Professional Documents
Culture Documents
PII: S2666-285X(21)00012-1
DOI: https://doi.org/10.1016/j.gltp.2021.01.012
Reference: GLTP 17
Please cite this article as: Jyoti Neeli , Shamshekhar Patil , Insight to Security Paradigm , Re-
search Trend & Statistics in Internet of Things(IoT), Global Transitions Proceedings (2021), doi:
https://doi.org/10.1016/j.gltp.2021.01.012
This is a PDF file of an article that has undergone enhancements after acceptance, such as the addition
of a cover page and metadata, and formatting for readability, but it is not yet the definitive version of
record. This version will undergo additional copyediting, typesetting and review before it is published
in its final form, but we are providing this version to give early visibility of the article. Please note that,
during the production process, errors may be discovered which could affect the content, and all legal
disclaimers that apply to the journal pertain.
Abstract
The technology named Internet of Things (IoT) extends the ability for the man kind and computers to control billions of connectivity
entities such as actuators, sensors, and other services. Realizing IoT as a system would permit integration of the cyber-world in an
uninterrupted aspect to the distributive environment and will centrally make changes and authorize the human interaction to the outside world.
This paper surveys on the major issues of concerns in IoT regarding security and privacy facing few enormous challenges. To accommodate
the most promising technology, we briefly review the existing techniques analyzing the features of security architecture helpful in controlling
the perquisites for it. Conventional measures of security countermeasures cannot be directly implied to the heterogeneous technology of IoT as
there are number of standards and stacks for communication presumed.
Introduction
The terminology, IoT is related to objects, things and almost represented internet structures which are exclusively identifiable
were first presented in the year 1998. Recent years have shown, that the concept of IoT has become particularly famous via
distinctive applications. The four significant components pertained in a system enabling IoT are sensors, access for unrelated
information, services and requests and additional parts like privacy and security [1]. The physical objects are equipped with the
Radio-Frequency Identification(RFID) as tagged identification or as smart sensors identifiable bar-codes. Smart services can be
designed in the IoT devices as a combination of sensors [2].
The real-world organization of IoT technique is in the growth of multiple platforms serving as new programs and technologies
involving process, device identification, monitoring actuating, sensing, communicating, sensing the computations, processing the
semantic knowledge, distributing the coordinated control and user modelling. Many limitations in the IoT subsystems are energy,
lifetime, power, cost effectiveness. Security of IoT is of critical importance as the scope of spreading malicious attacks can be
widely spread world and would be actuated to the physical world from the service of the internet [3]. Technologies of “Wireless
Sensor Networks, RFID, machine-to-machine interface (M2M)” and services accomplished via a cloud computing assist as
necessary structural blocks for IoT to achieve the preferred application operation [4]. The infrastructure of IoT is very susceptible
to security issues and also addresses significant privacy problems for the user end interface. With this, the IoT owning progressive
dimensions in the area of information exchange is guarded from the security view of perception and suitable steps need to be
originated to confirm that its development is an active process having a full acceptance overall [5]. Automatic confirmation of the
object presence is improved by processing the image, storage capabilities and different display methods, availability of sensors and
the reducing hardware cost would be the groundwork for the new era possible by IoT. The interpretability of the perception
embedded collaboration that would seamlessly unite phenomena into everyday artifacts. It needs sensing in integrated perspective,
actuation, and standard networking objectives [6]. Smart connectivity is enabled in IoT with the growing presence of 4G-LTE
wireless internet access and Wi-Fi, the revolution in the network of communication and information is evident. The embedded
intelligence has to be implied beyond everyday scenarios of mobile computing that utilizes portables and smart devices from the
environment [7].
This paper discusses the survey on the security issues in the IoT realization. The article is categorized as: Section II
discusses the background of the IoT with the illustration of its origin and the numerous issues faced by it. The existing
methodologies giving a solution to the issues and proposed in the various fields are discussed in section III. The survey of IoT
appearing as an emerging technology is shown in section IV. Section V shows the statistical study of IoT security challenges.
Open research issue is discussed in Section VI. Finally, the conclusion is presented in Section VII respectively.
Role of Security and privacy framework in IoT
The name Internet of things was not publicly until the year 1999. At the end of the year 2013, it had evolved into a system
integrating various technologies, including the ones ranging from the Internet to communicate in the wireless field and from
MEMS to embedded systems. IoT can be discovered to increase the application providing capacity in multiple domains such as
control systems, global positioning system, wireless sensor networks and automation.
WSN IPV6
MEMS No. of Devices
No. of
Devices
6 IEEE
LOWPAN 802.15.4
Personal Low Cost
Networks Communication
IPSEC LR-WPAN
IoT
The wireless connectivity and novel techniques of digital identification like RFID got an impact of IoT on our daily lives. Due
to the improvements in wireless sensor networks, and little energy, limited resource device has initiated more types of equipment
that are internet connectable. To provide more addresses and unite multiple networks in the IoT environment IPv6 and IEEE
The above Figure 2 explains a common architectural view of IoT emerging as an application of RFID and wireless sensor
networks; it effectively fulfils the modern day demands of a smart city, home or transportation mechanism for improved
interoperability among devices.
Here the following concerns are led by conferring the number of security problems in IoT. As the focus on the study of real
time extensive data, IoT is verified as an evolving technology. The immense amount of data is transmitted to the DCNs; their
fundamental structures should be able to withstand the IoT data real-time processing necessities. Few open challenges and
problems are given as below:
Network Scalability: The conventional data center has three-tier topology more often to accommodate the networks from
larger data centers. The architecture consists of three layers: access, core and aggregation layers. As the growth in the
complexity and size of the network increases, it leads to scalability challenges [9]. The scalability issues arise when
furthermore IoT data streams remain to flow into the warehouses. As it is one of the key essentiality to examine the IoT real
time data, it can be solved by the approach of modular data centers.
Network Delay: In the present time analytics, the data flow between the switches and servers cause a delay in the system.
Also, the delay occurs when the data is in the process of being accessed from the database. The tiered architecture of the data
centers is the primary reason for a delay [10].
Spectral Efficiency Limitation: The huge data creates another issue for competent delivery of data in case of real-time
analytics. To avoid this, available range of frequencies in the network is to be utilized. The wireless network should have the
potential of taking charge of the controlling deadlines in an analysis of real-time scenario and the data flows. Spectral
efficiency as a challenge will be effective if the network is not performing the required task.
Fault Tolerance in the Network: The operation of an IoT system continues even when a failure occurs for few of its
components. Therefore, IoT data needs a system to detect and resist the along with reporting a solution for the same.
Network Agility—applying the concept of agility in network analytics, IoT can be met with the demand for scattered sensors
shared over a large pool, giving real-time services. At the availability of spare abilities in the network, congestion and
computation hotspots have higher priorities. The communication among the different paths of the networks is constrained
[11].
IoT
Challenges
Fault
Network Network Spectral Network
Tolerance
Security Agility Limitation Delay
of Network
Privacy and
Security
Challenges
Authenticatio Data
n Protection
Privacy Trust
Detection of Access
Rogue Node Control
Intrusion Other
Detection Challenges
The principal issues of concern include: user authentication, insecure interface, insecure code practices, personal data privacy
concerns and limited encryption at the transport layer
The hardware interpretation is very less for IoT devices, making it vulnerable for spoofing as encryption algorithm is not
implemented [13].
Service
VO Layer CVO Layer Application
Layer
Physical and
Sub-
Communication Translati
Coordination tasking
layer on
Service
Discovery Analyzer
Optimization Service
Generation
The three layers in the architecture are virtual object layer, the composite virtual object layer, and service layer (VOL),
(CVOL), (SL). These layers execute the task of creation and management of services, object virtualization and execution and
service composition. Every layer in the architecture has the inbuilt set of cognitive functions to provide automation intelligence in
IoT. Grouping of all the three layers with their key features contributing to the structure are stacked and called as IoT Daemon.
The DIAT is compared with existing efforts which are proved to explore the potentiality of the challenges technically and key
features of IoT [14].
Sensors such as
Temperature,
Intelligent
Server
Accelerometer ,
BSN
In the above model of IoT for a health care system, three necessary components used are Body Sensor Networks server
(BSN), Local Processing Unit (LPU) and the smart objects that are wearable (bio-sensors). The data to be employed is taken by
the user adopting the edge device for it. The data which is collected is transmitted to the LPU and later on to the BSN server for
the purpose of analyzing the data with a provision for user-oriented service. The system identifies and satisfies the needs of the
user independently and have a higher efficiency. The body bio-sensors and LPU helps to execute the registrations for the BSN
server in prior. Once the registration is attained, the credentials such as security have to be shared and accumulated in the
bio-sensors, BSN server, and the LPU. To meet the goal of entity authentication, a path for secure communication and data
integrity are assured through the feature of system's interface. Furthermore, to estimate the feasibility a platform of Raspberry Pi
model is built in the implementation. To improvise the system throughput, the replacement of the crypto-hash modules by the
conventional SHA-2 method is accomplished [15].
Figure 6 shows the four modules of Easy Connect, the creation, configuration and management module which steadily
divides the characteristics of the IoT devices, balances the functions for automatically configuring the connectivity of the ODFs
and IDFs, preserves all the essential information in the Database module, i.e., SQL database. The module of Execution and
communication is subdivided into two modules called communication sub module dealing the interactions of the lower layer M2M
device. IoT objects are having a connection with Open MTC physically and clearly shares resources with one another and through
EC in network applications. The sub module Execution is responsible for the requests in the network connected in ODFs and IDFs.
The graphical user interface gives comprehensible interface for the faster organization of the communications and connections in
the devices of IoT. The operation of the preferred task is attained by the graphical user interface that takes the data to be processed
from the user to apply the HTTP based REST APIs to start up device functions. Employing the signals from the UNIX operating
system, the CCM instructs to execute interaction among ODFs and linked IDFs in the IoT devices having the option of preset. The
characteristics of the adopted methodology are used to generate the device feature modules which are created with fewer
difficulties coding the design in the scripting language python. Since in this language the execution is permitted without any
compilation the ease of implementation is added to system design [16].
Mobile Device
IoT Device DA
IDA
DAI DAG
Issues majorly
Increased
governing IoT security
2% 2% threats
6% Data privacy
7%
Identity and
37% access
9%
management
9% Attacks against
connected
28% devices
Compilance
requirement
Therefore, from the existing models been presented in the above surveys and pictorial representation shown in figure 8, the
maximum percentage of affecting factor for IoT is found to be increasing threats in the security that deals the authentication and
authorization aspects, data privacy i.e., the capability of the system to safely encrypt the data at the transmitter side and retrieve
the original information at the receiver section whereas the rest of the factors show a less percentage effect on the IoT
mechanism.
Conference
593 371
Publications
Journals &
127 80
Magazines
Early Access
24 22
Articles
Books and
11 0
e-Books
Document Type
The statistics of the security issues of IoT tuned in Springer is depicted in figure 10 and obtained data is shown in Table 2.
10,237
2,284 43 117 8 114
20,000
0
Books Journals Series
Document Type
Figure 10 Plot depicting Statistics in Springer
The statistics of the coverage, connectivity, and wireless sensor networks are tuned in Elsevier as in figure 11 and
obtained data is shown in Table 3.
Book 47 84
Journals 504 398
Web
623 1,250
pages
from Elsevier
Privacy interest of IoT Security interest of IoT
Document Type
Entity recognition: The major issue to identify an entity is to guarantee the employment of record used integrity in the
naming of architecture. Even after the domain name system gives the opportunity of the name translating services to the
users of internet, it happens to be proved as a naming method which is insecure. It is very likely to be exposed to attacks
such as poisoning attack of domain name system cache, middle-man attack. Thus an entirely new service for naming is
highly desirable.
Android Security limitations: The connection of a heterogeneous device with the android system forms a personal area
network, henceforth pulling the security issues of android system into the IoT. The main matter that arises here is the
leakage of sensitive data. The current mechanism provides the protection only for management in course-grain, i.e.,
choice of all-or-nothing, to limit the number of devices being connected and the runtime control disability. More
amount ensured access must be given in case of complicated environments and applications for real-time scenarios.
Malicious Programs affecting IoT network: Due to targeted malware in the network of IoT, the limited resource of the
associated devices are affected to greater extent. Traditional mechanism working against the task of the malware are
infeasible which are witched from the common x86 to platform of IoT. Presently all the solutions are inapplicable as
they operate as ad-hoc.
Security Protocols and Light weighted cryptographic systems: Multiple security features are acquired from the
cryptosystem dealing with the public-key when compared to that of symmetric-key. They are more desirable if the
requirement of authenticity and data integrity is created. The effective measure that could reduce the computational
overhead and the model of complex security protocol remains to be a major issue in the aspect of IoT security.
Privacy: The two main subdivisions in which the IoT issue of privacy can be categorised are anonymization and
collection data streams. During the phase of data collection, the data collection policy restricts the amount and type of
data to be gathered. The desire of cryptography system protection and relational concealment of the data is generated to
fulfil the necessity of the data anonymization issue. Homomorphic encryption style may be used for the research work
trying to find appropriate solution towards the above problem of privacy.
Software System Susceptibility: Present security research domain has one section of its focus on software system
susceptibility. In the stage of development of a software piece, the programming bugs produced cannot be avoided. The
bugs resulting in security incidents are software vulnerabilities. A number of backdoor problems are faced by the system
due to the system vulnerabilities. A vulnerable device can be easily manipulated by deploying it with it backdoor. IoT
devices which have limited resources, the fair amount of antivirus is not supported in the network.
VII. CONCLUSION
The entire world can be considered as an enormous network of devices having the ability to communicate with each other.
The IoT refers to the persistent environment of computing wherein sensors and actuators are made to work with the Internet. In
the implementation, security challenges of the methods and collaborated techniques play a major role. The paper, discusses the
background, challenges concerning open, privacy, security aspects. Further, the existing techniques for the employment of IoT in
various disciplines are highlighted. The paper conclusion emphasizes on the different works implemented in the IoT and
associated domains and the open research issues on which the further proposed work can be implemented.
References
[1] H. Suo, J. Wan, C. Zou and J. Liu, "Security in the Internet of Things: A Review," International Conference on Computer Science and Electronics
Engineering, Hangzhou, pp. 648-651, 2012
[2] R. Khan, S. U. Khan, R. Zaheer and S. Khan, "Future Internet: The Internet of Things Architecture, Possible Applications and Key Challenges," 10th
International Conference on Frontiers of Information Technology, Islamabad, pp. 257-260, 2012
[3] T. Xu, J. B. Wendt and M. Potkonjak, "Security of IoT systems: Design challenges and opportunities," 2014 IEEE/ACM International Conference on
Computer-Aided Design (ICCAD), San Jose, CA, pp. 417-423, 2014
[4] R. Roman, J. Zhou, and J. Lopez, "On the features and challenges of security and privacy in distributed internet of things", Computer Networks 57.10,
pp.2266-2279, 2013
[5] T. Borgohain, U. Kumar, and S. Sanyal, "Survey of security and privacy issues of Internet of Things", arXiv preprint arXiv:1501.02211, 2015
[6] M. Kranz, P. Holleis, and A. Schmidt, “Embedded interaction: Interacting with the internet of things”, IEEE internet computing, vol. 14.2, pp.46-53, 2010
[7] J. Gubbi, “Internet of Things (IoT): A vision, architectural elements, and future directions”, Future generation computer systems, vol. 29.7, pp.1645-1660,
2013
[8] V. Adat and B. B. Gupta, "Security in Internet of Things: issues, challenges, taxonomy, and architecture", Telecommunication Systems, pp.1-19, 2017
[9] Pavithra, G. S., and N. V. Babu. "Energy efficient hierarchical clustering using HACOPSO in wireless sensor networks." International Journal of Innovative
Technology and Exploring Engineering 8, no. 12 (2019).
[10] Kumar, M. Keerthi, B. D. Parameshachari, S. Prabu, and Silvia liberata Ullo. "Comparative Analysis to Identify Efficient Technique for Interfacing BCI
System." In IOP Conference Series: Materials Science and Engineering, vol. 925, no. 1, p. 012062. IOP Publishing, 2020.
[11] S. Verma, “A Survey on Network Methodologies for Real-Time Analytics of Massive IoT Data and Open Research Issues", IEEE Communications Surveys
& Tutorials , 2017
[12] A. Alrawais, "Fog Computing for the Internet of Things: Security and Privacy Issues", IEEE Internet Computing, vol. 21 (2), pp. 34-42, 2017
[13] A.K. Pathak, “Security Challenges in Internet of Things (IoT)”, International Journals of Advanced Research in Computer Science and Software Engineering
, 2017
[14] C. Sarkar, “DIAT: A scalable distributed architecture for IoT”, IEEE Internet of Things journal, vol. 2(3), pp.230-239, 2015
[15] K-H. Yeh, “A Secure IoT-Based Healthcare System with Body Sensor Networks”, IEEE Access, vol. 4, pp.10288-10299, 2016
[16] Y-B. Lin, “EasyConnect: A management system for IoT devices and its applications for interactive design and art”, IEEE Internet of Things Journal, vol.
2(6), pp.551-561, 2015
[17] Y. Shi, “An Obfuscatable Aggregatable Signcryption Scheme for Unattended Devices in IoT Systems”, IEEE Internet of Things Journal, 2017
[18] A. Sajid, H. Abbas, and K. Saleem, “Cloud-assisted IoT-based SCADA systems security: A review of the state of the art and future challenges”, IEEE
Access, vol. 4, pp.1375-1384, 2016
[19] R. Arshad, “Green IoT: An Investigation on Energy Saving Practices for 2020 and Beyond”, IEEE Access, 2017
[20] M. Yasin, “Ultra-Low Power, Secure IoT Platform for Predicting Cardiovascular Diseases”, IEEE Transactions on Circuits and Systems I: Regular Papers,
2017
[21] F. Conti, Francesco, “An IoT Endpoint System-on-Chip for Secure and Energy-Efficient Near-Sensor Analytics”, IEEE Transactions on Circuits and
Systems I: Regular Papers, 2017
[22] S-M. Cheng, “Traffic-aware Patching for Cyber Security in Mobile IoT”, arXiv preprint arXiv: 1703.05400, 2017
[23] S. Koteshwara and A. Das, “Comparative study of Authenticated Encryption targeting lightweight IoT applications”, IEEE Design & Test, 2017
[24] S. Kubler, “Open IoT Ecosystem for Sporting Event Management”, IEEE Access, vol. 5, pp.7064-7079, 2017
[25] D. Kwon, “IoT-based prognostics and systems health management for industrial applications”, IEEE Access, vol. 4, pp.3659-3670, 2016
[26] C. Hennebert and J.D. Santos, “Security protocols and privacy issues into 6LoWPAN stack: a synthesis”, IEEE Internet of Things Journal, vol.1(5), pp. 384,
2014.
[25]Arun Biradar,Shamshekhar S Patil “Secure Communication Between Sensors in IoT”, International Journal of Computing, Communications and
Networking, Computing, Communications and Network, volume 7,No.4, October-December 2018 ,pp.336-340.