accurate detection of IoT sensor behaviors in legitimate, faulty and compromised scenarios. IEEE Trans. Dependable Secur. Comput. 2021, 20, 288–300. [Google Scholar] [CrossRef]
  119. Nguyen, T.D.; Marchal, S.; Miettinen, M.; Fereidooni, H.; Asokan, N.; Sadeghi, A.R. DÏoT: A federated self-learning anomaly detection system for IoT. In Proceedings of the IEEE 39th International Conference on Distributed Computing Systems (ICDCS), Dallas, TX, USA, 7–10 July 2019; pp. 756–767. [Google Scholar] [CrossRef]
  120. Rathore, S.; Kwon, B.W.; Park, J.H. BlockSecIoTNet: Blockchain-based decentralized security architecture for IoT network. J. Netw. Comput. Appl. 2019, 143, 167–177. [Google Scholar] [CrossRef]
  121. Serban, C.M.; Sebestyen, G.; Hangan, A. Anomaly Detection in Water Consumption Patterns Using Prediction and Clustering Approaches. In Proceedings of the IEEE International Conference on Automation, Quality and Testing, Robotics (AQTR), Cluj-Napoca, Romania, 16–18 May 2024; pp. 1–6. [Google Scholar] [CrossRef]
  122. Mascali, L.; Schiera, D.S.; Eiraudo, S.; Barbierato, L.; Giannantonio, R.; Patti, E.; Bottaccioli, L.; Lanzini, A. A machine learning-based Anomaly Detection Framework for building electricity consumption data. Sustain. Energy Grids Netw. 2023, 36, 101194. [Google Scholar] [CrossRef]
  123. Oprea, S.V.; Bâra, A.; Puican, F.C.; Radu, I.C. Anomaly detection with machine learning algorithms and big data in electricity consumption. Sustainability 2021, 13, 10963. [Google Scholar] [CrossRef]
  124. Rodriguez-Goncalves, R.; Garcia-Crespo, A.; Matheus-Chacin, C.; Ruiz-Arroyo, A. Development of an anomaly alert system triggered by unusual behaviors at home. Sensors 2021, 21, 5454. [Google Scholar] [CrossRef]
  125. Pathak, A.K.; Saguna, S.; Mitra, K.; Åhlund, C. Anomaly detection using machine learning to discover sensor tampering in IoT systems. In Proceedings of the IEEE International Conference on Communications, Montreal, QC, Canada, 14–23 June 2021; pp. 1–6. [Google Scholar] [CrossRef]
  126. Lord, M.; Kaplan, A. Mechanical anomaly detection on an embedded microcontroller. In Proceedings of the International Conference on Computational Science and Computational Intelligence (CSCI), Las Vegas, NV, USA, 15–17 December 2021; pp. 562–568. [Google Scholar] [CrossRef]
  127. Goodfellow, I.J.; Shlens, J.; Szegedy, C. Explaining and harnessing adversarial examples. arXiv 2014, arXiv:1412.6572. [Google Scholar] [CrossRef]
  128. Usama, M.; Qadir, J.; Al-Fuqaha, A. Adversarial Attacks on Cognitive Self-Organizing Networks: The Challenge and the Way Forward. In Proceedings of the 43rd IEEE Conference on Local Computer Networks Workshops (LCN Workshops), Chicago, IL, USA, 1–4 October 2018; pp. 90–97. [Google Scholar] [CrossRef]
  129. Xu, W.; Evans, D.; Qi, Y. Feature squeezing: Detecting adversarial examples in deep neural networks. arXiv 2017, arXiv:1704.01155. [Google Scholar] [CrossRef]
  130. Lin, J.; Gan, C.; Han, S. Defensive quantization: When efficiency meets robustness. arXiv 2019, arXiv:1904.08444. [Google Scholar] [CrossRef]
  131. Sutar, S.; Mekala, P. Extensive review on IoT security challenges and LWC implementation on tiny hardware for node level security evaluation. Int. J. Next-Gener. Comput. 2022, 13, 28–53. [Google Scholar] [CrossRef]
  132. Cook, J.; ur Rehman, S.; Khan, M.A. Security and Privacy for Low Power IoT Devices on 5G and Beyond Networks: Challenges and Future Directions. IEEE Access 2023, 11, 39295–39317. [Google Scholar] [CrossRef]
  133. Reis, M.J.; Serôdio, C. Edge AI for Real-Time Anomaly Detection in Smart Homes. Future Internet 2025, 17, 179. [Google Scholar] [CrossRef]
  134. Madry, A.; Makelov, A.; Schmidt, L.; Tsipras, D.; Vladu, A. Towards deep learning models resistant to adversarial attacks. arXiv 2017, arXiv:1706.06083. [Google Scholar] [CrossRef]
Telecom 07 00010 g001
Figure 1. Classification of anomaly detection techniques in resource-constrained IoT systems.
Figure 1. Classification of anomaly detection techniques in resource-constrained IoT systems.
Telecom 07 00010 g001
Table 1. Inclusion and exclusion criteria.
Table 1. Inclusion and exclusion criteria.
CriterionInclusionExclusion
LanguageEnglishNon-English publications
Time FrameJanuary 2015–January 2025Studies outside this period
Publication TypePeer-reviewed journals and conference proceedingsBooks, editorials, and patents
Device FocusResource-constrained IoT devicesNon-constrained systems
Technical ScopeLightweight security, privacy preservation, or anomaly detectionGeneral cybersecurity without IoT focus
ValidationEmpirical validation (simulation or testbed)Theoretical-only frameworks
Table 2. Comprehensive analysis of IoT security constraint studies.
Table 2. Comprehensive analysis of IoT security constraint studies.
CategoryStudyKey ContributionIdentified Limitations
Hardware constraints[7]SLR of IoT threats, novel solutions, empirical studiesNo real-world case studies
[41]ECDH optimization for energy-efficient ECCLimited to specific elliptic curves
[20]Lightweight cryptography (LWC) benchmarkingSuperficial analysis, no real-world studies
[18]Comprehensive review of 50+ LWC algorithmsNo optimal solution identified, limited scope
[42]Adaptive data anonymization for power savings and scalable maskingLimited validation and lacks comparison
[36]Low-cost voltage fault injection methodLimited device scope and applicability
[43]IoT vulnerability taxonomy and practical solutionsNo implementation guidelines
Trust management[25]Multi-perspective trust mechanism analysisLack of critical evaluation framework
[26]T-safe trust framework with improved detectionMATLAB-only validation, cloud-centric approach
[29]Shared IoT ownership model with dynamic groupsTrust assumptions and scalability challenges
Architectural vulnerabilities[31]WPAN security attack/defense taxonomyLimited critical analysis of proposed defenses
[33]Comprehensive IoT vulnerability classificationNo practical implementation insights
[28]Smart city interoperability survey, broad taxonomyTheoretical framework
[27]Protocol fragmentation analysisSuperficial analysis with feasibility gaps
[37]Cross-domain privacy risk analysis, case studiesTechnical depth deficiency
[38]Integrative review of IoT automation risksSector-specific focus limits generalizability
[32]3-layer IoT threat model with case studiesMitigation strategy gaps and CVSS suitability issues
[30]Cross-border data flow legal analysisNo technical mitigation strategies provided
[35]IoT ransomware case analysisSurface-level technical analysis
[39]Multi-layered smart home security frameworkConceptual framework lacking validation
[44]IoT security mechanisms and attack taxonomyLacks systematic validation of defense methods
[40]Multilayered IoT cybersecurity strategiesTheoretical focus with limited validation
[34]Security and privacy concern analysisGeneric solutions without specific implementations
Table 3. Comparison of lightweight cryptographic approaches for constrained IoT.
Table 3. Comparison of lightweight cryptographic approaches for constrained IoT.
CategoryApproachResource EfficiencySecurity StrengthLimitations
Encryption AlgorithmsASCON (NIST) [47,48]High (SW/HW)Strong (AEAD)Emerging standard, less field testing
AES-128 [61]Medium (HW) Low (SW)Very StrongResource-intensive without acceleration
ChaCha20-Poly1305 [50]High (SW)Strong (AEAD)Moderate-term security focus
SPECK [49]Very HighModeratePotential long-term security concerns
PUF AuthenticationPLAKE [55]Very HighHardware-basedScalability issues, server dependency
SRAM-PUF [56]Very HighPhysical securityAging reliability concerns
Dual-PUF [57]HighEnhanced physical securityServer bottleneck, stability issues
Crypto AuthenticationECC-HMAC [58]HighCryptographicLimited real-world validation
IBC-ECC [59]MediumCertificate-freeCentralized PKG vulnerability
Neural-GSA [60]Medium–HighAdaptive securitySynchronization challenges
Table 4. Comprehensive analysis of lightweight cryptography and authentication studies.
Table 4. Comprehensive analysis of lightweight cryptography and authentication studies.
CategoryStudyKey ContributionIdentified Limitations
Encryption techniques[54]3D-LMM hyperchaotic encryption for imagesHigh computational overhead, incomplete practical IoT fit
[48]ASCON in CupCarbon simulator networksLimited AEAD functionality analysis
[49]SPECK vs. ASCON performance comparisonIgnores energy consumption analysis
[62]Wearable IoT encryption selection guideLacks technical depth and validation
[52]Image crypto-compression for MIoTRequires SRGAN server reconstruction
[63]Comprehensive 24+ LWC algorithm surveyScope limitations and data heterogeneity
[64]LWC process with deterministic keysTested only on image data
[65]Ultra-LWC algorithm with high throughputNon-IoT hardware testing
[66]Twofish cloud integrationHardware dependency, short-term data focus
[47]ASCON hardware implementationNo AEAD comparison with alternatives
[53]Hybrid compression–encryption frameworkIgnores energy, limited scalability
[21]Crypto-algorithm benchmarkingNo energy evaluation, limited testbed
[67]ECDH-based onion routingHigh energy use, narrow testing scope
[61]Layered AES+TLS securitySingle gateway failure risk
Authentication protocols[57]Dual-PUF mutual authenticationServer bottleneck, PUF degradation
[55]PUF-based PLAKE protocolScalability issues, server dependency
[59]IBC+ECC mutual authenticationPKG dependency, lacks validation
[58]ECC+HMAC lightweight authenticationNo real-world validation
[60]Neural key exchange with GSASynchronization challenges
[56]SRAM-PUF authenticationAging sensitivity, lacks comparison
Table 5. Privacy-enhancing technologies for resource-constrained IoT.
Table 5. Privacy-enhancing technologies for resource-constrained IoT.
TechniqueClass 0/1 ViabilityPrivacy BenefitsResource Considerations
Federated learningMedium (with optimization)Raw data remains on-device, only model updates sharedRequires careful model sizing, gradient compression, participant scheduling
Differential privacyHighMathematical privacy guarantees, calibrated noise injectionLow computational overhead, epsilon parameter tuning critical
Edge–cloud frameworksHigh (edge component)Distributed trust, encrypted processing capabilitiesCloud dependency for complex operations, bandwidth usage
Lightweight encryptionHighData confidentiality with minimal overheadBalanced security–performance trade-offs required
Table 6. Comprehensive analysis of privacy-enhancing technology studies.
Table 6. Comprehensive analysis of privacy-enhancing technology studies.
CategoryStudyKey ContributionConstraints for Class 0/1 Devices
Edge computing[76]OCSVM with local processing and low-latency detectionNo encryption, TCP-only focus, Python overhead
[83]TinyML + blockchain for industrial IoTHigh blockchain overhead, PLC-only communication
[72]Cross-layer FL with cluster-based sampling for lightweight IDSSampling degrades detection over time, requires periodic FL merging
[70]Feature selection enables federated DNNSimulation-based, no embedded validation
[68]DL + DP for real-time adaptive privacyLimited dataset testing, model-dependent adaptability
Cloud-assisted[82]CNN-LWE hybrid for fast feature extractionEdge server dependency, scalability challenges
[77]Multi-authority ABE with low latencyNo overhead analysis, VM testing limitations
[78]MPC-based real-time fall detectionCloud dependency limits standalone operation
[81]Encrypted image retrieval with SURF/LSHScalability issues, parameter sensitivity
Hybrid approaches[80]Multi-technique utility–privacy balanceScalability issues in real-world deployment
[79]Encrypted traffic inspection with low overheadNo IoT hardware validation, accuracy metrics unclear
Survey[84]Comprehensive ML/DL anomaly detection reviewLacks critical analysis of constrained deployments
Table 7. Breach analysis and corresponding mitigation strategies.
Table 7. Breach analysis and corresponding mitigation strategies.
Breach CasePrimary VulnerabilityTechnical MitigationPET-AD Integration
Mirai botnetDefault credentials, unpatched firmwarePUF-based authentication, secure OTA updatesAD: Network behavior analysis for botnet detection
PET: Encrypted device authentication
Jeep CherokeeInsecure APIs, insufficient segmentationAPI hardening, network micro-segmentationAD: Anomalous control command detection
PET: Secure communication channels
Ring doorbellUnencrypted data transmissionLightweight end-to-end encryptionAD: Unusual reconfiguration pattern detection
PET: Encrypted WiFi credential exchange
Akuvox intercomMultiple vulnerabilities, weak access controlsComprehensive security testing, hardware securityAD: Unauthorized access pattern recognition
PET: Encrypted media streams
Table 8. Practical application of the taxonomy.
Table 8. Practical application of the taxonomy.
Taxonomy DimensionPrivStream [68]TEDA [106]IoTREPAIR [107]
Deployment paradigmEdgeEdge (microcontroller)Fog-layer federation
Resource constraintsComputation: Medium
(MLP/RNN models)
Memory: Optimized
(streaming filters)
Energy: Medium
(continuous sensing)		Computation: Ultra-Low
(TEDA algorithm)
Memory: Minimal
(no stored data)
Energy: Ultra-Low
(event-driven)		Computation: High
(neural networks)
Memory: High
(model training)
Energy: Offloaded
(Fog layer)
Real-time requirementsStream processingStream processingBatch processing (model updates)
Protection techniquesPrivacy preservation: Differential privacy (DP)Privacy preservation: NonePrivacy preservation: Federated learning (FL)
Communication constraintsEvent-drivenEvent-drivenGradient compression
Table 9. Causes of anomalies in IoT systems.
Table 9. Causes of anomalies in IoT systems.
Anomaly CauseDescriptionExamples
Faulty sensorsDue to extended operation or harsh environments, sensors may report erroneous readings or fail prematurelySpatial correlation with ML models detects faulty sensors in smart farming [118]
Cybersecurity threatsMalware, DDoS, MITM, and other attacks can compromise device behavior and data integrityRefs. [107,119,120] use FL-based frameworks, neural networks, and SDN–blockhain hybrids to detect cybersecurity attacks in network traffic data
Data-related issuesData drift, outliers, duplicates, missing values, and inconsistencies in sensor readingsRefs. [121,122,123] use ML and statistical algorithms to detect anomalies in resources consumption (water and electricity)
Unusual behavior of the systemLegitimate but unexpected system behavior due to environmental or operational changesRule-based systems like SecurHome [124] for elderly monitoring
Physical attacksSensor tampering, removal, or modification leading to unauthorized access, disruption of IoT services, security breaches, and device malfunctionsGateway-based detection using supervised and unsupervised learning [125]
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Neagu, M.; Serban, C.M.; Hangan, A.; Sebestyen, G. Trustworthiness in Resource-Constrained IoT: Review and Taxonomy of Privacy-Enhancing Technologies and Anomaly Detection. Telecom 2026, 7, 10. https://doi.org/10.3390/telecom7010010

AMA Style

Neagu M, Serban CM, Hangan A, Sebestyen G. Trustworthiness in Resource-Constrained IoT: Review and Taxonomy of Privacy-Enhancing Technologies and Anomaly Detection. Telecom. 2026; 7(1):10. https://doi.org/10.3390/telecom7010010

Chicago/Turabian Style

Neagu, Madalin, Codruta Maria Serban, Anca Hangan, and Gheorghe Sebestyen. 2026. "Trustworthiness in Resource-Constrained IoT: Review and Taxonomy of Privacy-Enhancing Technologies and Anomaly Detection" Telecom 7, no. 1: 10. https://doi.org/10.3390/telecom7010010

APA Style

Neagu, M., Serban, C. M., Hangan, A., & Sebestyen, G. (2026). Trustworthiness in Resource-Constrained IoT: Review and Taxonomy of Privacy-Enhancing Technologies and Anomaly Detection. Telecom, 7(1), 10. https://doi.org/10.3390/telecom7010010

Article Metrics

Article metric data becomes available approximately 24 hours after publication online.
Back to TopTop