A survey of security and privacy issues in the Internet of Things from the layered context

Internet of Things (IoT) is a novel paradigm, which not only facilitates a large number of devices to be ubiquitously connected over the Internet but also provides a mechanism to remotely control these devices. The IoT is pervasive and is almost an integral part of our daily life. As devices are becoming increasingly connected, privacy and security issues become more and more critical and these need to be addressed on an urgent basis. IoT implementations and devices are eminently prone to threats that could compromise the security and privacy of the consumers, which, in turn, could influence its practical deployment. In recent past, some research has been carried out to secure IoT devices with an intention to alleviate the security concerns of users. The purpose of this paper is to highlight the security and privacy issues in IoT systems. To this effect, the paper examines the security issues at each layer in the IoT protocol stack, identifies the underlying challenges and key security requirements and provides a brief overview of existing security solutions to safeguard the IoT from the layered context.

[1]  Manas Ranjan Patra,et al.  Cloud Computing: Security Issues and Research Challenges , 2011 .

[2]  Ali Kashif Bashir,et al.  Energy Efficient In-network RFID Data Filtering Scheme in Wireless Sensor Networks , 2011, Sensors.

[3]  Manik Lal Das,et al.  RFID security in the context of "internet of things" , 2012, SecurIT '12.

[4]  Lin Li,et al.  Research on PKI-like Protocol for the Internet of Things , 2013, 2013 Fifth International Conference on Measuring Technology and Mechatronics Automation.

[5]  Lei Pan,et al.  Practical overview of security issues in wireless sensor network applications , 2017 .

[6]  Ali Kashif Bashir,et al.  A Survey on Resource Management in IoT Operating Systems , 2018, IEEE Access.

[7]  Thiemo Voigt,et al.  SVELTE: Real-time intrusion detection in the Internet of Things , 2013, Ad Hoc Networks.

[8]  Sarah Abdallah,et al.  Identity-based authentication scheme for the Internet of Things , 2016, 2016 IEEE Symposium on Computers and Communication (ISCC).

[9]  Murad Khan,et al.  Internet of Things: A Comprehensive Review of Enabling Technologies, Architecture, and Challenges , 2018 .

[10]  Sudhir T. Bagade,et al.  Internet of Things: Architecture, Security Issues and Countermeasures , 2015 .

[11]  Athanasios V. Vasilakos,et al.  Security of the Internet of Things: perspectives and challenges , 2014, Wireless Networks.

[12]  Xi Zheng,et al.  Security analysis of modern mission critical android mobile applications , 2017, ACSW.

[13]  Sathish Alampalayam Kumar,et al.  Security in Internet of Things: Challenges, Solutions and Future Directions , 2016, 2016 49th Hawaii International Conference on System Sciences (HICSS).

[14]  Smruti R. Sarangi,et al.  Internet of Things: Architectures, Protocols, and Applications , 2017, J. Electr. Comput. Eng..

[15]  Ricardo Neisse,et al.  Enforcement of security policy rules for the Internet of Things , 2014, 2014 IEEE 10th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[16]  Alireza Jolfaei,et al.  Preserving the confidentiality of digital images using a chaotic encryption scheme , 2015, Int. J. Electron. Secur. Digit. Forensics.

[17]  Krishna Kant,et al.  A Lightweight Integrity Protection Scheme for Fast Communications in Smart Grid , 2017, SECRYPT.

[18]  Alireza Jolfaei,et al.  Impact of Rotations in the Salsa20/8 Image Encryption Scheme , 2011 .

[19]  Khaled Salah,et al.  IoT security: Review, blockchain solutions, and open challenges , 2017, Future Gener. Comput. Syst..

[20]  Christine Julien,et al.  Efficient and Scalable Runtime Monitoring for Cyber–Physical System , 2018, IEEE Systems Journal.

[21]  Arwa Alrawais,et al.  Fog Computing for the Internet of Things: Security and Privacy Issues , 2017, IEEE Internet Computing.

[22]  Yong Huang,et al.  A Hybrid Method Combining Markov Prediction and Fuzzy Classification for Driving Condition Recognition , 2018, IEEE Transactions on Vehicular Technology.

[23]  Elisa Bertino,et al.  Robust Multi-Factor Authentication for Fragile Communications , 2014, IEEE Transactions on Dependable and Secure Computing.

[24]  Sherali Zeadally,et al.  Network layer inter-operation of Device-to-Device communication technologies in Internet of Things (IoT) , 2017, Ad Hoc Networks.

[25]  Namje Park,et al.  Mutual Authentication Scheme in Secure Internet of Things Technology for Comfortable Lifestyle , 2015, Sensors.

[26]  Muneer Bani Yassein,et al.  Application layer protocols for the Internet of Things: A survey , 2016, 2016 International Conference on Engineering & MIS (ICEMIS).

[27]  Lynn Batten,et al.  Cyber security attacks to modern vehicular systems , 2017, J. Inf. Secur. Appl..

[28]  Luca Veltri,et al.  IoT-OAS: An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios , 2015, IEEE Sensors Journal.

[29]  Sarmad Ullah Khan,et al.  Future Internet: The Internet of Things Architecture, Possible Applications and Key Challenges , 2012, 2012 10th International Conference on Frontiers of Information Technology.

[30]  Xinyu Yang,et al.  A Survey on Internet of Things: Architecture, Enabling Technologies, Security and Privacy, and Applications , 2017, IEEE Internet of Things Journal.

[31]  Klaus Wehrle,et al.  Towards viable certificate-based authentication for the internet of things , 2013, HotWiSec '13.

[32]  Xi Zheng,et al.  A Testbed for Security Analysis of Modern Vehicle Systems , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[33]  Ning Zhang,et al.  SoProtector: Securing Native C/C++ Libraries for Mobile Applications , 2018, ICA3PP.

[34]  Xi Zheng,et al.  A survey on security issues in services communication of Microservices‐enabled fog applications , 2019, Concurr. Comput. Pract. Exp..

[35]  Joonsang Baek,et al.  Lightweight Encryption for Smart Home , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[36]  Jiafu Wan,et al.  Security in the Internet of Things: A Review , 2012, 2012 International Conference on Computer Science and Electronics Engineering.

[37]  Jia-Lun Tsai,et al.  A Privacy-Aware Authentication Scheme for Distributed Mobile Cloud Computing Services , 2015, IEEE Systems Journal.

[38]  Kai Zhao,et al.  A Survey on the Internet of Things Security , 2013, 2013 Ninth International Conference on Computational Intelligence and Security.

[39]  Gianluca Dini,et al.  MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention , 2018, IEEE Transactions on Dependable and Secure Computing.

[40]  Christine Julien,et al.  Verification and Validation in Cyber Physical Systems: Research Challenges and a Way Forward , 2015, 2015 IEEE/ACM 1st International Workshop on Software Engineering for Smart Cyber-Physical Systems.

[41]  Anjali Sardana,et al.  Identity management framework for cloud based internet of things , 2012, SecurIT '12.

[42]  Nakka Ravi Kumar A Review of Low-Power VLSI Technology Developments , 2018 .

[43]  Hu Tao,et al.  Preference-Based Privacy Protection Mechanism for the Internet of Things , 2010, 2010 Third International Symposium on Information Science and Engineering.

[44]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[45]  Rolf H. Weber,et al.  Internet of things: Privacy issues revisited , 2015, Comput. Law Secur. Rev..

[46]  Arkady B. Zaslavsky,et al.  Service-Mediated On-Road Situation-Awareness for Group Activity Safety , 2017, MobiQuitous.

[47]  Christine Julien,et al.  BraceAssertion: Runtime Verification of Cyber-Physical Systems , 2015, 2015 IEEE 12th International Conference on Mobile Ad Hoc and Sensor Systems.

[48]  Ludwig Seitz,et al.  Authorization framework for the Internet-of-Things , 2013, 2013 IEEE 14th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[49]  Yao Zhang,et al.  A novel efficient MAKA protocol with desynchronization for anonymous roaming service in Global Mobility Networks , 2018, J. Netw. Comput. Appl..

[50]  Sutharshan Rajasegarar,et al.  Detection of Smoking Events from Confounding Activities of Daily Living , 2019, ACSW.

[51]  Wen Hu,et al.  Poster: Towards Encrypted Query Processing for the Internet of Things , 2015, MobiCom.

[52]  Xi Zheng,et al.  Investigating Security Vulnerabilities in Modern Vehicle Systems , 2016, ATIS.

[53]  Christine Julien,et al.  Perceptions on the State of the Art in Verification and Validation in Cyber-Physical Systems , 2017, IEEE Systems Journal.

[54]  Yao Zhang,et al.  CSP-E2: An abuse-free contract signing protocol with low-storage TTP for energy-efficient electronic transaction ecosystems , 2019, Inf. Sci..

[55]  Panwit Tuwanut,et al.  A survey on internet of things architecture, protocols, possible applications, security, privacy, real-world implementation and future trends , 2015, 2015 IEEE 16th International Conference on Communication Technology (ICCT).

[56]  Ibrar Yaqoob,et al.  Big IoT Data Analytics: Architecture, Opportunities, and Open Research Challenges , 2017, IEEE Access.

[57]  Wanlei Zhou,et al.  E-AUA: An Efficient Anonymous User Authentication Protocol for Mobile IoT , 2019, IEEE Internet of Things Journal.

[58]  David E. Culler,et al.  Transmission of IPv6 Packets over IEEE 802.15.4 Networks , 2007, RFC.

[59]  Jinjun Chen,et al.  Threats to Networking Cloud and Edge Datacenters in the Internet of Things , 2016, IEEE Cloud Computing.

[60]  G. Padmavathi,et al.  A Survey of Attacks, Security Mechanisms and Challenges in Wireless Sensor Networks , 2009, ArXiv.

[61]  HuangXinyi,et al.  An overview of Fog computing and its security issues , 2016 .

[62]  Robert John Walters,et al.  Fog Computing and the Internet of Things: A Review , 2018, Big Data Cogn. Comput..

[63]  Yingyuan Xiao,et al.  An algorithm on fairness verification of mobile sink routing in wireless sensor network , 2013, Personal and Ubiquitous Computing.

[64]  Imrich Chlamtac,et al.  Internet of things: Vision, applications and research challenges , 2012, Ad Hoc Networks.

[65]  Valery V. Korotaev,et al.  A Reference Model for Internet of Things Middleware , 2018, IEEE Internet of Things Journal.

[66]  Rodrigo Roman,et al.  On the Vital Areas of Intrusion Detection Systems in Wireless Sensor Networks , 2013, IEEE Communications Surveys & Tutorials.

[67]  Utz Roedig,et al.  Securing communication in 6LoWPAN with compressed IPsec , 2011, 2011 International Conference on Distributed Computing in Sensor Systems and Workshops (DCOSS).

[68]  Jonathan Charity Talwana,et al.  Smart World of Internet of Things (IoT) and Its Security Concerns , 2016, 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[69]  Antonio Puliafito,et al.  Blockchain and IoT Integration: A Systematic Survey , 2018, Sensors.

[70]  Xi Zheng Physically informed assertions for cyber physical systems development and debugging , 2014, 2014 IEEE International Conference on Pervasive Computing and Communication Workshops (PERCOM WORKSHOPS).

[71]  Christine Julien,et al.  Brace: assertion-driven development of cyber-physical systems applications , 2013 .

[72]  Lisandro Zambenedetti Granville,et al.  A DTLS-based security architecture for the Internet of Things , 2015, 2015 IEEE Symposium on Computers and Communication (ISCC).

[73]  Andrei V. Gurtov,et al.  PAuthKey: A Pervasive Authentication Protocol and Key Establishment Scheme for Wireless Sensor Networks in Distributed IoT Applications , 2014, Int. J. Distributed Sens. Networks.

[74]  Azzam Sleit,et al.  Authentication Techniques for the Internet of Things: A Survey , 2016, 2016 Cybersecurity and Cyberforensics Conference (CCC).

[75]  Marko Hölbl,et al.  A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion , 2014, Ad Hoc Networks.

[76]  Kouichi Sakurai,et al.  A new security middleware architecture based on fog computing and cloud to support IoT constrained devices , 2017, IML.

[77]  Rolf H. Weber,et al.  Internet of things - Need for a new legal environment? , 2009, Comput. Law Secur. Rev..

[78]  Jong Hyuk Park,et al.  Advanced lightweight encryption algorithms for IoT devices: survey, challenges and solutions , 2017, J. Ambient Intell. Humaniz. Comput..

[79]  Christine Julien,et al.  Real-Time Simulation Support for Runtime Verification of Cyber-Physical Systems , 2017, ACM Trans. Embed. Comput. Syst..

[80]  Carlo Maria Medaglia,et al.  Building Blocks of the Internet of Things: State of the Art and Beyond , 2011 .

[81]  F. Cassez,et al.  Efficient and Scalable Runtime Monitoring for CyberPhysical System , 2018 .

[82]  Xinyi Huang,et al.  A matrix-based cross-layer key establishment protocol for smart homes , 2018, Inf. Sci..

[83]  Krishna Kant,et al.  Privacy and Security of Connected Vehicles in Intelligent Transportation System , 2019, 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks – Supplemental Volume (DSN-S).

[84]  Nikita Chavhan,et al.  False Data Detection in Wireless Sensor Network with Secure communication , 2011 .

[85]  Dhananjay Singh,et al.  A survey of Internet-of-Things: Future vision, architecture, challenges and services , 2014, 2014 IEEE World Forum on Internet of Things (WF-IoT).

[86]  S. P. Raja,et al.  Internet of Things: Challenges, Issues and Applications , 2018, J. Circuits Syst. Comput..

[87]  Arun Somani,et al.  Distributed fault detection of wireless sensor networks , 2006, DIWANS '06.

[88]  Xiaopei Wu,et al.  Driver Drowsiness Detection Using Multi-Channel Second Order Blind Identifications , 2019, IEEE Access.

[89]  Ramesh Karri,et al.  Hardware and embedded security in the context of internet of things , 2013, CyCAR '13.

[90]  Jörg Daubert,et al.  On the Security and Privacy of Internet of Things Architectures and Systems , 2015, 2015 International Workshop on Secure Internet of Things (SIoT).

[91]  Xin-Wen Wu,et al.  A Secure Lightweight Texture Encryption Scheme , 2015, PSIVT Workshops.

[92]  Abdolrasoul Mirghadri,et al.  Substitution-permutation based image cipher using chaotic Henon and Baker’s maps , 2011 .

[93]  Robert Green,et al.  Communication security in internet of thing: preventive measure and avoid DDoS attack over IoT network , 2015, SpringSim.

[94]  Ali Kashif Bashir,et al.  Quality of Service Provisioning for Heterogeneous Services in Cognitive Radio-Enabled Internet of Things , 2020, IEEE Transactions on Network Science and Engineering.

[95]  Yannan Li,et al.  Blockchain-Based Solutions to Security and Privacy Issues in the Internet of Things , 2018, IEEE Wireless Communications.

[96]  Sutharshan Rajasegarar,et al.  Non-invasive sensor based automated smoking activity detection , 2017, 2017 39th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC).

[97]  B. B. Gupta,et al.  Security in Internet of Things: issues, challenges, taxonomy, and architecture , 2017, Telecommunication Systems.

[98]  Ivan Stojmenovic,et al.  An overview of Fog computing and its security issues , 2016, Concurr. Comput. Pract. Exp..

[99]  Valérie Issarny,et al.  Automated synthesis of mediators for middleware-layer protocol interoperability in the IoT , 2019, Future Gener. Comput. Syst..

[100]  Steven J. Vaughan-Nichols Mobile IPv6 and the Future of Wireless Internet Access , 2003, Computer.

[101]  Myung-Ki Shin,et al.  Transmission of IPv6 Packets over IEEE 802.16 , 2006 .

[102]  Utz Roedig,et al.  Demo abstract: Securing communication in 6LoWPAN with compressed IPsec , 2011, 2011 International Conference on Distributed Computing in Sensor Systems and Workshops (DCOSS).

[103]  Christine Julien,et al.  Braceassertion: behavior-driven development for cps application , 2014 .

[104]  Ali Kashif Bashir,et al.  Generalized PVO‐based dynamic block reversible data hiding for secure transmission using firefly algorithm , 2019 .