Securing the Internet of Things: A Meta-Study of Challenges, Approaches, and Open Problems

The Internet of Things (IoT) is becoming a key infrastructure for the development of smart ecosystems. However, the increased deployment of IoT devices with poor security has already rendered them increasingly vulnerable to cyber attacks. In some cases, they can be used as a tool for committing serious crimes. Although some researchers have already explored such issues in the IoT domain and provided solutions for them, there remains the need for a thorough analysis of the challenges, solutions, and open problems in this domain. In this paper, we consider this research gap and provide a systematic analysis of security issues of IoT-based systems. Then, we discuss certain existing research projects to resolve the security issues. Finally, we highlight a set of open problems and provide a detailed description for each. We posit that our systematic approach for understanding the nature and challenges in IoT security will motivate researchers to addressing and solving these problems.

[1]  Klaus Wehrle,et al.  Delegation-based authentication and authorization for the IP-based Internet of Things , 2014, 2014 Eleventh Annual IEEE International Conference on Sensing, Communication, and Networking (SECON).

[2]  Alexis Olivereau,et al.  D-HIP: A distributed key exchange scheme for HIP-based Internet of Things , 2012, 2012 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM).

[3]  Ramjee Prasad,et al.  Capability-based access control delegation model on the federated IoT network , 2012, The 15th International Symposium on Wireless Personal Multimedia Communications.

[4]  Klaus Wehrle,et al.  Slimfit — A HIP DEX compression layer for the IP-based Internet of Things , 2013, 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[5]  Luca Veltri,et al.  IoT-OAS: An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios , 2015, IEEE Sensors Journal.

[6]  Oscar Garcia-Morchon,et al.  Security Considerations in the IP-based Internet of Things , 2013 .

[7]  Domenico Rotondi,et al.  A capability-based security approach to manage access control in the Internet of Things , 2013, Math. Comput. Model..

[8]  Alexis Olivereau,et al.  HIP Tiny Exchange (TEX): A distributed key exchange scheme for HIP-based Internet of Things , 2012, Third International Conference on Communications and Networking.

[9]  Behcet Sarikaya,et al.  Security Bootstrapping Solution for Resource-Constrained Devices , 2012 .

[10]  C. Bormann,et al.  Delegated CoAP Authentication and Authorization Framework (DCAF) , 2015 .

[11]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[12]  Óscar García-Morchón,et al.  Securing the IP-based internet of things with HIP and DTLS , 2013, WiSec '13.

[13]  Ludwig Seitz,et al.  Authorization framework for the Internet-of-Things , 2013, 2013 IEEE 14th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[14]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[15]  Jerker Delsing,et al.  An authentication and access control framework for CoAP-based Internet of Things , 2014, IECON 2014 - 40th Annual Conference of the IEEE Industrial Electronics Society.

[16]  Thiemo Voigt,et al.  Lithe: Lightweight Secure CoAP for the Internet of Things , 2013, IEEE Sensors Journal.

[17]  Andrei V. Gurtov,et al.  PAuthKey: A Pervasive Authentication Protocol and Key Establishment Scheme for Wireless Sensor Networks in Distributed IoT Applications , 2014, Int. J. Distributed Sens. Networks.

[18]  Pascal Thubert,et al.  Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks , 2011, RFC.

[19]  Thomas R. Henderson,et al.  Host Identity Protocol Version 2 (HIPv2) , 2015, RFC.

[20]  Carsten Bormann,et al.  6LoWPAN: The Wireless Embedded Internet , 2009 .

[21]  Namhi Kang,et al.  Lightweight secure communication for CoAP-enabled Internet of Things using delegated DTLS handshake , 2014, 2014 International Conference on Information and Communication Technology Convergence (ICTC).

[22]  Antonio F. Gómez-Skarmeta,et al.  Distributed Capability-based Access Control for the Internet of Things , 2013, J. Internet Serv. Inf. Secur..

[23]  Georg Carle,et al.  A DTLS based end-to-end security architecture for the Internet of Things with two-way authentication , 2012, 37th Annual IEEE Conference on Local Computer Networks - Workshops.

[24]  Klaus Wehrle,et al.  Towards viable certificate-based authentication for the internet of things , 2013, HotWiSec '13.

[25]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[26]  Ramjee Prasad,et al.  Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things , 2012, J. Cyber Secur. Mobil..