A Survey on Security of IOT

May 24, 2021

Contents
Abstract…………………………………………………..……………………………………4

1.0 Introduction…………………………………..……………………………………………5

1.1 General Overview ...................................................................................................5

1.2 Background Information .........................................................................................6

2.0 Problem Statement ...............................................................................................................7

2.1 Research Purpose.....................................................................................................7

2.2 Research Motivation ...............................................................................................7

2.3 Research Questions .................................................................................................7

2.4 Research Significance..............................................................................................8

 2.5 Operational Definitions............................................................................................8

2.6 Hypotheses................................................................................................................8

2.7 Limitations of the Scope............................................................................................8

3.0 Literature Review................................................................................................................9

3.1 IOT Architecture and Security Architecture…..…….............................................9

3.2 IOT Security Features ..….…………………………….………………………...12

3.3 The Security Problems of IOT……………………………………………………13

4.0 Conclusion .........................................................................................................................19

5.0 References ..........................................................................................................................19

List of Tables
1. IOT Architecture and Security Architecture……..……………………….………..……..11

2. IOT Security Features ………….………………………….………………………………13

3. The Security Problems of IOT ……………………………………….………….………..15

List of Figures
1. Architecture and Requirements of IOT …..………………………………………...……..14

2
Abstract

Internet of Things (IoT) is an increasingly popular technology that enables physical devices,
vehicles, home appliances to communicate and even interoperate with each other, it has been
widely used in the industrial productions and social applications including smart home, healthcare,
and industrial automation systems. This survey defines the concept of IoT, Discussing the security
and privacy of four IoT features including the threats they cause and the challenges, and illustrate
the development trend of IoT.

Within this research study, the most important researches on security issues, challenges in IoT
system environment, technologies used to overcome these security concerns, characteristics of the
IoT systems, and on IoT security architecture have been summarized.

3
1.0 Introduction

1.1 General Overview

Internet and its applications have become an integral part of today's human lifestyle, it has become
an essential tool in every aspect (Sharma et al. 2019). They also elaborated that, "the Internet of
Things (IoT) concepts were proposed years back but still in the initial stage of commercial
deployment". Human beings' quest for making comfortable life is due to their curiosity about the
technical arena (Sharma et al. 2019). Zhou, W. et al. (2019) discussed the same concept in another
method when they stated that, " Internet of Things (IoT) is an increasingly popular technology that
enables physical devices, vehicles, home appliances, etc., to communicate and even inter operate
4
with one another". Growing interest in the Internet of Things (IoT) and the rapid development of
wearable devices enhanced the development of ubiquitous computing with services aimed to
making our lives more convenient. From Zhao, K. and Ge, L. (2013) point of view, the Internet of
Things (IoT) represents different information sensing devices and technologies such as sensors,
GPSs (Global Position Systems), infrared sensors, and laser scanners.

The Internet of Things provides high-level connectivity of devices and systems due to the growth in
all aspects like wireless networks (Ye & Qian 2017). The Internet of Things devices is being
deployed in many applications that concern humanity in many parts of our lives like offices,
buildings, cities, and so on (Tejasvi Alladi 2017). A recent concept called the Internet of Things
assumes that all items connect to the internet over tools with a telecommunication system. The
increasing range of the Internet of Things (IoT) is necessary to work together for more high-quality
performance (Sharma et al. 2019). In the IoT, "they need to provide good services to humans in all
aspects" (Sharma et al. 2019). So, We are increasingly in a connected World (Julia Rauscher 2018).
According to the industry 4.0 standards, the industrial Internet of Things (IoT) constitutes an
enormous sense of sensing, computing, communication, networking, and storage technologies,
representing a core subset of industry 4.0 systems plethora (Rehman et al. 2018). The Information
and Communications Technology (ICT) systems have deployed significantly in different areas
because their platforms provide faster information exchange, reduce cost and increase productivity.
The Internet of Things has Appeared as an area of incredible impact, potential, and growth with
Ciscio Inc (Sharma et al. 2019). Over the last few years, (IoT) is distributed as a new technology
globally. The infrastructure of (IoT ) had deployed to modify the model of communication between
devices and humans to exchange a vast amount of information (Sharma et al. 2019). Today is the
era of the Internet of Things, the last deployment in hardware and information technology have
accelerated billions of interconnected, intelligent, and adaptive devices in critical infrastructures
like health, transportation, environmental control, and home automation. Things are a well-known
paradigm that defines a dynamic environment of interrelated computing devices with different
seamless connectivity and data transfer. IoT is one of the most revolutionary technologies in
modern wireless communication (Boursianis et al. 2020). The Internet of Things-centric concepts
like augmented reality, high-resolution video streaming, self-driven cars, innovative environment,
E-health care have a presence anywhere (Shafique et al. 2020).

5
1.2 Background Information

The internet of thing is a collection of connected physical devices that exchange data about
themselves and their environment and may act. To understand IoT security issues, firstly need to
examine the components of the IoT, the information network (the original network and the global

6
network, and interoperability between them). The ecosystem has five main parts: IOT devices,
coordinator, sensor bridge, IOT services, and controller.

IoT device : the IoT device consists of sensors and actors, communication interface, operating
system , system software, preloaded application, and lightweight services, the primary
responsibility of anything innovative is to collect contextual information using sensors and perform
actions using agents, Coordinator A coordinator device works in the intelligent stuff manager, one
device works under one coordinator, the central role of the coordinator is to monitor health and
activities, also sends an aggregated report of their actions and events to the IoT service provider,
sensor bridge Also called multi-protocol device /IOT gateway its works as a hub between the local
network and IoT cloud services, also works as a bridge between asymmetric local IoT networks
(Rwan Mahmoud 2015). IoT services and controller Typically, IoT services are hosted on the
cloud, So that users can access IoT objects anytime and anywhere; significant tasks include the IoT
process automation, device management, decision making, controller IoT devices are controlled
using controllers, For example, the user may use a mobile phone to issue an order for smart home
devices or remotely (Hossain et al. 2015).

7
2.0 Problem Statement:

The issue of Internet of Things security The work of many researchers in this field, and they
presented some proposed solutions and techniques to protect the security and integrity of the entire
Internet of Things ecosystem, including IoT devices and the Internet of Things architecture, in
addition to some of the challenges that you have faced, and it is also a topic that we discussed in
this paper:

2.1 Research Purpose.

The security and safety of the Internet of things is one of the most critical issues that affect the
world of information technology at the present time, because the Internet of things has emerged as a
field of influence and capabilities and has witnessed a fantastic growth as a technology in the world
with the aim of accelerating the exchange of information between humans and devices, as the
Internet of things has great potential to change the way Our goal in conducting this research is to
develop and provide security for the Internet of Things , it is an significant part of the Internet of
Things due to the impact of the security issues of the Internet of Things on increasing the scope of
application of its system (Zhao & Ge [1]) , so overcoming the security concerns in the Internet of
Things will further expand The scope of the Internet of Things, and any issue related to security and
privacy can lead to a integral loss in terms of money and reputation, however many problems
related to security can arise in the IoT environment if it is not handled correctly.

2.2 Research Motivation.

8
 What motivates us to do this survey is that we intend to provide detailed information about the
risks and challenges in the IOT security architecture. We studied the most important solutions that
had a great impact in this area. Also, many issues that are considered in relation to the safety of the
Internet of things including privacy and security restrictions such as memory constraints and access
level security requirements. Therefore, we addressed IoT safety concerns by referring to the
considerations and guidelines in this area.

2.3 Research Questions.

The following research questions focus on identifying and clarifying the mean objectives in our
study and point precisely what we intend.

1. How can we overcome the security restrictions in the Internet of things environment?

2. How can we examine the challenges and effects of each research on the topic?

3. How can we represent how each research ensured the development of IOT security?

4. How to show that the security of the Internet of Things architecture affects the expansion of

the Internet of things, or not?

2.4 Research Significance.

By doing this survey, we expect to provide detailed information about the challenges and
impacts to IOT security. We intend to show critical problems in the IoT system related to IoT
security issues, such as technical problems or strategic problems.

Also, anyone interested in the subject who reads this survey will gain a clear insight into the
essential important techniques and methods used to ensure the security of the Internet of Things, the
features of the Internet of Things and the architecture of the Internet of Things.

2.5 Operational Definitions.

In this proposed survey, we will present the most critical technologies that make significant
contributions to ensuring the safety and security of the Internet of Things; however we intend to
explain the challenges and impacts of these technologies by providing part of detailed information
about their effect on the security of the Internet of Things. Therefore, there are no variables and
measures used to conduct this survey.

2.6 Hypotheses.

In this study, we assume that all the technologies used to ensure the safety of the Internet of
things are correct and make significant contributions to examine them and see their advantages and
disadvantages, you will be able to identify them correctly, although it is difficult to find a perfect
mechanism to provide ideal security in an IoT environment due to their nature (Habib et al. [2]).

2.7 Limitations of the scope.

9
 Some of the issues that are related to the safety and security of the Internet of things (e.g.,
privacy loss) require additional investigations. Therefore, the proposed researches did not provide
detailed information about them. However, we will point out these issues for future studies (Sharma
et al. [3]).

3.0 Literature Review:

3.1 IOT architecture and security architecture

The IOT, known as the Internet of Objects, refers to a wireless network between objects ,
usually the network is wireless and self-configuring , the engineering and construction of things
play a essential role in the safety of things when they are connected to the public network as the
IOT provides services by clicking different platform devices , however, IOT carries risks as well as
increased security problems due to the significant increase in the number of devices connected in
the IOT network , in 2016:

Alfaqih [4] in this research, a study of devices architecture and the Internet of things was
discussed, and the protection, security and privacy requirements that must be met while using IOT
technology, the security requirements of the Internet of Things were implemented by several
methods. The results showed that the IoT security architecture is divided into four levels, while the
IoT architecture is divided into three layers; as shown in the following figure:

Security Architecture Security Architecture

Personalized information Authentication and key

Application Layer 10
agement
 Network Security
service Agreement Privacy
protection
Intelligent transportation

Environmental monitoring

Cloud Computing Secure multiparty

Intelligent computing Secure cloud computing ,

and

Anti-Virus

Internet mobile Identity authentication

communication
Anti-ddos
Satellite nets, network
infrastructure Encryption mechanism

Communication security

RFID Lightweight encryption

technology
Sensor
Protecting sensor data
GPS
Key agreement

Figure 1: Architecture and Requirements of IOT

In this research, Stergiou et al. [5] proposed a scheme that combines the features of the
Internet of Things with the features of video surveillance, to improve the use of IoT technology
more effectively, where the video surveillance systems transfer the video data to the cloud server
and then to the network server that is recorded by two types of Cameras (a high-quality surveillance
camera and a simple, high-quality surveillance camera) and sensors, then this proposed work was
compared with other related works based on some features, including the connectivity and safety
feature, to provide a high-quality and secure communication structure.

Ye and Qian [6] proposed an advanced IoT security architecture that can protect (NoTs) but
are independent of (NoTs) because it can logically separate ( NoTs) from the internet, presented in
this paper by a mechanism that securely combines cryptography with a single network-based hop.
IoT security architecture consisting of the auditing module and two security controllers, as the

11
auditing module is composed of an independent intrusion detection system to detect any threats
exposed by the (Not) network cluster , to provide the (NoTs) with security regardless of their
encoding capacity.

Alharam and El-Madany [7] tried to reduce the complexity of cybersecurity architecture and
then apply it in the IoT-based healthcare industry to protect it from repeated cyber attacks targeting
health care devices in the IoT by optimizing these devices using Xilinx tools such as improving the
implementation of AES algorithm. This was done by implementing a design the byte substitutions
function in four different buildings using the s-box, to reduce the complexity of the devices and
improve them to suit the application of health care, this paper compares the resources consumed for
the different buildings as the results showed that the IP core architecture has more advantages over
other facilities.

Sridhar and Smys [8] proposed a security framework to protect IoT devices from software and
network attacks depending on the implementation of Lattice-based cryptography, to secure the
devices using lightweight asymmetric encryption and the End-To-End devices, in this research, the
proposed model has been implemented by symmetric encryption where the nodes used to transmit
messages share the session key and any authentication error this message is immediately ignored..
The proposed routing protocol was also used to establish a key pair to establish authentication
between services and devices using the AES algorithm. The authentication process takes place in
the gateway.

Rauscher and Bauer, n.d. [9] developed the Internet of Things architecture in health care to
maintain the privacy of medical data and health care sensors. In this paper, a framework for
analyzing an Internet of things architecture that aims to explore weaknesses in IOT MD architecture
was developed where a unified model was developed to unify the safety and security structures of
IoT to determine Architectural weaknesses with the help of the Eclipse Modeling Framework
(EMA) in three stages: First, applying architectural analyzes using the Architecture Analysis
Configuration Language (AACL), then defining the analyzes that have been conducted and
visualizing them to reveal weaknesses and finally the evaluation process is done to fix or prevent
these defects.

Rathore et al. [10] Proposed blockchain-based decentralized security architecture, known as

(SDN) , Fog and Edge computing technologies in the IOT ecosystem with the aim to detect
mitigating attacks more efficiently, (SDN) is used for continuous monitoring and analysis of traffic
data in IOT, and the adapter that supports (SDN) can assist in data collection and analysis to

12
provide a faster response to early detection of attacks resulting in reduced storage requirements and
less access time , all fog nodes and cloud servers share data using Blockchain technology the
performance of the proposed decentralized architecture was subjected to an experimental
evaluation, the results showed that it outperformed both the distributed and central architecture in
terms of detection time and accuracy.

Reference Method Dataset Advantages Disadvantages Results

Stergiou et al. Cameras and Video data. The proposed Difficulty Obtain a high-
[5]. sensors. model is detecting events quality and
flexible and in noisy secure
more effective environments. communications
(ideal). infrastructure.

Ye and Qian [6]. The auditing Network The proposed The security They were
module and two Threats IoT security protection Providing
security (NoTs). architecture is provided by the security for
controllers. modularly SDN controller is NoTs regardless
designed. limited. of their
encryption
capacity.

Alharam and Xilinx tools Byte . Efficiency of ------------- Reducing

the AES devices
El-Madany [7]. algorithm. complexity

Sridhar and The light Codes and The proposed Asymmetric Protect IoT
Asymmetric ciphers. security encryption devices from
Smys [8] Cryptography/Latti architecture systems do not the Quantum
ce-based reduces provide real Attacks.
cryptography. bandwidth security due to
consumption their high cost.
and improves
IoT
performance.

Rauscher and The Eclipse Data Repair and ------------ Providing safety
Modeling prevent and security for
Bauer, n.d. [9] Framework/AACL weaknesses in medical devices
language. the architecture connected to
of the IOT. IOT.

Rathore et al. SDN Attacks in IOT Early Detection Blockchain Minimize IOT
of Attacks in technology attacks with
[10] Blockchain the IOT. supports fewer storage
decentralized restrictions and
solutions without cheaper
13
 Fog traffic data trust. accounts.

Table 1: IOT Architecture and Security Architecture

3.2 IOT Security Features

with the development of critical technologies on the internet of thing, In 2019 there appears to be
a consensus that the impact of IoT technology is significant and growing; this section will explain
four features of IoT from four aspects (description, threat, challenges, solutions, and opportunities)
as shown on fig and summarized on table 1(Zhou et al. 2019.

Figure 2. IoT Features

A) Interdependence
Description:
With the development of IoT devices, interactions between devices have become more complex.
There is no need for human participation; IoT devices no longer communicate clearly, like
traditional computers or smartphones (Zhou et al. 2019).

Threat:

14
 The target device or system itself may not be easily compromised. Still, attackers can easily
change the behaviors of other devices or the surrounding environment, which correlated with the
target device, shown in figuer1(Zhou et al. 2019).

Figure 3: Attack Example of Interdependence behaviors

Challenges :

The majority of researchers are unaware of the effect of interconnectedness behaviors on IoT
security; It is challenging to set a clear defensive limit for IoT devices or apply fixed and consistent
methods of controlling access and managing privileges for their interconnected behaviors (Zhou et
al. 2019).

Solution and opportunities :

A set of new security policies for instruction behavior detect an anomaly, Context-based
permission, which is a new context-based permission system for IoT platform to solve the over-
privileged problem, its score and compare more context information, such as procedure control
flow, data source, and runtime data for each (Zhou et al. 2019).
B) Diversity

Description :

To better accommodate different applications scenario, heterogeneous IoT devices are designed
for other specific tasks and interact strongly with the various physical environment. Hence, their
hardware, system, and process requirement are unique, different application scenario also needs
different communication protocols, even within the same application such as smart home, foreign
15
IT companies use additional wireless access authentication and communication protocols for their
platforms, the phenomenon represented by the emergence of many different types of IoT devices
and protocols in the current IoT market, refer to its diversity of the IoT (Zhou et al. 2019).

Threats :

Because there are many types of new IOT devices with insufficient safety checks in advance, Ali
mobile security team found more than 90% of IoT device firmware has security vulnerabilities like
hardcoded key and common web security vulnerabilities which attackers could easily use because
of the lack of practical security experience for the new IoT functionality such as IoT device
bootstrapping, new protocols usually contain many potential security issues, it is found the attacker
can exploit much vulnerability of joy link protocol weaknesses such as insufficient device
authentication shown in figure 2(Zhou et al. 2019).

Figure 4 Device Hijacking Attack Example of Joy link protocols (Wei Zhou ).

Challenges:
Regarding the system security point, due to the diversity of IoT devices, it is challenging design it
is difficult to create legal system defense for heterogeneous devices, especially in the industry;
hence, how many security vulnerabilities are detected and dealt with between different IoT devices
should be as well, so researcher needs to discover critical public security issues for them, the
researchers must consider not only the security issue of a single protocol but also potential security
risks associated with the different protocols(Zhou et al. 2019).

16
Solutions and opportunities:

To discover and address the potential vulnerabilities for more IOT devices ,researcher
performed static or dynamic analysis on the device firmware and source ,In 2014 introduced a
frame work to support dynamic security analysis of a variety of framework for embedded systems,
However it cannot simulate all the actions of real devices and you need to redirect the step from the
emulator to the device by physical connection, so it is not suitable for large scale automated
firmware analysis , presented framework for automated dynamic analysis of framework at scale ,but
it only applies to the Linux based system , dynamic framework analysis simulation framework for
real time operating system (RTOS) and bare metal system nearly empty other researchers rely on
IDS and IPS to protect different types of devices on the same network ,however the attack differ
from one to another according to the different target devices, Thus some, researchers have indicated
that the IDS and IPS systems models based on anomalous traffic detection may not work well when
the network contains many different types of devices, they suggested that IDS and IPS system
should take on abnormal parameters that effects the detection of device behaviors as a primary task,
The most suitable and effective IDS and IPS system for heterogeneous IOT devices is still in need
of further study(Zhou et al. 2019).

D) Constrained

Many IoT devices, especially industrial sensors and implantable medical devices are lightweight
and compact with little cost and physical conditions. Thus, it has less computing capacity and
storage resources than traditional computers or mobile phones. In addition, many militaries,
industrial and agricultural devices must operate for a long time in environments where charging is
not available, so they also have strict energy requirements (Zhou et al. 2019).

Threats:

Due to the limiting feature, most IoT devices do not deploy the necessary system and network
defense; for example, lightweight IoT devices do not have a memory management unit (MMU), so
memory isolation addresses space planning randomization (ASLR). Other memory integrity
measures cannot be applied to these devices; most complex encryption and authentication algorithm
such as public encryption cannot also be implemented on such devices because they occupy too

17
many computing resources and cause long delays, which seriously affects the regular operation and
reduces the performance of the restricted IoT devices, so that it is easy for attackers to use memory
vulnerabilities to penetrate these devices. Also, many IoT devices communicate with the server
without any encryption or use SSL encryption without checking the server's certificate (Zhou et al.
2019).

Challenges:

Achieving proper system protection using fewer system software and resources on lightweight
IoT devices is a huge challenge for researchers. This system protection must satisfy the time and
energy constraints in practical application conditions. Also, it is difficult for researchers to deploy
complex encryption and authentication algorithms with less latency and computing resources on
small IoT devices (Zhou et al. 2019).

Solutions and opportunities:

Enhancing system security for restricted IoT devices ,previous studies focus on designing
system security mechanisms for lightweight devices , but most of them are still unable to meet
security and application requirement, ARM or can be used to isolate a light programmatic bug to
protect necessary application code running on small integrated processors , but it has caused an
increase in high performance for some programs that need to verify the address multiple times such
as searching for the string , so that does not apply to IoT devices in real-time , Koeberl it provided
a set of reliable computing functions for lightweight devices such as certification and trusted
execution , However its implementation should change the current hardware architecture of the
MCU . so it is cannot be applied directly to existing IoT devices, other system defense such as
EPOXY and MINION have recently been suggested better to deal with the aforementioned
challenges ,but must be specially configured based on static analysis of each firework or source
code prior to use which adds to the burden developers , To protect the network security of restricted
IoT devices, most cryptography researchers reduce resources consumption by designing new
lightweight algorithms, improving the original encryption algorithms; however, it is difficult for
lightweight algorithms to achieve the same level of security as classic algorithms; some researcher
is trying new methods to meet this challenge; the researchers proposed both an authentication and
key generation algorithm based on the (PUF), which uses the device unique physical architecture to
identify itself, This method not only saves vital storage space and simplifies robust generation
18
algorithm, but also can effectively resist side-channel analysis, other researchers have attempted to
use users unique biological characteristics such as walking and usage habits, that some IoT devices
have collected to improve authentication algorithms, it can provide storage and user authentication
and device at the same time, the stability and accuracy of these new methods still need to be
improved(Zhou et al. 2019) .

E) Mobile

Description:

Various IoT devices such as wearable devices and smart cars are used in the mobile
environment; these portable IoT devices usually move from one network environment to another
and communicate with many new unknown devices, for example, when a user drives an intelligent
car from one area to another, the vehicle can automatically collect road information for
foundational highway facilities in the new area (Zhou et al. 2019).

Threats:

As IOT portable devices usually join more networks, attackers tend to inject malicious code into
portable IoT devices to speed up their spread; At the same time, mobile devices need to
communicate with many new devices in the network, so their attack surface will be a limit, these
issues will only get worse in IOT social devices, IOT social devices will hold more sensitive
information and automatically track users who join many different social networks(Zhou et al.
2019).

Challenges:

To address potential threats, the primary security challenges are identification and trust across
domains; for example, when a mobile device moves from one field to another, how does the new
environment verify that device, and what kind of permissions should be granted? When data
transferred using IOT portable devices travels from one network to another, the key is negotiated;
Data confidentiality, safety protection, and other essential security issues need careful attention
(Zhou et al. 2019)

19
Solutions and opportunities:

Try to reduce the possibility of mobile IoT devices being attacked in different networks
dynamically changing the security configuration of devices, according to other trust conditions;
however, this method cannot address the root of the problems, there are a few appropriate access
control policies for IoT devices that have been suggested(Zhou et al. 2019).

Feature Threats Challenges Solution

Interdependence Over privilege and Access control and Context-based
Bypassing static privilege management permission
defense
Diversity Insecure Protocol Fragmented Dynamic analysis
simulation platform,
IDS
Constrained Insecure System Lightweight defends Combining biological
and Protocol and physical
characteristics
Mobile Malware Propagation Cross-domain Dynamic
identification and configuration
trust
Table 1 Summary of IoT Features

20
3.3 The Security Problems of IOT

Typically, security goals of Confidentiality, Integrity, and Availability (CIA) Also apply to IoT;
however, the IoT has many restrictions and limitations (Rwan Mahmoud 2015).

IoT Security Challenges :

Privacy

Privacy means that information about individuals must be protected and should not be exposed
without explicit consent under any circumstances (Seliem et al. 2018). In IoT, It is necessary to
meet privacy requirements due to the ubiquity of intelligent things and the risk of technology
misuse by legitimate and illegal users (Riahi Sfar et al. 2018). The important thing is to save
privacy in IoT; this section will describe two categories of IoT challenges: data collection policy
and data anonymization (Zhou et al. 2019). The information about user behavior while serving the
Internet is gathered to enrich the user experience on the internet and define user preferences (Zhou
et al. 2019).The main aim is to provide the best services to use that meet users' needs. So that, The
amount of information is unlimited to internet browsing behavior, Information about users daily
routine is also gather(Zhou et al. 2019) .Data collection policy describes the policy during data
collection where imposes the type of collectible data and the access control of a" thing" to the data
(Zhou et al. 2019).The second challenge is data anonymization to ensure data anonymity;
cryptographic protection and concealment of data relations are desirable, like lightweight
cryptographic schemas (Zhou et al. 2019).

To overcome the privacy challenges and related security issues summarized as follow (Mohamed
Selim):

Data anonymizing and denaturing solutions:

1) Data brokers and separation algorithms to offer flexibility to service providers yet respect user
predefined access rules.

2) Generalization to mask personal data

3) frameworks that provide emotion analytics lifecycle to allow denaturing

21
Security Constraints

A) Limitation based on hardware

1) Memory Constraint :

IoT devices are built on a limited RAM and Flash Memory compared to the traditional digital
system like pc and laptop. They use a Real-Time Operating System (RTOS) or a lightweight
version of the General-Purpose Operating System (GPOS) (Hossain et al. 2015). Due to the
limitation on memory size, the security schemas should be memory efficient. However, traditional
security algorithms are not explicitly designed considering memory efficiency. The conventional
digital system uses big RAM and a hard drive, so there is not enough memory after booting up the
operating system and system software (Maziar Fotouhi).

B) Limitation based on software

Software Vulnerability and Backdoor Analysis in IoT

In addition to the authentication and authorization problems, software vulnerability plays a vital
role in comparing traditional pc, industry, and system architecture, like the machines, In the
heterogeneous IoT diversified and dedicated device platform (Zhang et al. 2014).

TO overcome and eliminate backdoors: Dynamic analysis is a practical approach to the discovery
of vulnerabilities before product release; because the resource constraint, the dynamic analysis may
be inefficient to deploy in an IoT device due to the emulation process is challenging to avoid, so the
semantic gap between actual device and emulated system, So that dynamic analysis technique is the
promising solution (Zhang et al. 2014)

2) Access level security requirement:

Confidentiality is essential to ensure that the data is secure and only available to authorized users,
In IOT a user can be human, machines and services and internal objects (devices that are part of the
network ), Authentication: Authentication enables IoT devices to ensure the identity of the peer
with which it communicates, Also that requirement to ensure that valid users get access to the IoT
devices and networks for administrative tasks (Rwan Mahmoud 2015).The authorization ensures
that only the authorized devices and users access the resources(Hossain et al. 2015).

22
Access control: access control is the act of ensuring that an authenticated IOT node accesses only
what it is authorized to and nothing else (Hossain et al. 2015). The researcher suggests and
introduces an encryption method based on XOR operations to implement a lightweight
cryptography protocol; this Protocol is demonstrated and can establish the mutual authentication
procedure in a typical RFID system for IoT applications (Hossain et al. 2015) .

To overcome the access level security and requirements summarizing as follow (Mohamed Selim):

1) lightweight authentication and fundamental establishment mechanisms

2) frameworks based on device fingerprint techniques

3) context-aware access control models and enforcing mechanisms

Reference Method Dataset Advantage Disadvantage Result

Zhi-Kai -IPv4/IPv6 Sensitive data Address discuss the Opportunities

Zhang ongoing vulnerabilities for wearable
challenges and yet solved devices
research
opportunities in
IoT

Mohamed Cryptography Us Energy proposed ----------------- privacy-

Seliem) : Information solutions to preserving is a
communication
Administration rising shared
security
privacy responsibility
(EIA)
SDN concerns from a in which all
multipoint of parties much
view to identify actively engage
the risks and and cooperate
mitigations to provide safe
IoT
environments
yet enjoy
Ragib Hasan). analyzes domains present a ---------------- present an
existing detailed overview of the
research analysis of IoT Internet of
problems and attack surfaces, Things,
challenges threat models, illustrate a

23
 security issues, systematic
requirements, analysis of the
forensics, and critical security
challenges problems and
mitigation
strategies

Wei Zhou Statistical number of illustrate the ---------------- illustrate the

Analysis papers in development developing
different trend of recent trend of IoT
application IoT security security
scenario per
year, number of
separate threat
tags in different
application
scenarios

Rowan different access IOT attention to the No solution is essential to

Mahmoud, scenario IoT devices new IOT given except for incorporate
application ( SCADA ,web application to encryption in new
cameras , trafic prevent the the perception networking
contorls and potential threat layer protocols like
printers )
IPv6 and 5G to
achieve the
dynamic
mashup of IoT
topology

IOT Security Features and Security Problems of IOT

4.0 Conclusion

The Internet of Things has proven that it has a high ability to change the World. Quality of
business performance has become better that any time before with less effort. For example, people
can issue orders through smart devices while they are doing their jobs. However, the big real
problem that faces us in the field of Internet security is the privacy as the major concern of the user
24
is his/her personal data which can be revealed. Within this research, the researchers focus on the
privacy problems and threats that might happen such as identifying the user's identity and/or
accessing the user's data browser, as well as discussing the features of IoT and what are the gaps in
its performance. The researchers tried to find solutions for these gaps, but these solutions might not
completely solve the problem because there is a conflict between protecting the user privacy and
data access accuracy policy to provide better and high-quality services to the user, the structure of
IoT was also discussed.

Within this research study, the most important researches on security issues, challenges in IoT
system environment, technologies used to overcome these security concerns, characteristics of the
IoT systems, and on IoT security architecture have been summarized

Many researchers have been researching the topic of the security and safety of the Internet of things
in our project we summarize the most critical researches on security issues and challenges in the
environment of the IoT system and some of the techniques used to overcome these security
concerns and the features of the Internet of Things system and the security architecture of the
Internet of Things.

5.0 References

[1] Zhao, K., & Ge, L. (2013, December). A survey on the internet of things security. In 2013 Ninth
international conference on computational intelligence and security (pp. 663-667). IEEE.

[2] ur Rehman, M. H., Ahmed, E., Yaqoob, I., Hashem, I. A. T., Imran, M., & Ahmad, S. (2018). Big data
analytics in industrial IoT using a concentric computing model. IEEE Communications Magazine, 56(2), 37-
43.

[3] Sharma, P. K., Ryu, J. H., Park, K. Y., Park, J. H., & Park, J. H. (2018). Li-Fi based on security cloud
framework for future IT environment. Human-centric Computing and Information Sciences, 8(1), 1-13.

[4] Alfaqih, T. M., & Al-Muhtadi, J. (2016). Internet of Things security based on devices
architecture. International Journal of Computer Applications, 975, 8887.

[5] Stergiou, C., Psannis, K. E., Plageras, A. P., Kokkonis, G., & Ishibashi, Y. (2017, June). Architecture for
security monitoring in IoT environments. In 2017 IEEE 26th international symposium on industrial electronics
(ISIE) (pp. 1382-1385). IEEE.

[6] Ye, F., & Qian, Y. (2017, December). A security architecture for networked internet of things devices.
In GLOBECOM 2017-2017 IEEE Global Communications Conference (pp. 1-6). IEEE.

[7] Alharam, A. K., & El-madany, W. (2017, August). Complexity of cyber security architecture for IoT
healthcare industry: a comparative study. In 2017 5th international conference on future internet of things
and cloud workshops (FiCloudW) (pp. 246-250). IEEE.

25
[8] Sridhar, S., & Smys, S. (2017, January). Intelligent security framework for iot devices cryptography
based end-to-end security architecture. In 2017 International Conference on Inventive Systems and Control
(ICISC) (pp. 1-5). IEEE.

[9] Rauscher, J., & Bauer, B. (2018, September). Safety and security architecture analyses framework for
the internet of things of medical devices. In 2018 IEEE 20th international conference on e-health networking,
applications and services (Healthcom) (pp. 1-3). IEEE.

[10] Rathore, S., Kwon, B. W., & Park, J. H. (2019). BlockSecIoTNet: Blockchain-based decentralized
security architecture for IoT network. Journal of Network and Computer Applications, 143, 167-177.

Boursianis, AD, Papadopoulou, MS, Diamantoulakis, P, Lipa-Tsakalidi, A, Barouchas, P, Salahas, G,

Karagiannidis, G, Wan, S & Goudas, SK 2020, 'Internet of Things (IoT) and Agricultural
Unmanned Aerial Vehicles (UAVs) in smart farming: A comprehensive review', Internet of
Things.

Hossain, MM, Fotouhi, M & Hasan, R 2015, 'Towards an Analysis of Security Issues, Challenges,
and Open Problems in the Internet of Things', paper presented to 2015 IEEE World Congress
on Services.

Julia Rauscher, BB 2018, 'Safety and Security Architecture Analyses Framework for the Internet of
Things ofMedical Device', Software Methodologies for Distributed Systems, p. 3.

Riahi Sfar, A, Natalizio, E, Challal, Y & Chtourou, Z 2018, 'A roadmap for security challenges in the
Internet of Things', Digital Communications and Networks, vol. 4, no. 2, pp. 118-37.

Rwan Mahmoud, TY, Fadi Aloul, Imran Zualkernan 2015, 'Internet of Things (IoT) Security: Current
Status, Challenges and Prospective Measures', The 10th International Conference for Internet
Technology and Secured Transactions (ICITST-2015), pp. 336-41.

Seliem, M, Elgazzar, K & Khalil, K 2018, 'Towards Privacy Preserving IoT Environments: A Survey',
Wireless Communications and Mobile Computing, vol. 2018, pp. 1-15.

Shafique, K, Khawaja, BA, Sabir, F, Qazi, S & Mustaqim, M 2020, 'Internet of Things (IoT) for Next-
Generation Smart Systems: A Review of Current Challenges, Future Trends and Prospects for
Emerging 5G-IoT Scenarios', IEEE Access, vol. 8, pp. 23022-40.

Tejasvi Alladi, VC, Biplab Sikdar and Kim-Kwang Raymond Choo 2017, 'Consumer IoT: Security
Vulnerability Case Studies and Solutions', Ph.D. degree, vol. Ph.D. degree, p. 6.

26
Zhang, Z-K, Cho, MCY, Wang, C-W, Hsu, C-W, Chen, C-K & Shieh, S 2014, 'IoT Security: Ongoing
Challenges and Research Opportunities', paper presented to 2014 IEEE 7th International
Conference on Service-Oriented Computing and Applications.

Zhao, K. and Ge, L., 2013, December. A survey on the internet of things security. In 2013 Ninth
international conference on computational intelligence and security (pp. 663-667). IEEE.

Zhou, W, Jia, Y, Peng, A, Zhang, Y & Liu, P 2019, 'The Effect of IoT New Features on Security and
Privacy: New Threats, Existing Solutions, and Challenges Yet to Be Solved', IEEE Internet of
Things Journal, vol. 6, no. 2, pp. 1606-16.

27