A Critical Analysis on the Security Architectures of Internet of Things: The Road Ahead

Abstract Internet of Things (IoT) has been a most important research area for almost a decade now, where a huge network of billions or trillions of “things” communicating with one another is facing many technical and application challenges. Although there are many uncertainties about its security and privacy, the literature presents different techniques to handle the security issues and challenges in order to develop a well-defined security architecture. This paper reviews 50 research papers that are related to the security of IoT. The security techniques were classified with respect to time consumption, energy consumption, power consumption, lightweight property, reliability, robustness, and smart applicability. Also, the security techniques were analyzed based on the considered attacks, application, utilized simulation tool, security model, and attributes. The objective of the survey is focused on the security loopholes arising out of the information exchange technologies used in IoT. Finally, the important research issues are addressed for the researchers to find the way for further research in the security of IoT. The survey signifies that multilevel and mutual authentication based on attribute-based profile modeling bring more security for access control and authentication.

[1]  Yacine Challal,et al.  A Systemic Approach for IoT Security , 2013, 2013 IEEE International Conference on Distributed Computing in Sensor Systems.

[2]  Chen Liang,et al.  LRMAPC: A Lightweight RFID Mutual Authentication Protocol with Cache in the Reader for IoT , 2014, 2014 IEEE International Conference on Computer and Information Technology.

[3]  Muhammad Waseem,et al.  A Critical Analysis on the Security Concerns of Internet of Things (IoT) , 2015 .

[4]  Andrzej Duda,et al.  OSCAR: Object security architecture for the Internet of Things , 2014, Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014.

[5]  Pascal Urien LLCPS: A new security framework based on TLS for NFC P2P applications in the Internet of Things , 2013, 2013 IEEE 10th Consumer Communications and Networking Conference (CCNC).

[6]  Xingming Sun,et al.  An Anonymity and Authentication Mechanism for Internet of Things , 2011 .

[7]  Alexis Olivereau,et al.  Trustworthy Infrastructure Services for a Secure and Privacy-Respecting Internet of Things , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[8]  Weiming Wu,et al.  A light-weight mutual authentication protocol for ISO 18000-6B standard RFID system , 2009, 2009 IEEE International Conference on Communications Technology and Applications.

[9]  Jari Veijalainen,et al.  Security and privacy threats in IoT architectures , 2012, BODYNETS.

[10]  Nik Bessis,et al.  An Autonomic Agent Trust Model for IoT systems , 2013, EUSPN/ICTH.

[11]  Habtamu Abie,et al.  Metrics-driven security objective decomposition for an e-health application with adaptive security management , 2013, ASPI '13.

[12]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[13]  Kwangjo Kim,et al.  Toward an Inverse-free Lightweight Encryption Scheme for IoT , 2014 .

[14]  David Lake,et al.  Internet of Things: Architectural Framework for eHealth Security , 2014, J. ICT Stand..

[15]  Wen Hu,et al.  Poster: Towards Encrypted Query Processing for the Internet of Things , 2015, MobiCom.

[16]  Nai Fovino Igor,et al.  Dynamic Context-Aware Scalable and Trust-based IoT Security, Privacy Framework , 2014 .

[17]  Bo Hu,et al.  A Vision of IoT: Applications, Challenges, and Opportunities With China Perspective , 2014, IEEE Internet of Things Journal.

[18]  Xiaohui Liang,et al.  CPAL: A Conditional Privacy-Preserving Authentication With Access Linkability for Roaming Service , 2014, IEEE Internet of Things Journal.

[19]  Sherali Zeadally,et al.  An Analysis of RFID Authentication Schemes for Internet of Things in Healthcare Environment Using Elliptic Curve Cryptography , 2015, IEEE Internet of Things Journal.

[20]  Xuemin Shen,et al.  A light weight authentication scheme for mobile wireless Internet applications , 2003, 2003 IEEE Wireless Communications and Networking, 2003. WCNC 2003..

[21]  Noël Crespi,et al.  DPWSim: A Devices Profile for Web Services (DPWS) Simulator , 2015, IEEE Internet of Things Journal.

[22]  Ramjee Prasad,et al.  Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things , 2012, J. Cyber Secur. Mobil..

[23]  Pascal Urien,et al.  LLCPS: A new secure model for Internet of Things services based on the NFC P2P model , 2014, 2014 IEEE Ninth International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP).

[24]  Yan Ling Zhao,et al.  Research on Data Security Technology in Internet of Things , 2013 .

[25]  Michele Zorzi,et al.  BlinkToSCoAP: An end-to-end security framework for the Internet of Things , 2015, 2015 7th International Conference on Communication Systems and Networks (COMSNETS).

[26]  Laurence T. Yang,et al.  Aggregated-Proof Based Hierarchical Authentication Scheme for the Internet of Things , 2015, IEEE Transactions on Parallel and Distributed Systems.

[27]  Chirag M. Shah,et al.  Smart Security Solutions based on Internet of Things (IoT) , 2014 .

[28]  Namje Park,et al.  Mobile middleware platform for secure vessel traffic system in IoT service environment , 2016, Secur. Commun. Networks.

[29]  Juan E. Tapiador,et al.  Probabilistic yoking proofs for large scale IoT systems , 2015, Ad Hoc Networks.

[30]  Hannu Tenhunen,et al.  International Conference on Ambient Systems , Networks and Technologies ( ANT 2015 ) SEA : A Secure and E ffi cient Authentication and Authorization Architecture for IoT-Based Healthcare Using Smart Gateways , 2015 .

[31]  Mukul Panwar,et al.  Security for IoT: An effective DTLS with public certificates , 2015, 2015 International Conference on Advances in Computer Engineering and Applications.

[32]  Jingcheng Wang,et al.  A novel mutual authentication scheme for Internet of Things , 2011, Proceedings of 2011 International Conference on Modelling, Identification and Control.

[33]  Jiming Chen,et al.  Smart community: an internet of things application , 2011, IEEE Communications Magazine.

[34]  Daniele Miorandi,et al.  A secure and quality-aware prototypical architecture for the Internet of Things , 2016, Inf. Syst..

[35]  Xiangjian He,et al.  A Robust Authentication Scheme for Observing Resources in the Internet of Things Environment , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[36]  Roksana Boreli,et al.  Network-level security and privacy control for smart-home IoT devices , 2015, 2015 IEEE 11th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[37]  Georg Carle,et al.  A DTLS based end-to-end security architecture for the Internet of Things with two-way authentication , 2012, 37th Annual IEEE Conference on Local Computer Networks - Workshops.

[38]  Alessandro Neri,et al.  A federated architecture approach for Internet of Things security , 2014, 2014 Euro Med Telco Conference (EMTC).

[39]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[40]  Jianbo Liu,et al.  HB-MAP Protocol: A New Secure Bidirectional Light-Wight Authentication Protocol of HB , 2012, ICEBE.

[41]  Saru Kumari,et al.  An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment , 2016, Ad Hoc Networks.

[42]  Liang Zhou,et al.  Multimedia traffic security architecture for the internet of things , 2011, IEEE Network.

[43]  Jingcheng Wang,et al.  An improved mutual authentication and key update scheme for Multi-Hop Relay in internet of things , 2012, 2012 7th IEEE Conference on Industrial Electronics and Applications (ICIEA).

[44]  Zhi Chen,et al.  A lightweight attribute-based encryption scheme for the Internet of Things , 2015, Future Gener. Comput. Syst..

[45]  Antonio F. Gómez-Skarmeta,et al.  Towards a Lightweight Authentication and Authorization Framework for Smart Objects , 2014 .

[46]  Hannes Tschofenig,et al.  Securing the Internet of Things: A Standardization Perspective , 2014, IEEE Internet of Things Journal.

[47]  Elias Z. Tragos,et al.  RERUM: Building a reliable IoT upon privacy- and security- enabled smart objects , 2014, 2014 IEEE Wireless Communications and Networking Conference Workshops (WCNCW).

[48]  Habtamu Abie,et al.  Towards Run-Time Verification of Adaptive Security for IoT in eHealth , 2014, ECSAW '14.

[49]  Alessandro Neri,et al.  Security Access Protocols in IoT Networks with Heterogenous Non-IP Terminals , 2014, 2014 IEEE International Conference on Distributed Computing in Sensor Systems.

[50]  Victor C. M. Leung,et al.  Fast and Secure Reauthentications for 3GPP Subscribers during WiMAX-WLAN Handovers , 2011, IEEE Transactions on Dependable and Secure Computing.

[51]  Nicola Bui,et al.  Low power link layer security for IoT: Implementation and performance analysis , 2013, 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC).

[52]  Davor Svetinovic,et al.  A taxonomy of security and privacy requirements for the Internet of Things (IoT) , 2014, 2014 IEEE International Conference on Industrial Engineering and Engineering Management.

[53]  Sugata Sanyal,et al.  An Introduction , 1998 .

[54]  Imrich Chlamtac,et al.  Internet of things: Vision, applications and research challenges , 2012, Ad Hoc Networks.