Abstract
Even though internet of things is a hybrid platform of the overlay network such as the internet, cloud computing, fog, or edge, many security solutions for the above-mentioned networks cannot be directly used on the resource-constrained devices of the IoT, hence the need for new security solutions. Security is one of the most important problems for IoT technologies, applications, and platforms. Security is not an issue that can be treated independently. Security has to be designed and built in each layer of the IoT solutions (from the device layer to the application layer). IoT security is not only about securing the network and data; it goes beyond that to attacks which can target human health or life. In this chapter, we discuss the security challenges of the IoT. First, we discuss some basic concepts of security and security requirements in the context of IoT. Then, we consider fundamental security issues in the IoT and thereafter highlight the security issues that need immediate attention.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
J. Gubbi, R. Buyya, S. Marusic, M. Palaniswami, Internet of things (IoT): a vision, architectural elements, and future directions. Futur. Gener. Comput. Syst. 29(7), 1645–1660 (2013)
J.M. Batalla, G. Mastorakis, C.X. Mavromoustakis, E. Pallis, Beyond the Internet of Things (Springer, Switzerland, 2017)
M. Díaz, C. Martín, B. Rubio, State-of-the-art, challenges, and open issues in the integration of internet of things and cloud computing. J. Netw. Comput. Appl. 67, 99–117 (2016)
C. Perera, A. Zaslavsky, P. Christen, D. Georgakopoulos, Context aware computing for the internet of things: a survey. IEEE Commun. Surveys Tuts. 16(1), 414–454 (2014)
M. Zorzi, A. Gluhak, S. Lange, A. Bassi, From today’s intranet of things to a future internet of things: a wireless- and mobility-related view. IEEE Wirel. Commun. 17(6), 44–51 (2010)
B. Gupta, M. Quamara, An overview of internet of things (IoT): architectural aspects, challenges, and protocols. Concurrency Comput.: Pract. Exp., e4946
T. Heer, O. Garcia-Morchon, R. Hummen, S.L. Keoh, S.S. Kumar, K. Wehrle, Security challenges in the IP-based internet of things. Wirel. Pers. Commun. 61(3), 527–542 (2011)
D.E. Kouicem, A. Bouabdallah, H. Lakhlef, Internet of things security: a top-down survey. Comput. Netw. 141, 199–221 (2018)
S. Babar, A. Stango, N. Prasad, J. Sen, R. Prasad, Proposed embedded security framework for internet of things (IoT). in 2011 2nd International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE), Chennai, India, 28 February–3 March 2011, pp. 1–5
N. AlAssaf, B. AlKazemi, A. Gutub, Applicable light-weight cryptography to secure medical data in IoT systems. J. Res. Eng. Appl. Sci. (JREAS) 2(2), 50–58 (2017, April)
F.A. Alaba, M. Othman, I.A.T. Hashem, F. Alotaibi, Internet of things security: a survey. J. Netw. Comput. Appl. 88, 10–28 (2017)
H. Suo, J. Wan, C. Zou, J. Liu, Security in the internet of things: a review. in 2012 International Conference on Computer Science and Electronics Engineering (ICCSEE), vol. 3, 23–25 March 2012, pp. 648–651
K.T. Nguyen, M. Laurent, N. Oualha, Survey on secure communication protocols for the internet of things. Ad Hoc Netw. 32, 17–31 (2015)
L. Zhou, H.-C. Chao, Multimedia traffic security architecture for the internet of things. IEEE Netw. 25(3), 35–40 (2011)
R. Roman, J. Zhou, J. Lopez, On the features and challenges of security and privacy in distributed internet of things. Comput. Netw. 57(10), 2266–2279 (2013)
S. Babar, P. Mahalle, A. Stango, N. Prasad, R. Prasad, Proposed security model and threat taxonomy for the internet of things (IoT). in International Conference on Network Security and Applications (Springer, Berlin, Heidelberg, 2010), pp. 420–429
M.U. Farooq, M. Waseem, A. Khairi, S. Mazhar, A critical analysis on the security concerns of internet of things (IoT). Int. J. Comput. Appl. 111(7), 1–6 (2015)
R. Mahmoud, T. Yousuf, F. Aloul, I. Zualkernan, Internet of things (IoT) security: current status, challenges and prospective measures. in 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), London, UK, 14–16 December 2015, pp. 336–341
N. Ahmed, S.S. Kanhere, S. Jha, The holes problem in wireless sensor networks: a survey. ACM SIGMOBILE Mob. Com. Commun. Rev. 9(2), 4–18 (2005)
I. Andrea, C. Chrysostomou, G. Hadjichristofi, Internet of things: security vulnerabilities and challenges. in 2015 IEEE Symposium on Computers and Communication (ISCC), Larnaca, Cyprus, 6–9 July 2015, pp. 180–187
D.G. Padmavathi, M. Shanmugapriya, A survey of attacks, security mechanisms and challenges in wireless sensor networks. Int. J. Comput. Sci. Inf. Secur. 4(1–2), 1–9 (2009)
X. Xingmei, Z. Jing, W. He, Research on the basic characteristics, the key technologies, the network architecture and security problems of the internet of things. in 2013 3rd International Conference on Computer Science and Network Technology (ICCSNT), Dalian, China, 12–13 October 2013, pp. 825–828
J. Lin, W. Yu, N. Zhang, X. Yang, H. Zhang, W. Zhao, A survey on internet of things: architecture, enabling technologies, security and privacy, and applications. IEEE Internet Things J. 4(5), 1125–1142 (2017)
Q. Jing, A.V. Vasilakos, J. Wan, J. Lu, D. Qiu, Security of the internet of things: perspectives and challenges. Wirel. Netw 20(8), 2481–2501 (2014)
B.B. Gupta, A. Tewari, A.K. Jain, D.P. Agrawal, Fighting against phishing attacks: state of the art and future challenges. Neural Comput. & Applic. 28(12), 3629–3654 (2017)
B.S. Thakur, S. Chaudhary, Content sniffing attack detection in client and server side: a survey. Int. J. Adv. Comput. Res. 3(2), 7 (2013)
S. Rizvi, A. Kurtz, J. Pfeffer, M. Rizvi, Securing the internet of things (IoT): a security taxonomy for IoT. in 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), New York, NY, 1–3 August 2018, pp. 163–168
M. Nobakht, V. Sivaraman, R. Boreli, A host-based intrusion detection and mitigation framework for smart home IoT using OpenFlow. in 2016 11th International Conference on Availability, Reliability and Security (ARES), Salzburg, Austria, 31 August–2 September 2016, pp. 147–156
S. Raza, L. Wallgren, T. Voigt, SVELTE: real-time intrusion detection in the internet of things. Ad Hoc Netw. 11(8), 2661–2674 (2013)
H.H. Pajouh, R. Javidan, R. Khayami, D. Ali, K.-K.R. Choo, A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks. IEEE Trans. Emerg. Top. Comput. PP(99), 1 (2016)
P. Kasinathan, C. Pastrone, M.A. Spirito, M. Vinkovits, Denial-of-Service detection in 6LoWPAN based internet of things. in 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), Lyon, France, 7–9 October 2013, pp. 600–607
B.B. Zarpelão, R.S. Miani, C.T. Kawakani, S.C. de Alvarenga, A survey of intrusion detection in internet of things. J. Netw. Comput. Appl. 84, 25–37 (2017)
D. Oh, D. Kim, W.W. Ro, A malicious pattern detection engine for embedded security systems in the internet of things. Sensors 14(12), 24188–24211 (2014)
X. Yang, J. Lin, W. Yu, P.-M. Moulema, X. Fu, W. Zhao, A novel en-route filtering scheme against false data injection attacks in cyber-physical networked systems. IEEE Trans. Comput. 64(1), 4–18 (2015)
S.U. Maheswari, N. Usha, E.M. Anita, K.R. Devi, A novel robust routing protocol RAEED to avoid DoS attacks in WSN. in 2016 International Conference on Information Communication and Embedded Systems (ICICES), Chennai, India, 25–26 February 2016, pp. 1–5
M.-C. Chuang, J.-F. Lee, TEAM: trust-extended authentication mechanism for vehicular ad hoc networks. IEEE Syst. J. 8(3), 749–758 (2014)
H. Khemissa, D. Tandjaoui, A novel lightweight authentication scheme for heterogeneous wireless sensor networks in the context of internet of things, in 2016 Wireless Telecommunications Symposium (WTS), (IEEE, 2016), pp. 1–6
A. Jacobsson, P. Davidsson, Towards a model of privacy and security for smart homes. in 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT), Milan, Italy, 14–16 December 2015, pp. 727–732
A. GhaffarianHoseini, N.D. Dahlan, U. Berardi, A. GhaffarianHoseini, N. Makaremi, The essence of future smart houses: from embedding ICT to adapting to sustainability principles. Renew. Sust. Energ. Rev. 24, 593–607 (2013)
J.L. Fernández-Alemán, I.C. Señor, P.Á.O. Lozoya, A. Toval, Security and privacy in electronic health records: a systematic literature review. J. Biomed. Inform. 46(3), 541–562 (2013)
S. Vashi, J. Ram, J. Modi, S. Verma, C. Prakash, Internet of things (IoT): a vision, architectural elements, and security issues. in 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC), Palladam, India, 10–11 February 2017, pp. 492–496
X. Fang, S. Misra, G. Xue, D. Yang, Smart grid—the new and improved power grid: a survey. IEEE Commun. Surveys Tuts. 14(4), 944–980 (2012)
S.S.S.R. Depuru, L. Wang, V. Devabhaktuni, N. Gudi, Smart meters for power grid—challenges, issues, advantages and status. in 2011 IEEE/PES Power Systems Conference and Exposition, Phoenix, AZ, 20–23 March 2011, pp. 1–7
M.A. Faisal, Z. Aung, J.R. Williams, A. Sanchez, Data-stream-based intrusion detection system for advanced metering infrastructure in smart grid: a feasibility study. IEEE Syst. J. 9(1), 31–44 (2015)
K. Sha, N. Alatrash, Z. Wang, A secure and efficient framework to read isolated smart grid devices. IEEE Trans. Smart Grid 8(6), 2519–2531 (2017)
K. Sha, W. Wei, T.A. Yang, Z. Wang, W. Shi, On security challenges and open issues in internet of things. Futur. Gener. Comput. Syst. 83, 326–337 (2018)
D. Wu, B. Yang, R. Wang, Scalable privacy-preserving big data aggregation mechanism. Digit. Commun. Netw. 2(3), 122–129 (2016)
C.-W. Tsai, C.-F. Lai, M.-C. Chiang, L.T. Yang, Data mining for internet of things: a survey. IEEE Commun. Surveys Tuts. 16(1), 77–97 (2014)
Z.-K. Zhang, M.C.Y. Cho, C.-W. Wang, C.-W. Hsu, C.-K. Chen, S. Shieh, IoT security: ongoing challenges and research opportunities. in 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications (SOCA), Matsue, Japan, 17–19 November 2014, pp. 230–234
S. Radomirovic, Towards a model for security and privacy in the internet of things, in 1st International Workshop on the Security of the Internet of Things (SecIoT’10), (Tokyo, Japan, 2010)
J.H. Ziegeldorf, O.G. Morchon, K. Wehrle, Privacy in the internet of things: threats and challenges. Secur. Commun. Netw. 7(12), 2728–2742 (2014)
G. Liu, Z. Yan, W. Pedrycz, Data collection for attack detection and security measurement in mobile ad hoc networks: a survey. J. Netw. Comput. Appl. 105, 105–122 (2018)
J.S. Kumar, D.R. Patel, A survey on internet of things: Security and privacy issues. Int. J. Comput. Appl. 90(11), 20–26 (2014)
R.H. Weber, Internet of things: privacy issues revisited. Comput. Law Secur. Rev. 31(5), 618–627 (2015)
A. Riahi, Y. Challal, E. Natalizio, Z. Chtourou, A. Bouabdallah, A systemic approach for IoT security. in 2013 IEEE International Conference on Distributed Computing in Sensor Systems (DCOSS), Cambridge, MA, 20–23 May 2013, pp. 351–355
S. Sicari, A. Rizzardi, L.A. Grieco, A. Coen-Porisini, Security, privacy and trust in internet of things: the road ahead. Comput. Netw. 76, 146–164 (2015)
Z. Yan, P. Zhang, A.V. Vasilakos, A survey on trust management for internet of things. J. Netw. Comput. Appl. 42, 120–134 (2014)
A. Akhunzada et al., Secure and dependable software defined networks. J. Netw. Comput. Appl. 61, 199–221 (2016)
L. Atzori, A. Iera, G. Morabito, The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)
F. Bao, R. Chen, Trust management for the internet of things and its application to service composition. in 2012 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM), San Francisco, CA, 25–28 June 2012, pp. 1–6
E.M. Daly, M. Haahr, Social network analysis for information flow in disconnected delay-tolerant MANETs. IEEE Trans. Mob. Comput. 8(5), 606–621 (2009)
F. Bao, R. Chen, J. Guo, Scalable, adaptive and survivable trust management for community of interest based internet of things systems. in 2013 IEEE Eleventh International Symposium on Autonomous Decentralized Systems (ISADS), Mexico City, Mexico, 6–8 March 2013, pp. 1–7
G.M. Køien, Reflections on trust in devices: an informal survey of human trust in an internet-of-things context. Wirel. Pers. Commun. 61(3), 495–510 (2011)
Y. Ding, X.-w. Zhou, Z.-m. Cheng, F.-h. Lin, A security differential game model for sensor networks in context of the internet of things. Wirel. Pers. Commun. 72(1), 375–388 (2013)
G. Gan, Z. Lu, J. Jiang, Internet of things security analysis. in 2011 International Conference on Internet Technology and Applications (iTAP), Wuhan, China, 16–18 August 2011, pp. 1–4
A. Akbarzadeh, M. Bayat, B. Zahednejad, A. Payandeh, M.R. Aref, A lightweight hierarchical authentication scheme for internet of things. J. Ambient. Intell. Humaniz. Comput. 9, 1–13 (2018)
L. Zhou, X. Li, K.-H. Yeh, C. Su, W. Chiu, Lightweight IoT-based authentication scheme in cloud computing circumstance. Futur. Gener. Comput. Syst. 91, 244–251 (2019)
G. Sharma, S. Kalra, A lightweight multi-factor secure smart card based remote user authentication scheme for cloud-IoT applications. J. Inf. Secur. App. 42, 95–106 (2018)
H. Sardeshmukh, D. Ambawade, A DTLS based lightweight authentication scheme using symmetric keys for internet of things. in 2017 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), Chennai, India, 22–24 March 2017, pp. 2183–2188
Z. Mahmood, H. Ning, A. Ghafoor, Lightweight two-level session key management for end user authentication in internet of things. in iThings/GreenCom/CPSCom/SmartData, Chengdu, China, 15–18 December 2016, pp. 323–327
G.L. dos Santos, V.T. Guimarães, G. da Cunha Rodrigues, L.Z. Granville, L.M R. Tarouco, A DTLS-based security architecture for the internet of things. in 2015 IEEE Symposium on Computers and Communication (ISCC), Larnaca, Cyprus, 6–9 July 2015, pp. 809–815
S. Jebri, M. Abid, A. Bouallegue, An efficient scheme for anonymous communication in IoT. in 2015 11th International Conference on Information Assurance and Security (IAS), Marrakech, Morocco, 14–16 December 2015, pp. 7–12
K. Yoshigoe, W. Dai, M. Abramson, A. Jacobs, Overcoming invasion of privacy in smart home environment with synthetic packet injection. in 2015 TRON Symposium (TRONSHOW), Tokyo, Japan, 9–10 December 2015, pp. 1–7
J. Ma, Y. Guo, J. Ma, J. Xiong, T. Zhang, A hierarchical access control scheme for perceptual layer of IoT, Jisuanji Yanjiu yu Fazhan. Comput. Res. Dev. 50(6), 1267–1275 (2013)
C. Hu, J. Zhang, Q. Wen, An identity-based personal location system with protected privacy in IoT. in 2011 4th IEEE International Conference on Broadband Network and Multimedia Technology (IC-BNMT), Shenzhen, China, 28–30 October 2011, pp. 192–195
S. Papadopoulos, Y. Yang, D. Papadias, CADS: Continuous authentication on data streams. in Proceedings of the 33rd International Conference on Very Large Data Bases, Vienna, Austria, 23–28 September 2007, pp. 135–146
S. Papadopoulos, G. Cormode, A. Deligiannakis, M. Garofalakis, Lightweight authentication of linear algebraic queries on data streams. in Proceedings of the 2013 ACM SIGMOD International Conference on Management of Data, New York, NY, 22–27 June 2013, pp. 881–892
X. Huang, R. Fu, B. Chen, T. Zhang, A. Roscoe, User interactive internet of things privacy preserved access control. in 2012 International Conference for Internet Technology And Secured Transactions, London, UK, 10–12 December 2012, pp. 597–602
R.V. Nehme, E.A. Rundensteiner, E. Bertino, A security punctuation framework for enforcing access control on streaming data. in 2008 IEEE 24th International Conference on Data Engineering, ICDE 2008, Cancun, Mexico, 7–12 April 2008, pp. 406–415
R.V. Nehme, E.A. Rundensteiner, E. Bertino, Tagging stream data for rich real-time services. Proc. VLDB Endowment 2(1), 73–84 (2009)
B. Carminati, E. Ferrari, K.L. Tan, Enforcing access control over data streams. in Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, Sophia Antipolis, France, 20–22 June 2007, pp. 21–30
B. Carminati, E. Ferrari, J. Cao, K.L. Tan, A framework to enforce access control over data streams. ACM Trans. Inf. Syst. Secur. (TISSEC) 13(3), 28 (2010)
Y.L. Zhao, Research on data security technology in internet of things. Appl. Mech. Mater. 433, 1752–1755 (2013)
H. Aldowah, S.U. Rehman, I. Umar, Security in internet of things: issues, challenges and solutions. in International Conference of Reliable Information and Communication Technology (Springer, Cham, 2018), pp. 396–405
C. Modi, D. Patel, B. Borisaniya, H. Patel, A. Patel, M. Rajarajan, A survey of intrusion detection techniques in cloud. J. Netw. Comput. Appl. 36(1), 42–57 (2013)
M. Harbawi, A. Varol, An improved digital evidence acquisition model for the internet of things forensic I: a theoretical framework. in 2017 5th International Symposium on Digital Forensic and Security (ISDFS), Tirgu Mures, Romania, 26–28 April 2017, pp. 1–6
A. Dehghantanha, K. Franke, Privacy-respecting digital investigation. in 2014 Twelfth Annual International Conference on Privacy, Security and Trust (PST), Toronto, ON, 23–24 July 2014, pp. 129–138
S. Watson, A. Dehghantanha, Digital forensics: the missing piece of the internet of things promise. Comput. Fraud Secur. 2016(6), 5–8 (2016)
M. Moh, R. Raju, Machine learning techniques for security of internet of things (IoT) and fog computing systems. in 2018 International Conference on High Performance Computing & Simulation (HPCS), Orleans, France, 16–20 July 2018, pp. 709–715
S. Deering, R. Hinden, Internet protocol, version 6 (IPv6) specification. 2070–1721 (2017)
R. Roman, P. Najera, J. Lopez, Securing the internet of things. Computer 44(9), 51–58 (2011)
M. Rostami, M. Majzoobi, F. Koushanfar, D.S. Wallach, S. Devadas, Robust and reverse-engineering resilient PUF authentication and key-exchange by substring matching. IEEE Trans. Emerg. Top. Comput. 2(1), 37–49 (2014)
L. Bolotnyy, G. Robins, Physically unclonable function-based security and privacy in RFID systems. in Fifth Annual IEEE International Conference on Pervasive Computing and Communications, 2007. PerCom'07, White Plains, NY, 19–23 March 2007, pp. 211–220
J. Delvaux, I. Verbauwhede, Side channel modeling attacks on 65nm arbiter PUFs exploiting CMOS device noise. in 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), Austin, TX, 2–3 June 2013, pp. 137–142
K. Sha, R. Errabelly, W. Wei, T.A. Yang, Z. Wang, EdgeSec: design of an edge layer security service to enhance IoT security. in 2017 IEEE 1st International Conference on Fog and Edge Computing (ICFEC), Madrid, Spain, 14–15 May 2017, pp. 81–88
L. Sweeney, K-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzz. Knowledge-Based Syst. 10(05), 557–570 (2002)
K. Sha, C. Xu, Z. Wang, One-time symmetric key based cloud supported secure smart meter reading. in 2014 23rd International Conference on Computer Communication and Networks (ICCCN), Shanghai, China, 4–7 August 2014, pp. 1–6
J. Singh, T. Pasquier, J. Bacon, H. Ko, D. Eyers, Twenty security considerations for cloud-supported internet of things. IEEE Internet Things J. 3(3), 269–284 (2015, June)
P. Hu, A system architecture for software-defined industrial internet of things. in 2015 IEEE International Conference on Ubiquitous Wireless Broadband (ICUWB), Montreal, QC, 4–7 October 2015, pp. 1–5
A. Bahga, V.K. Madisetti, Blockchain platform for industrial internet of things. J. Softw. Eng. Appl. 9(10), 533 (2016)
K. Christidis, M. DevetsikIoTis, Blockchains and smart contracts for the internet of things. IEEE Access 4, 2292–2303 (2016)
M.M. Hossain, M. Fotouhi, R. Hasan, Towards an analysis of security issues, challenges, and open problems in the internet of things. in 2015 IEEE World Congress on Services (SERVICES), New York, NY, 27 June–2 July 2015, pp. 21–28
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Jabraeil Jamali, M.A., Bahrami, B., Heidari, A., Allahverdizadeh, P., Norouzi, F. (2020). IoT Security. In: Towards the Internet of Things. EAI/Springer Innovations in Communication and Computing. Springer, Cham. https://doi.org/10.1007/978-3-030-18468-1_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-18468-1_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-18467-4
Online ISBN: 978-3-030-18468-1
eBook Packages: EngineeringEngineering (R0)