Wireless Personal Communications

, Volume 108, Issue 1, pp 325–344 | Cite as

A Review of Security in Internet of Things

  • Yasmine Harbi
  • Zibouda Aliouat
  • Saad HarousEmail author
  • Abdelhak Bentaleb
  • Allaoua Refoufi


Internet of Things (IoT) has drawn significant attention in recent years since it has made revolutionary changes in human life. The IoT enables the exchange of information in a wide variety of applications such as smart buildings, smart health, smart transport, and so on. These diverse application domains can be unified into a single entity referred as smart life. The rapid evolution of the IoT has pushed a race between cyber-criminals and security experts. As billions of connected things communicate with each other and can exchange sensitive information that may be leaked. Hence, strengthening IoT’s security and preserving users’ privacy is a major challenge. This paper aims to provide a comprehensive study of the IoT security. Several IoT security attacks are analyzed, and a taxonomy of the security requirements based on the attacks’ purposes is proposed. Moreover, recent security solutions are described and classified based on their application domains. Finally, open research directions and security challenges are discussed.


IoT Smart life Cyber-attacks Security Privacy 



  1. 1.
    Gubbi, J., Buyya, R., Marusic, S., & Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems, 29(7), 1645.CrossRefGoogle Scholar
  2. 2.
    Yan, Z., Zhang, P., & Vasilakos, A. V. (2014). A survey on trust management for Internet of Things. Journal of Network and Computer Applications, 42, 120.CrossRefGoogle Scholar
  3. 3.
    Saif, I., Peasley, S., & Perinkolam, A. (2015). Safeguarding the Internet of Things: Being secure, vigilant, and resilient in the connected age. Deloitte Review, 17.
  4. 4.
    Vermesan, O., & Friess, P. (2013). Internet of Things: Converging technologies for smart environments and integrated ecosystems. Aalborg: River Publishers.Google Scholar
  5. 5.
    Singh, S., & Singh, N. (2015). In 2015 International conference on Green computing and Internet of Things (ICGCIoT) (pp. 1577–1581). IEEE.Google Scholar
  6. 6.
    Borgohain, T., Kumar, U., & Sanyal, S. (2015). Survey of security and privacy issues of Internet of Things. arXiv preprint arXiv:1501.02211.
  7. 7.
    Jing, Q., Vasilakos, A. V., Wan, J., Lu, J., & Qiu, D. (2014). Security of the Internet of Things: Perspectives and challenges. Wireless Networks, 20(8), 2481.CrossRefGoogle Scholar
  8. 8.
    Cesare, S. (2014). Breaking the security of physical devices. Presentation at Blackhat, 14.
  9. 9.
    Andrea, I., Chrysostomou, C., & Hadjichristofi, G. (2015). In 2015 IEEE symposium on computers and communication (ISCC) (pp. 180–187). IEEE.Google Scholar
  10. 10.
    Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud computing and Internet of Things: A survey. Future Generation Computer Systems, 56, 684.CrossRefGoogle Scholar
  11. 11.
    Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., & Ayyash, M. (2015). Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys & Tutorials, 17(4), 2347.CrossRefGoogle Scholar
  12. 12.
    Bormann, C., Castellani, A. P., & Shelby, Z. (2012). Coap: An application protocol for billions of tiny internet nodes. IEEE Internet Computing, 16(2), 62.CrossRefGoogle Scholar
  13. 13.
    Rghioui, A., Bouhorma, M., & Benslimane, A. (2013). In 2013 5th International conference on information and communication technology for the Muslim world (ICT4M) (pp. 1–5). IEEE.Google Scholar
  14. 14.
    Ullah, S., Ali, M., Hussain, A. & Kwak, K. S. (2009). Applications of UWB technology. arXiv preprint arXiv:0911.1681.
  15. 15.
    Madlmayr, G., Langer, J., Kantner, C., & Scharinger, J. (2008). In Third international conference on availability, reliability and security, 2008. ARES 08 (pp. 642–647). IEEE.Google Scholar
  16. 16.
    Curran, K., Millar, A., & Garvey, C. Mc. (2012). Near field communication. International Journal of Electrical and Computer Engineering, 2(3), 371.Google Scholar
  17. 17.
    Cole, P. H., & Ranasinghe, D. C. (2007). Networked RFID Systems & lightweight cryptography. Berlin: Springer.Google Scholar
  18. 18.
    Eisenbarth, T., & Kumar, S. (2007). A survey of lightweight-cryptography implementations. IEEE Design & Test of Computers, 24(6), 522–533.CrossRefGoogle Scholar
  19. 19.
    Sfar, A. R., Natalizio, E., Challal, Y., & Chtourou, Z. (2017). A roadmap for security challenges in the Internet of Things. Digital Communications and Networks, 4, 118–137.CrossRefGoogle Scholar
  20. 20.
    Mendez, D. M., Papapanagiotou, I., & Yang, B. (2017). Internet of Things: Survey on security and privacy. arXiv preprint arXiv:1707.01879.
  21. 21.
    Yang, Y., Wu, L., Yin, G., Li, L., & Zhao, H. (2017). A survey on security and privacy issues in Internet-of-Things. IEEE Internet of Things Journal, 4(5), 1250.CrossRefGoogle Scholar
  22. 22.
    Chahid, Y., Benabdellah, M., & Azizi, A. (2017). In 2017 International conference on wireless technologies, embedded and intelligent systems (WITS) (pp. 1–6). IEEE.Google Scholar
  23. 23.
    Oracevic, A., Dilek, S., & Ozdemir, S. (2017). In 2017 International symposium on networks, computers and communications (ISNCC) (pp. 1–6). IEEE.Google Scholar
  24. 24.
    Alaba, F. A., Othman, M., Hashem, I. A. T., & Alotaibi, F. (2017). Internet of things security: A survey. Journal of Network and Computer Applications, 88, 10.CrossRefGoogle Scholar
  25. 25.
    Razzaq, M. A., Gill, S. H., Qureshi, M. A., & Ullah, S. (2017). Security issues in the Internet of Things (IoT): A comprehensive study. International Journal of Advanced Computer Science and Applications, 8(6), 383.Google Scholar
  26. 26.
    Riahi, A., Natalizio, E., Challal, Y., Mitton, N., & Iera, A. (2014). In 2014 International conference on computing, networking and communications (ICNC) (pp. 183–188). IEEE.Google Scholar
  27. 27.
    Ronen, E., & Shamir, A. (2016). In 2016 IEEE European symposium on security and privacy (EuroS&P) (pp. 3–12). IEEE.Google Scholar
  28. 28.
    Zhao, K., & Ge, L. (2013). In 2013 9th International conference on computational intelligence and security (CIS) (pp. 663–667). IEEE.Google Scholar
  29. 29.
    Perrig, A., Stankovic, J., & Wagner, D. (2004). Security in wireless sensor networks. Communications of the ACM, 47(6), 53.CrossRefGoogle Scholar
  30. 30.
    Mo, Y., & Sinopoli, B. (2009). In 47th Annual Allerton conference on communication, control, and computing, 2009. Allerton 2009 (pp. 911–918). IEEE.Google Scholar
  31. 31.
    Soni, V., Modi, P., & Chaudhri, V. (2013). Detecting sinkhole attack in wireless sensor network. International Journal of Application or Innovation in Engineering & Management, 2(2), 29.Google Scholar
  32. 32.
    Lee, P., Clark, A., Bushnell, L., & Poovendran, R. (2014). A passivity framework for modeling and mitigating wormhole attacks on networked control systems. IEEE Transactions on Automatic Control, 59(12), 3224.MathSciNetzbMATHCrossRefGoogle Scholar
  33. 33.
    Yang, X., He, X., Yu, W., Lin, J., Li, R., Yang, Q., et al. (2015). Towards a low-cost remote memory attestation for the smart grid. Sensors, 15(8), 20799.CrossRefGoogle Scholar
  34. 34.
    Mpitziopoulos, A., Gavalas, D., Konstantopoulos, C., & Pantziou, G. (2009). A survey on jamming attacks and countermeasures in WSNs. IEEE Communications Surveys & Tutorials, 11(4), 42–56.CrossRefGoogle Scholar
  35. 35.
    Ghafir, I., Prenosil, V., Alhejailan, A., & Hammoudeh, M. (2016). In 2016 IEEE 4th international conference on future Internet of Things and cloud (FiCloud) (pp. 145–149). IEEE.Google Scholar
  36. 36.
    Lin, J., Yu, W., Zhang, N., Yang, X., Zhang, H., & Zhao, W. (2017). A survey on Internet of Things: Architecture, enabling technologies, security and privacy, and applications. IEEE Internet of Things Journal, 4(5), 1125.CrossRefGoogle Scholar
  37. 37.
    Padhy, R. P., Patra, M. R., & Satapathy, S. C. (2011). Cloud computing: Security issues and research challenges. International Journal of Computer Science and Information Technology & Security (IJCSITS), 1(2), 136.Google Scholar
  38. 38.
    Nawir, M., Amir, A., Yaakob, N., & Lynn, O. B. (2016). In 2016 3rd International conference on electronic design (ICED) (pp. 321–326). IEEE.Google Scholar
  39. 39.
    Alsaadi, E., & Tubaishat, A. (2015). Internet of Things: Features, challenges, and vulnerabilities. International Journal of Advanced Computer Science and Information Technology, 4(1), 1.Google Scholar
  40. 40.
    Misra, S., Krishna, P. V., Agarwal, H., Saxena, A., & Obaidat, M. S. (2011). In 2011 International conference on Internet of Things (iThings/CPSCom) and 4th international conference on cyber, physical and social computing (pp. 114–122). IEEE.Google Scholar
  41. 41.
    Roman, R., Zhou, J., & Lopez, J. (2013). On the features and challenges of security and privacy in distributed Internet of Things. Computer Networks, 57(10), 2266.CrossRefGoogle Scholar
  42. 42.
    Khoo, B. (2011). In 2011 International conference on Internet of Things (iThings/CPSCom) and 4th international conference on cyber, physical and social computing (pp. 709–712). IEEE.Google Scholar
  43. 43.
    Thakur, B. S., & Chaudhary, S. (2013). Content sniffing attack detection in client and server side: A survey. International Journal of Advanced Computer Research, 3(2), 7.Google Scholar
  44. 44.
    Mitrokotsa, A., Rieback, M. R., & Tanenbaum, A. S. (2010). Classifying rfid attacks and defenses. Information Systems Frontiers, 12(5), 491.CrossRefGoogle Scholar
  45. 45.
    Laurie, A. (2007). Practical attacks against RFID. Network Security, 2007(9), 4.CrossRefGoogle Scholar
  46. 46.
    Sushma, D. N., & Nandal, V. (2011). Security threats in wireless sensor networks. IJCSMS International Journal of Computer Science & Management Studies, 11(01), 59.Google Scholar
  47. 47.
    Zhang, K., Liang, X., Lu, R., & Shen, X. (2014). Sybil attacks and their defenses in the Internet of Things. IEEE Internet of Things Journal, 1(5), 372.CrossRefGoogle Scholar
  48. 48.
    Jagatic, T. N., Johnson, N. A., Jakobsson, M., & Menczer, F. (2007). Social phishing. Communications of the ACM, 50(10), 94.CrossRefGoogle Scholar
  49. 49.
    Zhang, J., Gu, D., Guo, Z., & Zhang, L. (2010). In 2010 3rd International conference on advanced computer theory and engineering (ICACTE) (Vol. 6, pp. V6–61). IEEE.Google Scholar
  50. 50.
    Heer, T., Garcia-Morchon, O., Hummen, R., Keoh, S. L., Kumar, S. S., & Wehrle, K. (2011). Security challenges in the IP-based Internet of Things. Wireless Personal Communications, 61(3), 527.CrossRefGoogle Scholar
  51. 51.
    Hossain, M. M., Fotouhi, M., & Hasan, R. (2015). In 2015 IEEE world congress on services (SERVICES) (pp. 21–28). IEEE.Google Scholar
  52. 52.
    Miorandi, D., Sicari, S., De Pellegrini, F., & Chlamtac, I. (2012). Internet of things: Vision, applications and research challenges. Ad Hoc Networks, 10(7), 1497.CrossRefGoogle Scholar
  53. 53.
    Alam, S., Chowdhury, M. M., & Noll, J. (2011). Interoperability of security-enabled Internet of Things. Wireless Personal Communications, 61(3), 567.CrossRefGoogle Scholar
  54. 54.
    Babar, S., Stango, A., Prasad, N., Sen, J., & Prasad, R. (2011). In 2011 2nd International conference on wireless communication, vehicular technology, information theory and aerospace & electronic systems technology (Wireless VITAE) (pp. 1–5). IEEE.Google Scholar
  55. 55.
    Singh, J., Pasquier, T., Bacon, J., Ko, H., & Eyers, D. (2016). Twenty security considerations for cloud-supported Internet of Things. IEEE Internet of Things Journal, 3(3), 269.CrossRefGoogle Scholar
  56. 56.
    Weber, R. H. (2015). Internet of Things: Privacy issues revisited. Computer Law & Security Review, 31(5), 618.CrossRefGoogle Scholar
  57. 57.
    Misra, S., Maheswaran, M., & Hashmi, S. (2017). Security challenges and approaches in Internet of Things. Berlin: Springer.CrossRefGoogle Scholar
  58. 58.
    Sweeney, L. (2002). k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(05), 557.MathSciNetzbMATHCrossRefGoogle Scholar
  59. 59.
    Machanavajjhala, A., Gehrke, J., Kifer, D., & Venkitasubramaniam, M. (2006). In Proceedings of the 22nd international conference on data engineering, 2006. ICDE’06 (pp. 24–24). IEEE.Google Scholar
  60. 60.
    Li, N., Li, T., & Venkatasubramanian, S. (2007). In IEEE 23rd international conference on data engineering, 2007. ICDE 2007 (pp. 106–115). IEEE.Google Scholar
  61. 61.
    Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2009). LAMED: A PRNG for EPC class-1 generation-2 RFID specification. Computer Standards & Interfaces, 31(1), 88.CrossRefGoogle Scholar
  62. 62.
    Melia-Segui, J., Garcia-Alfaro, J., & Herrera-Joancomarti, J. (2010). In International conference on financial cryptography and data security (pp. 34–46). Springer.Google Scholar
  63. 63.
    Mandal, K., Fan, X., & Gong, G. (2013). Warbler: A lightweight pseudorandom number generator for EPC C1 Gen2 passive RFID tags. International Journal of RFID Security and Cryptography, 2, 82.CrossRefGoogle Scholar
  64. 64.
    Mace, F., Standaert, F. X., Quisquater, J. J., et al. (2007). In Proceedings of the third international conference on RFID security-RFIDSec (pp. 103–114).Google Scholar
  65. 65.
    Gong, Z., Nikova, S., & Law, Y. W. (2011). In International workshop on radio frequency identification: Security and privacy issues (pp. 1–18). Springer.Google Scholar
  66. 66.
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., & Wingers, L. (2015). Simon and speck: Block ciphers for the Internet of Things. IACR Cryptology ePrint Archive, 2015, 585.zbMATHGoogle Scholar
  67. 67.
    Hell, M., Johansson, T., & Meier, W. (2007). Grain: A stream cipher for constrained environments. International Journal of Wireless and Mobile Computing, 2(1), 86.CrossRefGoogle Scholar
  68. 68.
    David, M., Ranasinghe, D. C., & Larsen, T. (2011). In 2011 IEEE international conference on RFID (RFID) (pp. 176–183). IEEE.Google Scholar
  69. 69.
    Fan, X., Mandal, K. & Gong, G. (2013). In International conference on heterogeneous networking for quality, reliability, security and robustness (pp. 617–632). Springer.Google Scholar
  70. 70.
    Atzori, L., Iera, A., & Morabito, G. (2010). The Internet of Things: A survey. Computer Networks, 54(15), 2787.zbMATHCrossRefGoogle Scholar
  71. 71.
    Bogdanov, A., Knežević, M., Leander, G., Toz, D., Varıcı, K., & Verbauwhede, I. (2011). In International workshop on cryptographic hardware and embedded systems (pp. 312–325). Springer.Google Scholar
  72. 72.
    Berger, T. P., D’Hayer, J., Marquet, K., Minier, M., & Thomas, G. (2012). In International conference on cryptology in Africa (pp. 306–323). Springer.Google Scholar
  73. 73.
    Aumasson, J. P., Henzen, L., Meier, W., & Naya-Plasencia, M. (2013). Quark: A lightweight hash. Journal of cryptology, 26(2), 313.MathSciNetzbMATHCrossRefGoogle Scholar
  74. 74.
    Abyaneh, M. R. S. (2012). Security analysis of lightweight schemes for RFID systems, PhD thesis, University of Bergen, Norway.Google Scholar
  75. 75.
    Greenstadt, R., & Beal, J. (2008). In Proceedings of the 1st ACM workshop on AISec (pp. 27–30). ACM.Google Scholar
  76. 76.
    Gusmeroli, S., Piccione, S., & Rotondi, D. (2013). A capability-based security approach to manage access control in the Internet of Things. Mathematical and Computer Modelling, 58(5–6), 1189.CrossRefGoogle Scholar
  77. 77.
    Liu, J., Xiao, Y., & Chen, C. P. (2012). Internet of Things’ authentication and access control. International Journal of Security and Networks, 7(4), 228.CrossRefGoogle Scholar
  78. 78.
    Bouij-Pasquier, I., Ouahman, A. A., El Kalam, A. A., & de Montfort, M. O. (2015). In 2015 IEEE/ACS 12th international conference of computer systems and applications (AICCSA) (pp. 1–8). IEEE.Google Scholar
  79. 79.
    Dennis, J. B., & Van Horn, E. C. (1966). Programming semantics for multiprogrammed computations. Communications of the ACM, 9(3), 143.zbMATHCrossRefGoogle Scholar
  80. 80.
    Mahalle, P. N., Anggorojati, B., Prasad, N. R., Prasad, R., et al. (2013). Identity authentication and capability based access control (iacac) for the Internet of Things. Journal of Cyber Security and Mobility, 1(4), 309.Google Scholar
  81. 81.
    Hernández-Ramos, J. L., Jara, A. J., Marin, L., & Skarmeta, A. F. (2013). Distributed capability-based access control for the Internet of Things. Journal of Internet Services and Information Security (JISIS), 3(3/4), 1.Google Scholar
  82. 82.
    Mahalle, P. N., Thakre, P. A., Prasad, N. R., & Prasad, R. (2013). In 2013 3rd International conference on wireless communications, vehicular technology, information theory and aerospace & electronic systems (VITAE) (pp. 1–5). IEEE.Google Scholar
  83. 83.
    Pathan, A. S. K., Lee, H. W., & Hong, C. S. (2006). In The 8th international conference on advanced communication technology, 2006. ICACT 2006 (Vol. 2, p. 6). IEEE.Google Scholar
  84. 84.
    Oriwoh, E., al Khateeb, H., & Conrad, M. (2016). In International conference on computing and technology innovation (CTI 2015).Google Scholar
  85. 85.
    Koblitz, N., Menezes, A., & Vanstone, S. (2000). The state of elliptic curve cryptography. Designs, Codes and Cryptography, 19(2–3), 173.MathSciNetzbMATHCrossRefGoogle Scholar
  86. 86.
    Fan, J., Batina, L., & Verbauwhede, I. (2008). In International workshop on selected areas in cryptography (pp. 387–400). Springer.Google Scholar
  87. 87.
    Coetzee, L., & Eksteen, J. (2011). In IST-Africa conference proceedings, 2011 (pp. 1–9). IEEE.Google Scholar
  88. 88.
    Etalle, S., den Hartog, J., & Marsh, S. (2007). In Proceedings of the 1st international conference on autonomic computing and communication systems (ICST) (p. 5). Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering.Google Scholar
  89. 89.
    Kasinathan, P., Pastrone, C., Spirito, M. A., & Vinkovits, M. (2013). In 2013 IEEE 9th international conference on wireless and mobile computing, networking and communications (WiMob) (pp. 600–607). IEEE.Google Scholar
  90. 90.
    Sheng, Z., Yang, S., Yu, Y., Vasilakos, A., Mccann, J., & Leung, K. (2013). A survey on the IETF protocol suite for the Internet of Things: Standards, challenges, and opportunities. IEEE Wireless Communications, 20(6), 91.CrossRefGoogle Scholar
  91. 91.
    Suo, H., Wan, J., Zou, C. & Liu, J. (2012). In 2012 International conference on computer science and electronics engineering (ICCSEE) (Vol. 3, pp. 648–651). IEEE.Google Scholar
  92. 92.
    Sridhar, S., & Smys, S. (2017). In 2017 International conference on inventive systems and control (ICISC) (pp. 1–5). IEEE.Google Scholar
  93. 93.
    Regev, O. (2009). On lattices, learning with errors, random linear codes, and cryptography. Journal of the ACM (JACM), 56(6), 34.MathSciNetzbMATHCrossRefGoogle Scholar
  94. 94.
    Song, T., Li, R., Mei, B., Yu, J., Xing, X., & Cheng, X. (2017). A privacy preserving communication protocol for iot applications in smart homes. IEEE Internet of Things Journal, 4(6), 1844.CrossRefGoogle Scholar
  95. 95.
    Li, F., Hong, J., & Omala, A. A. (2017). Efficient certificateless access control for industrial Internet of Things. Future Generation Computer Systems, 76, 285.CrossRefGoogle Scholar
  96. 96.
    Li, R., Song, T., Capurso, N., Yu, J., Couture, J., & Cheng, X. (2017). IoT applications on secure smart shopping system. IEEE Internet of Things Journal, 4(6), 1945.CrossRefGoogle Scholar
  97. 97.
    Yang, Y., Zheng, X., & Tang, C. (2017). Lightweight distributed secure data management system for health Internet of Things. Journal of Network and Computer Applications, 89, 26.CrossRefGoogle Scholar
  98. 98.
    Li, N., Liu, D., & Nepal, S. (2017). Lightweight mutual authentication for iot and its applications. IEEE Transactions on Sustainable Computing, 2(4), 359.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  • Yasmine Harbi
    • 1
  • Zibouda Aliouat
    • 1
  • Saad Harous
    • 2
    Email author
  • Abdelhak Bentaleb
    • 3
  • Allaoua Refoufi
    • 1
  1. 1.LRSD LaboratoryFerhat Abbas University of Setif1SétifAlgeria
  2. 2.College of Information TechnologyUnited Arab Emirates UniversityAl AinUAE
  3. 3.National University of SingaporeSingaporeSingapore

Personalised recommendations