Top

Wireless Personal Communications

Published in:

24-04-2019

A Review of Security in Internet of Things

Authors: Yasmine Harbi, Zibouda Aliouat, Saad Harous, Abdelhak Bentaleb, Allaoua Refoufi

Published in: Wireless Personal Communications | Issue 1/2019

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Internet of Things (IoT) has drawn significant attention in recent years since it has made revolutionary changes in human life. The IoT enables the exchange of information in a wide variety of applications such as smart buildings, smart health, smart transport, and so on. These diverse application domains can be unified into a single entity referred as smart life. The rapid evolution of the IoT has pushed a race between cyber-criminals and security experts. As billions of connected things communicate with each other and can exchange sensitive information that may be leaked. Hence, strengthening IoT’s security and preserving users’ privacy is a major challenge. This paper aims to provide a comprehensive study of the IoT security. Several IoT security attacks are analyzed, and a taxonomy of the security requirements based on the attacks’ purposes is proposed. Moreover, recent security solutions are described and classified based on their application domains. Finally, open research directions and security challenges are discussed.

previous article Energy Efficiency Optimization for Relay Deployment in Multi-User LTE-Advanced Networks

next article Interoperability in Heterogeneous Wireless Networks Using FIS-ENN Vertical Handover Model

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Gubbi, J., Buyya, R., Marusic, S., & Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems, 29(7), 1645.CrossRef

Yan, Z., Zhang, P., & Vasilakos, A. V. (2014). A survey on trust management for Internet of Things. Journal of Network and Computer Applications, 42, 120.CrossRef

Saif, I., Peasley, S., & Perinkolam, A. (2015). Safeguarding the Internet of Things: Being secure, vigilant, and resilient in the connected age. Deloitte Review, 17. https://www2.deloitte.com/insights/us/en/deloitte-review/issue-17/internet-of-things-data-security-and-privacy.html.

Vermesan, O., & Friess, P. (2013). Internet of Things: Converging technologies for smart environments and integrated ecosystems. Aalborg: River Publishers.

Singh, S., & Singh, N. (2015). In 2015 International conference on Green computing and Internet of Things (ICGCIoT) (pp. 1577–1581). IEEE.

Borgohain, T., Kumar, U., & Sanyal, S. (2015). Survey of security and privacy issues of Internet of Things. arXiv preprint arXiv:1501.02211.

Jing, Q., Vasilakos, A. V., Wan, J., Lu, J., & Qiu, D. (2014). Security of the Internet of Things: Perspectives and challenges. Wireless Networks, 20(8), 2481.CrossRef

Cesare, S. (2014). Breaking the security of physical devices. Presentation at Blackhat, 14. http://regmedia.co.uk/2014/08/06/dfgvhbhjkui867ujk5ytghj.pdf.

Andrea, I., Chrysostomou, C., & Hadjichristofi, G. (2015). In 2015 IEEE symposium on computers and communication (ISCC) (pp. 180–187). IEEE.

10.

Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud computing and Internet of Things: A survey. Future Generation Computer Systems, 56, 684.CrossRef

11.

Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., & Ayyash, M. (2015). Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys & Tutorials, 17(4), 2347.CrossRef

12.

Bormann, C., Castellani, A. P., & Shelby, Z. (2012). Coap: An application protocol for billions of tiny internet nodes. IEEE Internet Computing, 16(2), 62.CrossRef

13.

Rghioui, A., Bouhorma, M., & Benslimane, A. (2013). In 2013 5th International conference on information and communication technology for the Muslim world (ICT4M) (pp. 1–5). IEEE.

14.

Ullah, S., Ali, M., Hussain, A. & Kwak, K. S. (2009). Applications of UWB technology. arXiv preprint arXiv:0911.1681.

15.

Madlmayr, G., Langer, J., Kantner, C., & Scharinger, J. (2008). In Third international conference on availability, reliability and security, 2008. ARES 08 (pp. 642–647). IEEE.

16.

Curran, K., Millar, A., & Garvey, C. Mc. (2012). Near field communication. International Journal of Electrical and Computer Engineering, 2(3), 371.

17.

Cole, P. H., & Ranasinghe, D. C. (2007). Networked RFID Systems & lightweight cryptography. Berlin: Springer.

18.

Eisenbarth, T., & Kumar, S. (2007). A survey of lightweight-cryptography implementations. IEEE Design & Test of Computers, 24(6), 522–533.CrossRef

19.

Sfar, A. R., Natalizio, E., Challal, Y., & Chtourou, Z. (2017). A roadmap for security challenges in the Internet of Things. Digital Communications and Networks, 4, 118–137.CrossRef

20.

Mendez, D. M., Papapanagiotou, I., & Yang, B. (2017). Internet of Things: Survey on security and privacy. arXiv preprint arXiv:1707.01879.

21.

Yang, Y., Wu, L., Yin, G., Li, L., & Zhao, H. (2017). A survey on security and privacy issues in Internet-of-Things. IEEE Internet of Things Journal, 4(5), 1250.CrossRef

22.

Chahid, Y., Benabdellah, M., & Azizi, A. (2017). In 2017 International conference on wireless technologies, embedded and intelligent systems (WITS) (pp. 1–6). IEEE.

23.

Oracevic, A., Dilek, S., & Ozdemir, S. (2017). In 2017 International symposium on networks, computers and communications (ISNCC) (pp. 1–6). IEEE.

24.

Alaba, F. A., Othman, M., Hashem, I. A. T., & Alotaibi, F. (2017). Internet of things security: A survey. Journal of Network and Computer Applications, 88, 10.CrossRef

25.

Razzaq, M. A., Gill, S. H., Qureshi, M. A., & Ullah, S. (2017). Security issues in the Internet of Things (IoT): A comprehensive study. International Journal of Advanced Computer Science and Applications, 8(6), 383.

26.

Riahi, A., Natalizio, E., Challal, Y., Mitton, N., & Iera, A. (2014). In 2014 International conference on computing, networking and communications (ICNC) (pp. 183–188). IEEE.

27.

Ronen, E., & Shamir, A. (2016). In 2016 IEEE European symposium on security and privacy (EuroS&P) (pp. 3–12). IEEE.

28.

Zhao, K., & Ge, L. (2013). In 2013 9th International conference on computational intelligence and security (CIS) (pp. 663–667). IEEE.

29.

Perrig, A., Stankovic, J., & Wagner, D. (2004). Security in wireless sensor networks. Communications of the ACM, 47(6), 53.CrossRef

30.

Mo, Y., & Sinopoli, B. (2009). In 47th Annual Allerton conference on communication, control, and computing, 2009. Allerton 2009 (pp. 911–918). IEEE.

31.

Soni, V., Modi, P., & Chaudhri, V. (2013). Detecting sinkhole attack in wireless sensor network. International Journal of Application or Innovation in Engineering & Management, 2(2), 29.

32.

Lee, P., Clark, A., Bushnell, L., & Poovendran, R. (2014). A passivity framework for modeling and mitigating wormhole attacks on networked control systems. IEEE Transactions on Automatic Control, 59(12), 3224.MathSciNetMATHCrossRef

33.

Yang, X., He, X., Yu, W., Lin, J., Li, R., Yang, Q., et al. (2015). Towards a low-cost remote memory attestation for the smart grid. Sensors, 15(8), 20799.CrossRef

34.

Mpitziopoulos, A., Gavalas, D., Konstantopoulos, C., & Pantziou, G. (2009). A survey on jamming attacks and countermeasures in WSNs. IEEE Communications Surveys & Tutorials, 11(4), 42–56.CrossRef

35.

Ghafir, I., Prenosil, V., Alhejailan, A., & Hammoudeh, M. (2016). In 2016 IEEE 4th international conference on future Internet of Things and cloud (FiCloud) (pp. 145–149). IEEE.

36.

Lin, J., Yu, W., Zhang, N., Yang, X., Zhang, H., & Zhao, W. (2017). A survey on Internet of Things: Architecture, enabling technologies, security and privacy, and applications. IEEE Internet of Things Journal, 4(5), 1125.CrossRef

37.

Padhy, R. P., Patra, M. R., & Satapathy, S. C. (2011). Cloud computing: Security issues and research challenges. International Journal of Computer Science and Information Technology & Security (IJCSITS), 1(2), 136.

38.

Nawir, M., Amir, A., Yaakob, N., & Lynn, O. B. (2016). In 2016 3rd International conference on electronic design (ICED) (pp. 321–326). IEEE.

39.

Alsaadi, E., & Tubaishat, A. (2015). Internet of Things: Features, challenges, and vulnerabilities. International Journal of Advanced Computer Science and Information Technology, 4(1), 1.

40.

Misra, S., Krishna, P. V., Agarwal, H., Saxena, A., & Obaidat, M. S. (2011). In 2011 International conference on Internet of Things (iThings/CPSCom) and 4th international conference on cyber, physical and social computing (pp. 114–122). IEEE.

41.

Roman, R., Zhou, J., & Lopez, J. (2013). On the features and challenges of security and privacy in distributed Internet of Things. Computer Networks, 57(10), 2266.CrossRef

42.

Khoo, B. (2011). In 2011 International conference on Internet of Things (iThings/CPSCom) and 4th international conference on cyber, physical and social computing (pp. 709–712). IEEE.

43.

Thakur, B. S., & Chaudhary, S. (2013). Content sniffing attack detection in client and server side: A survey. International Journal of Advanced Computer Research, 3(2), 7.

44.

Mitrokotsa, A., Rieback, M. R., & Tanenbaum, A. S. (2010). Classifying rfid attacks and defenses. Information Systems Frontiers, 12(5), 491.CrossRef

45.

Laurie, A. (2007). Practical attacks against RFID. Network Security, 2007(9), 4.CrossRef

46.

Sushma, D. N., & Nandal, V. (2011). Security threats in wireless sensor networks. IJCSMS International Journal of Computer Science & Management Studies, 11(01), 59.

47.

Zhang, K., Liang, X., Lu, R., & Shen, X. (2014). Sybil attacks and their defenses in the Internet of Things. IEEE Internet of Things Journal, 1(5), 372.CrossRef

48.

Jagatic, T. N., Johnson, N. A., Jakobsson, M., & Menczer, F. (2007). Social phishing. Communications of the ACM, 50(10), 94.CrossRef

49.

Zhang, J., Gu, D., Guo, Z., & Zhang, L. (2010). In 2010 3rd International conference on advanced computer theory and engineering (ICACTE) (Vol. 6, pp. V6–61). IEEE.

50.

Heer, T., Garcia-Morchon, O., Hummen, R., Keoh, S. L., Kumar, S. S., & Wehrle, K. (2011). Security challenges in the IP-based Internet of Things. Wireless Personal Communications, 61(3), 527.CrossRef

51.

Hossain, M. M., Fotouhi, M., & Hasan, R. (2015). In 2015 IEEE world congress on services (SERVICES) (pp. 21–28). IEEE.

52.

Miorandi, D., Sicari, S., De Pellegrini, F., & Chlamtac, I. (2012). Internet of things: Vision, applications and research challenges. Ad Hoc Networks, 10(7), 1497.CrossRef

53.

Alam, S., Chowdhury, M. M., & Noll, J. (2011). Interoperability of security-enabled Internet of Things. Wireless Personal Communications, 61(3), 567.CrossRef

54.

Babar, S., Stango, A., Prasad, N., Sen, J., & Prasad, R. (2011). In 2011 2nd International conference on wireless communication, vehicular technology, information theory and aerospace & electronic systems technology (Wireless VITAE) (pp. 1–5). IEEE.

55.

Singh, J., Pasquier, T., Bacon, J., Ko, H., & Eyers, D. (2016). Twenty security considerations for cloud-supported Internet of Things. IEEE Internet of Things Journal, 3(3), 269.CrossRef

56.

Weber, R. H. (2015). Internet of Things: Privacy issues revisited. Computer Law & Security Review, 31(5), 618.CrossRef

57.

Misra, S., Maheswaran, M., & Hashmi, S. (2017). Security challenges and approaches in Internet of Things. Berlin: Springer.CrossRef

58.

Sweeney, L. (2002). k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(05), 557.MathSciNetMATHCrossRef

59.

Machanavajjhala, A., Gehrke, J., Kifer, D., & Venkitasubramaniam, M. (2006). In Proceedings of the 22nd international conference on data engineering, 2006. ICDE’06 (pp. 24–24). IEEE.

60.

Li, N., Li, T., & Venkatasubramanian, S. (2007). In IEEE 23rd international conference on data engineering, 2007. ICDE 2007 (pp. 106–115). IEEE.

61.

Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2009). LAMED: A PRNG for EPC class-1 generation-2 RFID specification. Computer Standards & Interfaces, 31(1), 88.CrossRef

62.

Melia-Segui, J., Garcia-Alfaro, J., & Herrera-Joancomarti, J. (2010). In International conference on financial cryptography and data security (pp. 34–46). Springer.

63.

Mandal, K., Fan, X., & Gong, G. (2013). Warbler: A lightweight pseudorandom number generator for EPC C1 Gen2 passive RFID tags. International Journal of RFID Security and Cryptography, 2, 82.CrossRef

64.

Mace, F., Standaert, F. X., Quisquater, J. J., et al. (2007). In Proceedings of the third international conference on RFID security-RFIDSec (pp. 103–114).

65.

Gong, Z., Nikova, S., & Law, Y. W. (2011). In International workshop on radio frequency identification: Security and privacy issues (pp. 1–18). Springer.

66.

Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., & Wingers, L. (2015). Simon and speck: Block ciphers for the Internet of Things. IACR Cryptology ePrint Archive, 2015, 585.MATH

67.

Hell, M., Johansson, T., & Meier, W. (2007). Grain: A stream cipher for constrained environments. International Journal of Wireless and Mobile Computing, 2(1), 86.CrossRef

68.

David, M., Ranasinghe, D. C., & Larsen, T. (2011). In 2011 IEEE international conference on RFID (RFID) (pp. 176–183). IEEE.

69.

Fan, X., Mandal, K. & Gong, G. (2013). In International conference on heterogeneous networking for quality, reliability, security and robustness (pp. 617–632). Springer.

70.

Atzori, L., Iera, A., & Morabito, G. (2010). The Internet of Things: A survey. Computer Networks, 54(15), 2787.MATHCrossRef

71.

Bogdanov, A., Knežević, M., Leander, G., Toz, D., Varıcı, K., & Verbauwhede, I. (2011). In International workshop on cryptographic hardware and embedded systems (pp. 312–325). Springer.

72.

Berger, T. P., D’Hayer, J., Marquet, K., Minier, M., & Thomas, G. (2012). In International conference on cryptology in Africa (pp. 306–323). Springer.

73.

Aumasson, J. P., Henzen, L., Meier, W., & Naya-Plasencia, M. (2013). Quark: A lightweight hash. Journal of cryptology, 26(2), 313.MathSciNetMATHCrossRef

74.

Abyaneh, M. R. S. (2012). Security analysis of lightweight schemes for RFID systems, PhD thesis, University of Bergen, Norway.

75.

Greenstadt, R., & Beal, J. (2008). In Proceedings of the 1st ACM workshop on AISec (pp. 27–30). ACM.

76.

Gusmeroli, S., Piccione, S., & Rotondi, D. (2013). A capability-based security approach to manage access control in the Internet of Things. Mathematical and Computer Modelling, 58(5–6), 1189.CrossRef

77.

Liu, J., Xiao, Y., & Chen, C. P. (2012). Internet of Things’ authentication and access control. International Journal of Security and Networks, 7(4), 228.CrossRef

78.

Bouij-Pasquier, I., Ouahman, A. A., El Kalam, A. A., & de Montfort, M. O. (2015). In 2015 IEEE/ACS 12th international conference of computer systems and applications (AICCSA) (pp. 1–8). IEEE.

79.

Dennis, J. B., & Van Horn, E. C. (1966). Programming semantics for multiprogrammed computations. Communications of the ACM, 9(3), 143.MATHCrossRef

80.

Mahalle, P. N., Anggorojati, B., Prasad, N. R., Prasad, R., et al. (2013). Identity authentication and capability based access control (iacac) for the Internet of Things. Journal of Cyber Security and Mobility, 1(4), 309.

81.

Hernández-Ramos, J. L., Jara, A. J., Marin, L., & Skarmeta, A. F. (2013). Distributed capability-based access control for the Internet of Things. Journal of Internet Services and Information Security (JISIS), 3(3/4), 1.

82.

Mahalle, P. N., Thakre, P. A., Prasad, N. R., & Prasad, R. (2013). In 2013 3rd International conference on wireless communications, vehicular technology, information theory and aerospace & electronic systems (VITAE) (pp. 1–5). IEEE.

83.

Pathan, A. S. K., Lee, H. W., & Hong, C. S. (2006). In The 8th international conference on advanced communication technology, 2006. ICACT 2006 (Vol. 2, p. 6). IEEE.

84.

Oriwoh, E., al Khateeb, H., & Conrad, M. (2016). In International conference on computing and technology innovation (CTI 2015).

85.

Koblitz, N., Menezes, A., & Vanstone, S. (2000). The state of elliptic curve cryptography. Designs, Codes and Cryptography, 19(2–3), 173.MathSciNetMATHCrossRef

86.

Fan, J., Batina, L., & Verbauwhede, I. (2008). In International workshop on selected areas in cryptography (pp. 387–400). Springer.

87.

Coetzee, L., & Eksteen, J. (2011). In IST-Africa conference proceedings, 2011 (pp. 1–9). IEEE.

88.

Etalle, S., den Hartog, J., & Marsh, S. (2007). In Proceedings of the 1st international conference on autonomic computing and communication systems (ICST) (p. 5). Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering.

89.

Kasinathan, P., Pastrone, C., Spirito, M. A., & Vinkovits, M. (2013). In 2013 IEEE 9th international conference on wireless and mobile computing, networking and communications (WiMob) (pp. 600–607). IEEE.

90.

Sheng, Z., Yang, S., Yu, Y., Vasilakos, A., Mccann, J., & Leung, K. (2013). A survey on the IETF protocol suite for the Internet of Things: Standards, challenges, and opportunities. IEEE Wireless Communications, 20(6), 91.CrossRef

91.

Suo, H., Wan, J., Zou, C. & Liu, J. (2012). In 2012 International conference on computer science and electronics engineering (ICCSEE) (Vol. 3, pp. 648–651). IEEE.

92.

Sridhar, S., & Smys, S. (2017). In 2017 International conference on inventive systems and control (ICISC) (pp. 1–5). IEEE.

93.

Regev, O. (2009). On lattices, learning with errors, random linear codes, and cryptography. Journal of the ACM (JACM), 56(6), 34.MathSciNetMATHCrossRef

94.

Song, T., Li, R., Mei, B., Yu, J., Xing, X., & Cheng, X. (2017). A privacy preserving communication protocol for iot applications in smart homes. IEEE Internet of Things Journal, 4(6), 1844.CrossRef

95.

Li, F., Hong, J., & Omala, A. A. (2017). Efficient certificateless access control for industrial Internet of Things. Future Generation Computer Systems, 76, 285.CrossRef

96.

Li, R., Song, T., Capurso, N., Yu, J., Couture, J., & Cheng, X. (2017). IoT applications on secure smart shopping system. IEEE Internet of Things Journal, 4(6), 1945.CrossRef

97.

Yang, Y., Zheng, X., & Tang, C. (2017). Lightweight distributed secure data management system for health Internet of Things. Journal of Network and Computer Applications, 89, 26.CrossRef

98.

Li, N., Liu, D., & Nepal, S. (2017). Lightweight mutual authentication for iot and its applications. IEEE Transactions on Sustainable Computing, 2(4), 359.CrossRef

Title: A Review of Security in Internet of Things
Authors: Yasmine Harbi
Zibouda Aliouat
Saad Harous
Abdelhak Bentaleb
Allaoua Refoufi
Publication date: 24-04-2019
Publisher: Springer US
Published in: Wireless Personal Communications / Issue 1/2019
Print ISSN: 0929-6212
Electronic ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-019-06405-y

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 1/2019

Design of a Variable Depth Axially Corrugated Horn Antenna at X-Band for Low Cross-Polarization Applications

Medical Image Encryption Based on Hybrid Chaotic DNA Diffusion

Fuzzy Enhanced Discrete Bacterial Foraging Optimization for Cell and Resource Blocks Selection in Femtocell Networks

LAS Detector with Soft-Output MMSE Initialization Under Imperfect Channel Estimation and Channel Correlation

Data Aggregation for Increase Performance of Wireless Sensor Networks Using Learning Automata Approach

Optimising Residual Energy Transmission Head with SNR Value in Multiple Clusters