Elsevier

Computer Networks

Volume 148, 15 January 2019, Pages 283-294
Computer Networks

Current research on Internet of Things (IoT) security: A survey

https://doi.org/10.1016/j.comnet.2018.11.025Get rights and content

Abstract

The results of IoT failures can be severe, therefore, the study and research in security issues in the IoT is of extreme significance. The main objective of IoT security is to preserve privacy, confidentiality, ensure the security of the users, infrastructures, data, and devices of the IoT, and guarantee the availability of the services offered by an IoT ecosystem. Thus, research in IoT security has recently been gaining much momentum with the help of the available simulation tools, modellers, and computational and analysis platforms. This paper presents an analysis of recent research in IoT security from 2016 to 2018, its trends and open issues. The main contribution of this paper is to provide an overview of the current state of IoT security research, the relevant tools,IoT modellers and simulators.

Introduction

The Internet of Things (IoT) is envisioned to grow rapidly due the proliferation of communication technology, the availability of the devices, and computational systems. Hence, IoT security is an area of concern in order to safeguard the hardware and the networks in the IoT system. However, since the idea of networking appliances is still relatively new, security has not been considered in the production of these appliances.

Some examples of existing IoT systems are self-driving vehicles (SDV) for automated vehicular systems, microgrids for distributed energy resources systems, and Smart City Drones for surveillance systems. A microgrid system represents a good example of a cyber-physical system: it links all distributed energy resources (DER) together to provide a comprehensive energy solution for a local geographical region. However, a microgrid IoT system still relies on traditional Supervisory Control and Data Acquisition (SCADA). The integration of the physical and cyber domains actually increases the exposure to attacks: cyber attacks may target the SCADA supervisory control and paralyse the physical domain or the physical devices may be tampered or compromised, affecting the supervisory control system. On the other hand, the drone market is moving quickly to adopt automation techniques and can be integrated into fire fighting, police, smart city surveillance, and emergency response. As municipalities and citizens begin to rely on such a system, it will become critical to keep the system secure and reliable.

In recent years, it has been observed that academic research to address the privacy and security issues for IoT systems has attained positive developments. Currently, the techniques and security methods which have been proposed are essentially based on conventional network security methods. However, applying security mechanisms in an IoT system is more challenging than with a traditional network, due to the heterogeneity of the devices and protocols as well as the scale or the number of nodes in the system. The challenges in applying IoT security mitigation which are due to physical coupling, heterogeneity, resource constraints, privacy, the large scale, trust management and unpreparedness for security are extensively explained in [1].

The survey papers [2], [3], [4], [5], [6] evaluate the possible threats to IoT systems according to the layers and the available countermeasures. Kouicem et al. [7] stated that in recent years, there has been a lot of research to address issues such as key management, confidentiality, integrity, privacy, and policy enforcement for IoT systems, hence suggested traditional cryptography methods and new technologies such as Software Defined Network (SDN) and Blockchain to be implemented to solve current IoT security issues.

One of the key enablers of the rapid progress of academic IoT security research is the availability of a tool for IoT or sensor network simulation and modelling. A comprehensive list of the simulators used in current research is presented by Chernyshev et al. [8]. An open source network simulator, such as NS 3, is the most used simulator for IoT security research. However, since many new security protocols are being proposed, there is an urgent need for a security protocol evaluator, such as Automated Validation of Internet Security Protocols and Applications, AVISPA.

The present paper will survey the current development of IoT security research from 2016 to 2018. Challenges in applying security mechanisms in IoT and its attack vectors will also be evaluated. Simulators or IoT modellers that may be used by new researchers to further develop the IoT security field will be highlighted. The credibility of the published work surveyed here has been ensured by using the reputable Web of Knowledge search engine by using the keyword “IoT security simulation” . The contribution of this paper is highlighted by comparing several aspects of other surveys, such as techniques for IoT security mechanisms, simulation tools, and current research. Table 1 compares the present survey with the other surveys in IoT security published from 2017 to 2018. As compared to these other surveys, the present survey presents findings on the current IoT security mechanisms, including authentication, encryption, trust management, secure routing protocols, and new technologies applied to IoT security, along with the related tools and simulators involved in the research.

Section snippets

Background

The IoT architecture is based on a 3-tier/layer system which consists of a perception/hardware layer, a network/communication layer, and a layer of interfaces/services. The elements that make up an IoT system are hardware/devices, communication/messaging protocols, and interfaces/services.

Hardware, such as the sensors and actuators, comprises the most important elements in the IoT. The typical microprocessor which is used at the hardware layer is usually based on the ARM, MIPS or X86

Introduction to IoT security

Due to the diversity of the devices and multitude of communication protocols in an IoT systems, and also various interfaces and services offered, it is not suitable to implement security mitigation based on the traditional IT network solutions. In fact, the current security measures which are applied in a conventional network may not be sufficient. Attack vectors as listed by Open Web Application Security Project (OWASP) concern the three layers of an IoT system, which are hardware,

Development of current IoT security mechanisms

The main objective of applying security mitigation is to preserve privacy, confidentiality, ensuring the security of the users, infrastructures, data and devices of the IoT and to guarantee the availability of the services offered by an IoT ecosystem. Thus, the mitigation and countermeasures are usually applied according to the classic threat vectors. Fig. 2 shows the trends in the techniques and methods which have been used in 2016–2018. It is observed that authentication is still the most

Discussion

This survey intended to give an overview of the current trends in IoT security research. At the same time, this survey presented some attack vectors and challenges to IoT security. High quality papers from Web of Knowledge were reviewed and categorized into by their objectives, methods used in the research, and the simulation tools used in order to simulate or validate the results. It was found that other than the simulation tools and modeller, the availability of the platform to validate the

Conclusion

The purpose of this survey has been accomplished by giving an adequate overview of the research trends in IoT security between 2016 until 2018 and the relevant tools and simulators. The research from reputable publishers have been reviewed and categorized for easy reference for new researchers. Future directions of this research include developing a comprehensive IoT threat modelling, followed by designing a zero trust algorithm to mitigate known and unknown cyber-attacks on an IoT system.

Mardiana binti Mohamad Noor is currently pursuing her PhD specializing in IoT security in Universiti Teknologi Malaysia. Her research interests include mathematical threat modelling, zero trust networks and cyber security.

Her first degree was from Universiti Sains Malaysia in Electronics Engineering (Hons.). She completed her Masters Degree in Wireless Networks Security and attained MPhil from University Teknologi Malaysia, Kuala Lumpur (UTM KL).

Mphil from Universiti Teknologi Malaysia

References (99)

  • J. Srinivas et al.

    Secure and efficient user authentication scheme for multi-gateway wireless sensor networks

    Ad Hoc Networks

    (2017)
  • A. Mathur et al.

    A secure end-to-end IoT solution

    Sensors Actuators A. Phys.

    (2017)
  • F. Wu

    An e ffi cient authentication and key agreement scheme for multi-gateway wireless sensor networks in IoT deployment

    J. Netw. Comput. Appl.

    (2017)
  • R. Amin et al.

    A light weight authentication protocol for IoT-enabled devices in distributed cloud computing environment

    Futur. Gener. Comput. Syst.

    (2018)
  • B. Gong et al.

    A remote attestation mechanism for the sensing layer nodes of the Internet of Things

    Futur. Gener. Comput. Syst.

    (2018)
  • D. Airehrour et al.

    Secure routing for internet of things: A survey

    J. Netw. Comput. Appl.

    (2016)
  • S. Anamalamudi et al.

    AODV routing protocol for Cognitive radio access based Internet of Things ( IoT )

    Futur. Gener. Comput. Syst.

    (2018)
  • M. Ge et al.

    Proactive defense mechanisms for the software-defined Internet of Things with non-patchable vulnerabilities

    Futur. Gener. Comput. Syst.

    (2018)
  • M.T. Hammi et al.

    Bubbles of Trust: a decentralized Blockchain-based authentication system for IoT

    Comput. Secur.

    (2018)
  • G. Sun

    Efficient location privacy algorithm for Internet of Things ( IoT ) services and applications

    J. Netw. Comput. Appl.

    (2017)
  • L. Yang et al.

    Robust detection of false data injection attacks for data aggregation in an Internet of Things-based environmental surveillance

    Computer Networks

    (2017)
  • M. Ge et al.

    A framework for automating security analysis of the internet of things

    J. Netw. Comput. Appl.

    (2017)
  • J. Yang et al.

    Multi-level detection and warning module for bandwidth consumption attacks

    International Journal of Security and Its Application

    (2016)
  • M.M. Rathore et al.

    Real-time secure communication for Smart City in high-speed Big Data environment

    Futur. Gener. Comput. Syst.

    (2018)
  • H.Z. Yuchen Yang et al.

    A survey on security and privacy issues in internet-of-things

  • J. Lin et al.

    A survey on internet of things: architecture, enabling technologies, security and privacy, and applications

    IEEE Internet Things J.

    (2017)
  • A. Tewari et al.

    Security, privacy and trust of different layers in Internet-of-Things (IoTs) framework

    Futur. Gener. Comput. Syst.

    (2018)
  • M. Chernyshev et al.

    Internet of Things (IoT): Research

    IEEE Internet of Things Journal

    (2018)
  • K. Chen et al.

    Internet-of-Things Security and Vulnerabilities : Taxonomy, Challenges, and Practice

    Journal of Hardware and Systems Security

    (2018)
  • T. Shinzaki et al.

    IoT security for utilization of big data: Mutual authentication technology and anonymization technology for positional data

    Fujitsu Sci. Tech. J.

    (2016)
  • M.A. Ferrag et al.

    Authentication Protocols for Internet of Things: A Comprehensive Survey

    Security and Communication Networks

    (2017)
  • X. Li et al.

    A Robust and Energy Efficient Authentication Protocol for Industrial Internet of Things

    IEEE Internet of Things Journal

    (2018)
  • S. Shin et al.

    Two-factor authenticated key agreement supporting unlinkability in 5G-integrated wireless sensor networks

    IEEE Access

    (2018)
  • G. Glissa et al.

    6LowPSec: An End-to-End Security Protocol for 6LoWPAN

    Ad Hoc Networks

    (2018)
  • Y. Qiu et al.

    A Mutual Authentication and Key Establishment Scheme for M2M Communication in 6LoWPAN Networks

    IEEE Trans. Ind. Informatics

    (2016)
  • M. Safkhani et al.

    Passive secret disclosure attack on an ultralightweight authentication protocol for Internet of Things

    J. Supercomput.

    (2017)
  • R. Giuliano et al.

    Security Access Protocols in IoT Capillary Networks

    IEEE Internet of Things Journal

    (2017)
  • M. Lavanya et al.

    Lightweight key agreement protocol for IoT based on IKEv2

    Comput. Electr. Eng.

    (2017)
  • V.S. Latha Tamilselvan

    Prevention of blackhole attack in MANET

  • T. Qiu

    A Secure Time Synchronization Protocol Against Fake Timestamps for Large-Scale Internet of Things

    IEEE Internet of Things Journal

    (2017)
  • J.P.D. Comput et al.

    AccessAuth : Capacity-aware security access authentication in federated-IoT-enabled V2G networks

    J. Parallel Distrib. Comput.

    (2018)
  • M. Wazid et al.

    Design of Secure User Authenticated Key Management Protocol for Generic IoT Networks

    IEEE Internet Things J

    (2018)
  • Z. Mahmood et al.

    Applied sciences secure authentication and prescription safety protocol for telecare health services using ubiquitous IoT

    Applied Sciences

    (2017)
  • M. Wazid et al.

    Secure authentication scheme for medicine anti-counterfeiting system in IoT environment

    IEEE Internet of Things Journal

    (2017)
  • L. Yeh et al.

    Secure IoT-Based, Incentive-aware emergency personnel dispatching scheme with weighted fine-grained

    ACM Transactions on Intelligent Systems and Technology

    (2017)
  • S. Choi et al.

    System hardening and security monitoring for iot devices to mitigate iot security vulnerabilities and threats

    KSII Transactions on Internet and Information Systems

    (2018)
  • B.L. Parne et al.

    SEGB : Security Enhanced Group Based AKA Protocol for M2M Communication in an IoT Enabled LTE / LTE-A Network

    IEEE Access

    (2018)
  • T. Li et al.

    A homomorphic network coding signature scheme for multiple sources and its application in IoT

    Security and Communication Networks

    (2018)
  • S. Challa et al.

    Secure signature-based authenticated key establishment scheme for future IoT Applications

    IEEE Access

    (2017)
  • Cited by (639)

    View all citing articles on Scopus

    Mardiana binti Mohamad Noor is currently pursuing her PhD specializing in IoT security in Universiti Teknologi Malaysia. Her research interests include mathematical threat modelling, zero trust networks and cyber security.

    Her first degree was from Universiti Sains Malaysia in Electronics Engineering (Hons.). She completed her Masters Degree in Wireless Networks Security and attained MPhil from University Teknologi Malaysia, Kuala Lumpur (UTM KL).

    Mphil from Universiti Teknologi Malaysia

    Wan Haslina Hassan presently overseeing the Communication Systems and Networks Research Group, in UTM KL, comprising senior academics, researchers and postgraduates students. Research facilities include network simulators and emulator - Tetcos NetSim & NS2 and Matlab. Currently developing a Cybersecurity Research Lab in collaboration with RSA Security - a global Fortune 500 company.

    Areas of expertise include computer/mobile/bio-communications and information/network security; curriculum design and development, research management and other activities related to research, academic administration and higher education (undergraduate and postgraduate levels) development.

    Experienced in supervising postgraduates students in the areas of nano/molecular communications, content-centric networks, intelligent architectures for mobility management, and network security.

    View full text