Security trends in Internet of Things: a survey

The Internet of Things (IoT) is a network of embedded devices that are uniquely identifiable and have embedded software required to communicate between the transient states. The purpose of this study is to explore discrete IoT security challenges pertaining to currently deployed IoT standards and protocols. We have presented a detailed review in this study that focuses on IoT's imminent security aspects, covering identification of risks pertaining to the current IoT system, novel security protocols, and security projects proffered in recent years. This work presents an updated review of the IoT architecture in the protocols and standards that are proffered for the next-gen IoT systems. A security-specific comparative analysis of protocols, standards, and proffered security models are presented as per IoT security requirements. This study elicits the need for standardization at the communication and data audit level, which exposes the hardware, software, and data to various threats and attacks. Our study reveals a need for protocols that are competent enough to be accorded for over one threat vector. This paper provides an insight into the latest security research trends, which will prove beneficial in the development of IoT security. The research outcomes can benefit the research community in IoT by integrating IoT-based devices' best security aspects.


Introduction
Lately, the entire network domain is undergoing a drastic technological revolution. Automation of networks has been a hot topic that has been trending for quite some time. Supplementing it is Internet of Things (IoT) technology, which paves the way for providing that element. The Internet of Things [1] is defined as the inter-device environment built up by the devices that focus on three important tasks-transmitting data, receiving data, and processing received data. Initially, local physical devices connected to the internet for real-time data analysis were considered being the IoT network. With time-lapse, IoT's scale has extended itself from the local workstation to Industrial IoT frameworks [2]. Research works on IoT depict the proliferation of IoT in the field of-healthcare [3], industrial setup [4], business analytics, education, etc. As of 2019, IoT, which used to work at smaller network spaces, has upgraded for wide area networks, and so have the risks relative to it because of the expected surge in IoT devices in a diversified environment.

Research challenges
The primary purpose of this research work is to explore the latest security solutions in the IoT. Besides this primary goal, sub-goals comprise identifying and characterizing the latest security risks in the IoT. Before that, it is important to address the recent research challenges in IoT-(1) Heterogeneity issue (2) Inter-connectivity

Research contribution
The work has been motivated to explore security concerns in IoT based devices due to different IoT applications. First, to understand IoT's security aspect, it is important to have prior knowledge about the infrastructure we are dealing with; thus, we have discussed IoT architecture and made a comparative analysis of protocols and standards used in IoT. Our second research contribution includes exploring all possible aspects of recent research being made in IoT security, which will prove beneficial in developing an IoT security framework. A thorough review presented in this survey focuses on prominent threats prevailing in current IoT systems, along with the latest security models proffered for the IoT environment in recent years. The purpose is to define security solutions in IoT's security requirements: confidentiality, integrity, authenticity, and trust management [16]. Our third research contribution comprises the identification and comparative analysis of prevalent protocols and standards in the IoT. We have addressed the updated innovations and standardization practices being used in IoT [17], classification of security issues in IoT based on the levels at which they affect the entire environment, and their relative solutions. Research findings show that IoT security solutions are addressed by using existing encryption techniques and novel security design models. The major security issues recognized are trust and integrity of communication. It was also revealed that IoT security challenges are enhanced by combining IoT with other networks such as SDN [18,19]. We also discovered a need for standardization at the manufacturing level, which shows the vulnerabilities at the hardware and software levels [20]. Inspections also revealed a need for protocols competent enough to accord for over one threat vector [21,22]. The research outcomes can help the IoT research community by integrating the safest appropriate security features in IoT-based devices.
The paper is organized as follows. Section 1, as discussed, is a brief introduction to the study. Section 2 presents a literature review of recent developments in IoT. Section 3 discusses IoT architecture along with the trending protocols and standards used in IoT. Section 4 discusses Security trends in IoT in detail. Section 5 states the result and discussion of the entire research study, and Sect. 6 concludes the complete survey work.

Literature review
Wireless network with embedded networking capability is the current Industrial trend worldwide. IoT is one of the main gainers of this networking domain. It has undergone a significant development by integrating Cloud services, providing SaaS, IaaS, and PaaS. IoT Commercial sectors have seen a major boom in the market during the last few years, as smart system demands grew manifold because of its rich feature and one-click-away services. Smart systems like Smart Home appliances, AI-based smart devices, smart home automation, smart vehicles, smart labs, etc., offer ease of living but too much dependability on them often leads to high risks. Figure 1 based on statista [23] report gives an estimated graph of the expected surge in IoT devices in the near future.
The technical report suggests IoT devices have become the new source hotspot for intrusion activities for the hackers as the protocols and standards existing on these devices are mainly lightweight protocols [24,25] and, on the other end, entities constituting it has more accessible access to the server [26]. These pose challenges to the Vol.:(0123456789) SN Applied Sciences (2021) 3:121 | https://doi.org/10.1007/s42452-021-04156-9 Review Paper technology as there is no proper addressing of the security for the latter. It is observed that threat structure is not confined to a particular layer in IoT architecture [27]. Former network practices of integrating network security features in IoT have/had degraded IoT systems' performance. Table 3 comprises a set of recent novel models proposed in the wake of advanced threat reports coming for IoT. We have defined the security parameter concerning which certain research work offers a security model pertaining to conventional security models.
The conventional model issue was-Inter-Compatibility among security tools deployed for IoT devices as they differed in Policy and implementation techniques and lack of Low-Powered device algorithms [28]. Recent research has proposed novel solutions using a different plethora of encryption methods and hardware-based methods [29] to overcome conventional security issues. Table 1 discusses some of these significant security models currently in research.
Xin Zhang and Fengtong Wen [30] proposes a novel anonymous user WSN authentication for the Internet of Things wherein two algorithmic models UDS (user-deviceserver) and USD (user-server-device), are constructed to ensure valid authentication for resolving trust centric threat models. This is a multi-functional method to provide security during the authentication process with lighter storage overheads, efficient communication costs, and faster computational speed. This work is limited in terms of the extent of the security solution provided, only for the lightweight sensor devices against the prominent network layer and physical layer based attacks. A clusterbased fuzzy logic implementation model is proposed by Mohammad Dahman Alshehri and Farookh Khadeer Hussain [31] and a secure messaging paradigm between IoT nodes where encrypted communication takes place utilizing hexadecimal values to cope with Port Scanning threats and other integrity specific vulnerabilities for AI-based IoT security solutions. This work effectively proffers the detection mechanism against the malicious IoT nodes present in the network, but risks pertaining to the data audit attack surface are not covered in this model. This study also falls short of addressing the performance analysis relative to communication costs and computation costs occurring in operation.
Priyanka et al. [13] propose a multi-stage security model making use of Elliptical curve cryptography (ECC) and fully homomorphic encryption (FHE) against cryptographic attacks, which ensures the integrity of the data transmitted in the IoT environment with less computation power. However, there is a lack of clearance on the increased data overheads generated during the process. Computational cost is another issue concerning this model. Regarding Industrial IoT, Munkenyi Mukhandi et al. [5] discusses the novel security solution for robotic communication from an Industrial IoT perspective using MQTT and Robot Operating System protocols. Two primary methods-data encryption and authentication have been used for this purpose, which has proved their efficiency in securing communication phases. This work gives valuable insight into the effectiveness of the cryptographic methods in securing communication channels. On the contrary part, this study states the inconsistency between the performance metrics and the cryptographic functions. Deep learning and Machine learning have made their insight in IoT environment with major products being Alexa, Echo, which abject the text commands and takes voice-over commands for action on a real-time basis. But issues have arisen pertaining to the data packet leaks, and thus for that perspective, a voice recognition application is proffered by Pooja Shree Singh and Vineet Khanna [32], which is based on Mel-frequency cepstral coefficients (MFCC) for user identification and authentication deployable in the IoT environment to ensure data integrity, confidentiality, and privacy security. This work is useful for securing voice-enabled IoT applications; however, large dependency on the hardware architecture required for the noise-free and quality input is its major down-point. IoT has struggled with access control-related problems ever since its arrival. To address this problem, Michail Sidorov et al. [10] proposed a novel secure ultra-lightweight RFID protocol targeted for integration in a supply chain management system that uses permissioned blockchain network along with encryption provided at different access levels. Performance analysis depicts promising results with lesser storage costs and high computational speed. This work is believed to impact secure IoT devices significantly; however, the entire setup cost is uncertain. Chen et al. [33] proffers a novel Low scale Denial-of-Service attack detection approach that encompasses Trust evaluation with Hilbert-Huang Transformation in Zigbee WSN to resolve security issues pertaining to a plethora of low energy devices becoming the target of the attacks. This work is useful in refining the attack surface due to its low rate signal detection method. It features scalable architecture as it covers both cloud computing and edge computing IoT devices, which is an advantage, but larger storage overheads remain an issue. Intrusion Detection Systems (IDS) are tasked with detecting and monitoring threat activities in the conventional network security domain [34]. Extension of which in IoT perspective is some proposed model like Snort [35], Suricata [36], and Bro [37]. Roesch [35] and Paxson [37] talks about the model resulting from pattern-matching monitoring. Suricata [36] is modeled on the semantic level matching of the network activities. Paradoxically, such models are designed for professional use and are not explicitly aimed proffers a voice recognition application based on Mel-frequency cepstral coefficients (MFCC) for user identification and authentication deployable in an IoT environment to ensure data integrity, confidentiality, and privacy Confidentiality, Integrity, and Privacy at the IoT environment in terms of protocol analysis availability. It targets such advancements for expert users but not a regular citizen who lacks knowledge of the whole framework technology's technical know-how. GHOST [38] is a Development project (Safeguarding home IoT environments with personalized real-time risk control) that challenges the conventional network security solutions for the IoT by proposing novel reference architecture. This model's feature is-embedded network environment in an adequately adapted smart home network gateway and is vendor-independent. The issues regarding this integrated model are many attacks like impersonation attacks, offline password attacks, and hardware-based anomaly attacks still pertain to pose a threat to the whole architecture.

Internet of Things: architecture
The Internet of Things covers a vast range of industries and uses cases that scale from uni-constrained node devices to large cross-platform deployments of embedded technologies and cloud systems connecting in real-time [39].
As discussed earlier, IoT operations are constructed out of three major functions, for example, transmitting, retrieving, and processing data. IoT is a technology comprising data exchange between heterogeneous devices that continuously stream information data among other peripheral devices.

Layered architecture
Internet of Things has a multi-layer and multi-plane architecture, as shown in Fig. 2. It comprises the following component sections-Device Management section, Application Interface section, and Communication plane. Application Interface Layer-Devices interact with underlying architecture via certain embedded interface modules like Arduino IDE, Raspberry Pi, sensors, actuators, etc., present in this architecture section.
Device Management Plane manages the device i/o functionalities by identifying the data's source and destination. For instance, Aggregator-is a centralized component that aggregates the data in fluxed from the devices.
Communication Layer-this layer is the intermediary layer that comprises switches and similar network units that define the communication protocols and standards

Communication protocols
Communication between the IoT devices is made feasible with certain standard protocols like MQTT (Message Queueing Telemetry Transport), AMQP, DDS, ZigBee, and LoRaWAN [40], etc. Such an environment needs to have some sort of standardized set of rules which initialize easier and is compatible enough for info sharing. Notably, the communication protocols of IoT are: [41]-one of the vastly used protocols in the IoT environment. Its low energy consumption capability makes it suitable for low energy devices. This protocol is based on Generic Attributes, and it operates via services and characteristics.

2) Message Queueing Telemetry Transport (MQTT) Protocol
[42]-it is the messaging protocol devised for lightweight IoT devices for transmitting and receiving data between sensor nodes. This protocol working is based upon three major components, namely-Publisher, Broker, and Subscriber. The publisher is the one that only transmits the data; the Broker is the intermediary MQTT server that analyzes the data being sent, and the request is identified for certain resources, and last, the subscriber, these components are the receiver of message coming from the broker. 3) Advanced Message Queueing Protocol (AMQP) [43]major features of AMQP protocol are-this is efficient, portable, multichannel, and secure. This binary protocol ensures authentication through SASL or TLS and relies on TCP. It is better suited for working in multiclient environments, as it supports multi-functions by making servers handle immediate requests faster. 4) Constrained Application Protocol (CoAP) [44]-as the name suggests, it is a constrained based environment protocol. This protocol's significant characteristics are-based on the REST API structure, designed for smart system applications, well-designed congestion control, cross-protocol integration, and many more.

5) Data Distribution Service (DDS) protocol [45]-It is an
IoT protocol developed for M2M (Machine to Machine) Communication. Data exchange is possible via the publish-subscribe method, as in MQTT and CoAP protocols, the only difference being that it is broker less architecture, unlike the latter ones. It uses multicast-ing to bring high-quality QoS to the applications. DDS protocol can be deployed from low footprint devices to the cloud.
Some other Protocols relative to the Internet of Things are specified in Table 2, highlighting the features and issues related to protocols' security. As observed, IoT protocols have provided frameworks for enabling easier adaptation of IoT in other existing wireless technology like cloud, edge computing, lightweight embedded systems. Although scalability, performance, and applicability are bettered with innovative protocols, security loopholes are left in the process, which will be discussed in the next section of this paper.

Security trends in Internet of Things
IoT, as seen in the above sections, is not confined to limited resources. New trending technologies like 5G [47,48], Block chaining [49], Quantum computing, and edge computing getting emulsified with the IoT have broadened the IoT's operational perspective. Figure 3 showcases the practical aftermath that each new technology brings and how it can affect IoT functionary. Heterogeneous physical devices like sensor nodes, actuators, gateways, switches, and other embedded system devices constitute this volatile environment. It does not confine the Internet of Things to networking principles; a major impact is made by the engineering behind the smart devices, which is the whole concept's backbone. Self-configuring devices that feature the M2M communication paradigm are the new invention in IoT. This setup makes nodes intelligent enough through algorithms and supplementary technology to self-decide the course of action in any condition [50,51]. It is beneficial in an emergency condition, rescue operations where it is a tedious task to configure the network for a particular region with little or no support from damaged nodes. But too much dependency on machines makes it vulnerable also, as machines are not foolproof. Today, specifically, adversaries exploit weak authentication, unpatched firmware, and credentials pertaining to authenticity that is vulnerable over the internet [52].

Security challenges
1) As observed from the table referring to the protocols and standards of IoT, the paradigm is most vulnerable in accessing requests, identifying third-party indulgence, and weak scalability compliance with security management. Various security challenges in IoT today pertaining to conventional network architecture are pointed out as-Heterogeneous Device Configura- tion-IoT devices' way of interaction with the physical world varies from the way conventional network devices used to do. Heterogenous nature IoT devices, while performing operations, ramify other networking components. As per NIST, they emphasized that IoTspecific privacy policies [53] and cyber controls must consider the fact relative to the ramifications made by IoT devices, which brings about changes to physical systems [54], eventually affecting the physical world. Thus, heterogeneity characteristics are a form of security issue [55]. 2) Dispersive Network Update Policy-IoT devices worldwide, be it in an organization or personal workspace, are managed through commonly distributed servers. Such IoT devices are accessed, managed, or monitored via a separate form of a rule engine, and security policy is also different for each device in the system. So, in regularization, all the devices need to be updated, which is a tedious, complex task for the organization. Issues faced are in the form of non-uniform rate of updation, additional switch leave behind some non-updated devices, or weakly configured nodes as keeping a check on millions of nodes requires time.
Intervention from a third party for support in the discussed issue can jeopardize the system's access control. Organizations that have geographically dispersed locations suffer cost-prohibitive and time-consuming issues and must be protected and updated.

3) Add-Ins Security Policy-Because
IoT was never modeled out for the provision of the security features. Additional plugins and security controls are appended over the IoT layered architecture for providing secure solutions. Thus, unlike the conventional network paradigm, the efficiency of security characteristics depends on the functioning capability of additional resources over IoT architecture. Client actions like how they opt for certain available security options also affect the IoT's security effectiveness. 4) Physical IoT threats-Physical security threats are real in physical IoT setups in industrial units, network-integrated healthcare systems, and network enterprise domains. Two main threat vector points are-Communication channels and the data audit functionaries [56]. Security challenges prevailing in the communication channel comprises trust management issues and authentication issues among the stakeholders, network entities, and the network mode itself through which the communication is taking place. Data Audit specific security challenges expose the weak security points prevailing during an enormous amount of data transmittance over the network and the IoT architecture's aggregator layer. Other physical security challenges involve manual or natural destruction to the sophisticated network components. In industrial systems, physical threats lie in the malfunctioning of the IoT equipment like robotics, sensors, and hardware devices that might adversely affect the physical entities [29]. 5) Exposure threat-End devices in IoT, like sensors and IP cameras that are installed in open environments, are the threat points that are not so hard for the adversary to get access to. This leads to physical-based attacks Fig. 3 IoT Attacks Classification [14] and proximity attacks, which compromise the user's authentication and integrity [57]. Security challenges pertaining to this issue lie in how architectural modification we can make in the protocol or the communication mechanism to secure such devices against the adversaries.

Classification of attacks in IoT
Recognizing potential threats in architecture based on behavior and target set is extremely important to devise security solutions. Many commercial firms have invested a vast amount of assets in securing their IoT-based network in recent development. Attacks on IoT are divided into two modules, as shown in Fig. 3 as: (2) Data-Based Attacks-Data based attacks include threats pertaining to the original data packets and messages traveling at node sites. Hash collision, DoS, Malicious Node VM creation, and Data exposure are some of its most afflicted security exploitations.

Classification of IoT attacks based on active and passive forms
Some prominent attacks based on active and passive forms are depicted in Table 3 shown below. The significance of such attacks in IoT security is that specific security solutions applied over the IoT environment for active and passive attacks tend to affect the network performance differently. Active attacks require state-of-the-art responsive security mechanisms to thwart the risk and impact network performance. On the other hand, defense mechanisms deployed for passive attacks are limited to monitoring tactics and thus have relatively less impact on the network's performance.
1) Denial of Service/Distributed Denial of Service attack [58]-In terms of IoT, DDoS is the prominent one as it affects the network's availability security parameter. Botnets are created to implement a DDoS attack that targets the sensor nodes or any weakly configured nodes in a physical environment. Gaining access from these weak points, infected packets from various sources traverses network data paths that finally congest the whole link architecture and make servers unavailable in the process. It is highly dangerous in energy transmission sectors, military communication, emergency operations, and finally, the worst affected is healthcare facilities. 2) Traffic sniffing attacks [59]-Traffic sniffing attack comes under the threat activity of active data gathering in which critical system info is captured and later utilized for attacks like botnet attack. Information assets like usernames, passwords, unencrypted data info, authentication type, and hardware details are scrutinized with advanced tools' assistance during such a penetration attack. Most IoT devices currently in the market are not so intelligent enough to mitigate such threats and easily become the target of such threats. 3) Masquerade attack [60]-this attack uses a fake network ID to gain unauthorized access to target node information via a legitimate access identification process. Devices with weak authorization processes are at high vulnerability risk. Such attacks perpetrate utilizing stolen passwords and user credentials by locating logical spaces within programs or finding alternatives to the existing authentication process. Access levels through masquerade attacks depend on the level of authorization the penetrator attains. 4) Message Replay attack [61]-A replay attack can be organized in three steps-eavesdropping on the secure communication link between IoT devices or Gateway, Interception of the acknowledgments or connection establishment components, and fraudulent misdirection or delays through the replay of the message. It affects the normal working of the devices in the network, making them implement functions that they are not supposed to, or the result is directed in the way an attacker wants them to. It is easier to implement as, after packet seizing, further steps do not need advanced skills for message decryption because the entire message can be replayed to gain access to the server. 5) Port Scanning-Port scanning has the following components-SYN requests, target port, source, firewall, packets, open nodes, and listening nodes [62]. The commonly used method is SYN scans, which involve establishing a partial connection to the host node present on the target port by transmitting an SYN packet for the host system's initial response evaluation.
Case 1 when the request packet is not scrutinized properly by firewall policies, then an SYN/ACK packet is transmitted from the host. Case 2 otherwise, an RST packet is sent by the host if the port is closed.

Security solutions
The latest IoT security solutions are more directed towards software-centric security methods [63] than conventional security, which was tool-centric. Authentication, trust, and integrity of the communication channel among IoT devices are the critical security parameters pertaining to which modern solutions are addressed. Though still at the current level, IoT lacks in supporting high-powered devices and is not compatible enough for coping up with increasing heterogeneous entities.

Comparative analysis of IoT protocols
Protocol analysis is shown in Table 4. Integrating IoT with other future budding technology like SDN for better scalability, node management, security policy, and reliability poses new security challenges to IoT. As depicted in Table 4, the protocols reviewed are low on energy consumption, but the security issue varies on different parameters. Of course, these protocols' performance factor has improved, but that has exposed the weak loopholes in the rules flows.
CoAP protocol supports the DTLS security mechanism and has spontaneous support in the form of IPSec. The transient phase remains secure in this, but the load based attacks like a botnet and DDoS attacks remain the security issues [64,65].
MQTT protocol provides Transport layer-based security support or the Secured Socket security layer for safe transient phases. Issues arise in malicious node subscription attacks and, again, the botnet attacks [62].
EnOcean [66] secures the nodes in their environment by providing a unique rolling code key encryption technique.
Cons are problems in the synchronization of codes and the privacy of the key used.
SigFOX [9] gives security support via several security solutions like tough firewall, hardware security module, public key infrastructure, and on-the-go security dispatching security solution, which proves beneficial for the dynamic IoT setup environment. It is a Virtual Security paradigm. Issues lie in weak Payload encryption. In terms of energy consumption, almost every novel protocol has low energy consumption values, which is a promising feature as it will perform better in a high-density network and thus enhance network performance.

Comparative analysis of IoT security models
As discussed earlier in Sect. 2, security models have proposed a unique plethora of securing IoT environments. A comparative analysis is done to determine their effectiveness in satisfying the IoT network's basic security requirements, as depicted in Table 5. In this analysis, we investigate the parameters of the technique used and the security requirements satisfied by each one of them. Security requirements adjudged here are the basic Confidentiality (C), Integrity (I), and Availability (A) and Trust management (T) among nodes and Authenticity (Ay). The dual authentication model proposed by Xin Zhang and Fengtong Wen [30] excels in satisfying authentication and trust security requirements via the usage of UDS and USD WSN authentication models but lacks in CIA requirements, which exposes it to botnet attacks and DDoS attacks, sniffing attacks, and tracking.
Security solution proffered by Mohammad Dahman Alshehri and Farookh Khadeer Hussain [31] satisfies CT security requirements. Still, it has weak immunity towards A, I, Ay sans security exploitations like Relay attacks, Man in the Middle Attacks, DDoS, and viruses.
Security methods implied by Priyanka et al. [13], Munkenyi Mukhandi et al. [5], and Pooja Shree Singh and Vineet Khanna [32] have security provisions for Integrity security requirements, but the model proposed by Munkenyi Mukhandi et al. [5] having additional provisions for authenticity in Industrial IoT environment robotic setups where encryption mechanisms are integrated using MQTT protocols. Priyanka et al. [13] has proposed strong cryptographic securing methods to avert the Integrity based attacks. Security solution proffered by Pooja Shree Singh and Vineet Khanna [32] implies MFCC security coefficients to ensure the confidentiality and integrity security requirements. In Hongsong Chen et al. [33] proffered model, availability and trust security requirements are satisfied by Hilbert-Huang transformation but are exploitable in C, I, and Ay security parameters.

Result and discussion
The result derived from the aforementioned comparative analysis states that protocol-based security solutions cover up most of the IoT attack surfaces. Protocols like COAP and DDS protocols provide effective immunity against the prominent attack like DDoS attack and botnet attacks through secured means applied over Data Link and Transport layers. Novice methods are derived in the case of SigFOX and EnOcean novel protocols that avert new threat issues like unsynchronous code definition and weak payload encryption threats through a unique encryption method. MQTT and BLE, the lightweight protocols, have also emerged to provide an effective solution against the threats relative to malicious node and Man in the middle attacks. To avert the modifications brought in the IoT devices through physical attacks, there is a provision of Physically Unclonable Function [67] protocols that are imbibed in the specially designed PUF chip mounted on the IoT devices. Its unique authentication mechanism based on the PUFs makes it a formidable option against threats borne out of physical attacks. Similarly, based on these protocols and standards, the comparative analysis is projected for the security models. Security models depict the novel usage of encryption methods, machine learning methods [68], blockchain [69], and socket programming to ensure the confidentiality, integrity, authenticity, availability, and trust-based security requirements in the IoT environment. Divisive security management proves to be beneficial for easier management of the security methods, A multi-level data encryption method ✓ ✓ [24] Mathematical evaluation method ✓ ✓ [20] Block chain-based authentication method ✓ [26] Cryptographic based data encryption method ✓ ✓ [27] Socket programming ✓ ✓ ✓ as well as enhances the effectiveness in most of the proffered solutions.

Conclusion
This work highlighted the recent security trends in the IoT network domain by surveying the newly proffered models, protocols, and encryption methods implied in securing the IoT network. Our research findings on security risks in IoT emphasize the extension of the attack surface of the IoT threats and vulnerabilities in protocol-based and data-based attacks, which conveys the fact that conventional means are no longer as efficient as they were earlier against dynamic attacks prevalent in heterogeneous IoT environments like malicious node, DDoS attack, and botnet attacks. Investigations of contemporary research models show that majority of security solutions are sought through the implication of alternative forms of encryption methods, which have proved to be effective in securing communication channel attack surfaces in IoT and promoting lower energy consumption in the process. Integration of technologies like machine learning, artificial intelligence-based fuzzy logic methods, elliptical cryptographic functions, and blockchain has assisted in firming the security of the IoT networks. On the negative side, it has increased the complexity factor of the entire system. Because of the high level of abstraction of such complex solutions, the transparency in the intent of security provisions has decreased. In this work, efforts have been made to address the evolution of existing communication technologies, protocols, and internationally accepted worldwide standards, relentless efforts that have been (and are being) made by the scientific researchers globally in antecedent discussed topics. Still, there is always a scope of exploration.
Author contributions Rachit has done the major work under the supervision of-SB and PRR.
Code availability Not applicable.

Compliance with ethical standards
Conflict of interest The authors declare that they have no conflict of interest.

Availability of data and material Not applicable.
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creat iveco mmons .org/licen ses/by/4.0/.