Current research on Internet of Things (IoT) security: A survey
Introduction
The Internet of Things (IoT) is envisioned to grow rapidly due the proliferation of communication technology, the availability of the devices, and computational systems. Hence, IoT security is an area of concern in order to safeguard the hardware and the networks in the IoT system. However, since the idea of networking appliances is still relatively new, security has not been considered in the production of these appliances.
Some examples of existing IoT systems are self-driving vehicles (SDV) for automated vehicular systems, microgrids for distributed energy resources systems, and Smart City Drones for surveillance systems. A microgrid system represents a good example of a cyber-physical system: it links all distributed energy resources (DER) together to provide a comprehensive energy solution for a local geographical region. However, a microgrid IoT system still relies on traditional Supervisory Control and Data Acquisition (SCADA). The integration of the physical and cyber domains actually increases the exposure to attacks: cyber attacks may target the SCADA supervisory control and paralyse the physical domain or the physical devices may be tampered or compromised, affecting the supervisory control system. On the other hand, the drone market is moving quickly to adopt automation techniques and can be integrated into fire fighting, police, smart city surveillance, and emergency response. As municipalities and citizens begin to rely on such a system, it will become critical to keep the system secure and reliable.
In recent years, it has been observed that academic research to address the privacy and security issues for IoT systems has attained positive developments. Currently, the techniques and security methods which have been proposed are essentially based on conventional network security methods. However, applying security mechanisms in an IoT system is more challenging than with a traditional network, due to the heterogeneity of the devices and protocols as well as the scale or the number of nodes in the system. The challenges in applying IoT security mitigation which are due to physical coupling, heterogeneity, resource constraints, privacy, the large scale, trust management and unpreparedness for security are extensively explained in [1].
The survey papers [2], [3], [4], [5], [6] evaluate the possible threats to IoT systems according to the layers and the available countermeasures. Kouicem et al. [7] stated that in recent years, there has been a lot of research to address issues such as key management, confidentiality, integrity, privacy, and policy enforcement for IoT systems, hence suggested traditional cryptography methods and new technologies such as Software Defined Network (SDN) and Blockchain to be implemented to solve current IoT security issues.
One of the key enablers of the rapid progress of academic IoT security research is the availability of a tool for IoT or sensor network simulation and modelling. A comprehensive list of the simulators used in current research is presented by Chernyshev et al. [8]. An open source network simulator, such as NS 3, is the most used simulator for IoT security research. However, since many new security protocols are being proposed, there is an urgent need for a security protocol evaluator, such as Automated Validation of Internet Security Protocols and Applications, AVISPA.
The present paper will survey the current development of IoT security research from 2016 to 2018. Challenges in applying security mechanisms in IoT and its attack vectors will also be evaluated. Simulators or IoT modellers that may be used by new researchers to further develop the IoT security field will be highlighted. The credibility of the published work surveyed here has been ensured by using the reputable Web of Knowledge search engine by using the keyword “IoT security simulation” . The contribution of this paper is highlighted by comparing several aspects of other surveys, such as techniques for IoT security mechanisms, simulation tools, and current research. Table 1 compares the present survey with the other surveys in IoT security published from 2017 to 2018. As compared to these other surveys, the present survey presents findings on the current IoT security mechanisms, including authentication, encryption, trust management, secure routing protocols, and new technologies applied to IoT security, along with the related tools and simulators involved in the research.
Section snippets
Background
The IoT architecture is based on a 3-tier/layer system which consists of a perception/hardware layer, a network/communication layer, and a layer of interfaces/services. The elements that make up an IoT system are hardware/devices, communication/messaging protocols, and interfaces/services.
Hardware, such as the sensors and actuators, comprises the most important elements in the IoT. The typical microprocessor which is used at the hardware layer is usually based on the ARM, MIPS or X86
Introduction to IoT security
Due to the diversity of the devices and multitude of communication protocols in an IoT systems, and also various interfaces and services offered, it is not suitable to implement security mitigation based on the traditional IT network solutions. In fact, the current security measures which are applied in a conventional network may not be sufficient. Attack vectors as listed by Open Web Application Security Project (OWASP) concern the three layers of an IoT system, which are hardware,
Development of current IoT security mechanisms
The main objective of applying security mitigation is to preserve privacy, confidentiality, ensuring the security of the users, infrastructures, data and devices of the IoT and to guarantee the availability of the services offered by an IoT ecosystem. Thus, the mitigation and countermeasures are usually applied according to the classic threat vectors. Fig. 2 shows the trends in the techniques and methods which have been used in 2016–2018. It is observed that authentication is still the most
Discussion
This survey intended to give an overview of the current trends in IoT security research. At the same time, this survey presented some attack vectors and challenges to IoT security. High quality papers from Web of Knowledge were reviewed and categorized into by their objectives, methods used in the research, and the simulation tools used in order to simulate or validate the results. It was found that other than the simulation tools and modeller, the availability of the platform to validate the
Conclusion
The purpose of this survey has been accomplished by giving an adequate overview of the research trends in IoT security between 2016 until 2018 and the relevant tools and simulators. The research from reputable publishers have been reviewed and categorized for easy reference for new researchers. Future directions of this research include developing a comprehensive IoT threat modelling, followed by designing a zero trust algorithm to mitigate known and unknown cyber-attacks on an IoT system.
Mardiana binti Mohamad Noor is currently pursuing her PhD specializing in IoT security in Universiti Teknologi Malaysia. Her research interests include mathematical threat modelling, zero trust networks and cyber security.
Her first degree was from Universiti Sains Malaysia in Electronics Engineering (Hons.). She completed her Masters Degree in Wireless Networks Security and attained MPhil from University Teknologi Malaysia, Kuala Lumpur (UTM KL).
Mphil from Universiti Teknologi Malaysia
References (99)
- et al.
On security challenges and open issues in Internet of Things
Futur. Gener. Comput. Syst.
(2018) - et al.
A roadmap for security challenges in the Internet of Things
Digit. Commun. Networks
(2018) - et al.
Internet of Things security: A survey
J. Netw. Comput. Appl.
(2017) - et al.
Internet of things security: A top-down survey
Comput. Networks
(2018) - et al.
Ad Hoc Networks Secure and efficient user authentication scheme for multi-gateway wireless sensor networks
Ad Hoc Networks
(2017) - et al.
A lightweight and privacy-preserving mutual authentication scheme for wearable devices assisted by cloud server
Comput. Electr. Eng.
(2017) - et al.
A security authorization scheme for smart home Internet of Things devices
Futur. Gener. Comput. Syst.
(2018) - et al.
AAoT: Lightweight attestation and authentication of low-resource things in IoT and CPS
Comput. Networks
(2018) - et al.
A lightweight biometrics based remote user authentication scheme for IoT services
Journal of Information Security and Applications
(2017) - et al.
Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks
Comput. Networks
(2016)
Secure and efficient user authentication scheme for multi-gateway wireless sensor networks
Ad Hoc Networks
A secure end-to-end IoT solution
Sensors Actuators A. Phys.
An e ffi cient authentication and key agreement scheme for multi-gateway wireless sensor networks in IoT deployment
J. Netw. Comput. Appl.
A light weight authentication protocol for IoT-enabled devices in distributed cloud computing environment
Futur. Gener. Comput. Syst.
A remote attestation mechanism for the sensing layer nodes of the Internet of Things
Futur. Gener. Comput. Syst.
Secure routing for internet of things: A survey
J. Netw. Comput. Appl.
AODV routing protocol for Cognitive radio access based Internet of Things ( IoT )
Futur. Gener. Comput. Syst.
Proactive defense mechanisms for the software-defined Internet of Things with non-patchable vulnerabilities
Futur. Gener. Comput. Syst.
Bubbles of Trust: a decentralized Blockchain-based authentication system for IoT
Comput. Secur.
Efficient location privacy algorithm for Internet of Things ( IoT ) services and applications
J. Netw. Comput. Appl.
Robust detection of false data injection attacks for data aggregation in an Internet of Things-based environmental surveillance
Computer Networks
A framework for automating security analysis of the internet of things
J. Netw. Comput. Appl.
Multi-level detection and warning module for bandwidth consumption attacks
International Journal of Security and Its Application
Real-time secure communication for Smart City in high-speed Big Data environment
Futur. Gener. Comput. Syst.
A survey on security and privacy issues in internet-of-things
A survey on internet of things: architecture, enabling technologies, security and privacy, and applications
IEEE Internet Things J.
Security, privacy and trust of different layers in Internet-of-Things (IoTs) framework
Futur. Gener. Comput. Syst.
Internet of Things (IoT): Research
IEEE Internet of Things Journal
Internet-of-Things Security and Vulnerabilities : Taxonomy, Challenges, and Practice
Journal of Hardware and Systems Security
IoT security for utilization of big data: Mutual authentication technology and anonymization technology for positional data
Fujitsu Sci. Tech. J.
Authentication Protocols for Internet of Things: A Comprehensive Survey
Security and Communication Networks
A Robust and Energy Efficient Authentication Protocol for Industrial Internet of Things
IEEE Internet of Things Journal
Two-factor authenticated key agreement supporting unlinkability in 5G-integrated wireless sensor networks
IEEE Access
6LowPSec: An End-to-End Security Protocol for 6LoWPAN
Ad Hoc Networks
A Mutual Authentication and Key Establishment Scheme for M2M Communication in 6LoWPAN Networks
IEEE Trans. Ind. Informatics
Passive secret disclosure attack on an ultralightweight authentication protocol for Internet of Things
J. Supercomput.
Security Access Protocols in IoT Capillary Networks
IEEE Internet of Things Journal
Lightweight key agreement protocol for IoT based on IKEv2
Comput. Electr. Eng.
Prevention of blackhole attack in MANET
A Secure Time Synchronization Protocol Against Fake Timestamps for Large-Scale Internet of Things
IEEE Internet of Things Journal
AccessAuth : Capacity-aware security access authentication in federated-IoT-enabled V2G networks
J. Parallel Distrib. Comput.
Design of Secure User Authenticated Key Management Protocol for Generic IoT Networks
IEEE Internet Things J
Applied sciences secure authentication and prescription safety protocol for telecare health services using ubiquitous IoT
Applied Sciences
Secure authentication scheme for medicine anti-counterfeiting system in IoT environment
IEEE Internet of Things Journal
Secure IoT-Based, Incentive-aware emergency personnel dispatching scheme with weighted fine-grained
ACM Transactions on Intelligent Systems and Technology
System hardening and security monitoring for iot devices to mitigate iot security vulnerabilities and threats
KSII Transactions on Internet and Information Systems
SEGB : Security Enhanced Group Based AKA Protocol for M2M Communication in an IoT Enabled LTE / LTE-A Network
IEEE Access
A homomorphic network coding signature scheme for multiple sources and its application in IoT
Security and Communication Networks
Secure signature-based authenticated key establishment scheme for future IoT Applications
IEEE Access
Cited by (639)
A deep learning-based authentication protocol for IoT-enabled LTE systems
2024, Future Generation Computer SystemsDetecting malicious proxy nodes during IoT network joining phase
2024, Computer NetworksAutomated trusted collaborative processes through blockchain & IoT integration: The fraud detection case
2024, Internet of Things (Netherlands)A trustworthy security model for IIoT attacks on industrial robots
2024, Future Generation Computer SystemsA review on security implementations in soft-processors for IoT applications
2024, Computers and SecurityA lightweight security model for ensuring patient privacy and confidentiality in telehealth applications
2024, Computers in Human Behavior
Mardiana binti Mohamad Noor is currently pursuing her PhD specializing in IoT security in Universiti Teknologi Malaysia. Her research interests include mathematical threat modelling, zero trust networks and cyber security.
Her first degree was from Universiti Sains Malaysia in Electronics Engineering (Hons.). She completed her Masters Degree in Wireless Networks Security and attained MPhil from University Teknologi Malaysia, Kuala Lumpur (UTM KL).
Mphil from Universiti Teknologi Malaysia
Wan Haslina Hassan presently overseeing the Communication Systems and Networks Research Group, in UTM KL, comprising senior academics, researchers and postgraduates students. Research facilities include network simulators and emulator - Tetcos NetSim & NS2 and Matlab. Currently developing a Cybersecurity Research Lab in collaboration with RSA Security - a global Fortune 500 company.
Areas of expertise include computer/mobile/bio-communications and information/network security; curriculum design and development, research management and other activities related to research, academic administration and higher education (undergraduate and postgraduate levels) development.
Experienced in supervising postgraduates students in the areas of nano/molecular communications, content-centric networks, intelligent architectures for mobility management, and network security.