0% found this document useful (0 votes)

198 views24 pages

A Survey On Iot Security: Application Areas, Security Threats, and Solution Architectures

This document provides a survey of Internet of Things (IoT) security, including application areas, security threats, and solution architectures. It discusses how IoT expands the attack surface due to various factors like resource-constrained devices and heterogeneous technologies. The document also summarizes the four key layers in an IoT ecosystem and provides an overview of challenges in securing cyber-physical systems.

Uploaded by

Manojkumar Kothandapani

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

198 views24 pages

A Survey On Iot Security: Application Areas, Security Threats, and Solution Architectures

Uploaded by

Manojkumar Kothandapani

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 24

This article has been accepted for publication in a future issue of this journal, but has not been

fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2924045, IEEE Access

Date of publication xxxx 00, 0000, date of current version xxxx 00, 0000.
Digital Object Identifier xxx

A Survey on IoT Security: Application

Areas, Security Threats, and Solution
Architectures
VIKAS HASSIJA 1 , VINAY CHAMOLA2 , VIKAS SAXENA 1 , DIVYANSH JAIN 1 , PRANAV
GOYAL 1 and BIPLAB SIKDAR3
1
Department of CSE and IT, Jaypee Institute of Information Technology, Noida, 201309 India (e-mail: {vikas.hassija, vikas.saxena}@jiit.ac.in), (e-mail:
{divyansh.bjain,pranav.goyal1297}@gmail.com)
2
Department of EEE, Birla Institute of Technology & Science (BITS), Pilani, Rajasthan 333031 India (e-mail: [email protected])
3
Department of Electrical and Computer Engineering, National University of Singapore, 117583 Singapore (e-mail: [email protected])
Corresponding author:Vinay Chamola(e-mail: [email protected]).

ABSTRACT Internet of things (IoT) is the next era of communication. Using IoT, physical objects can
be empowered to create, receive and exchange data in a seamless manner. Various IoT applications focus
on automating different tasks and are trying to empower the inanimate physical objects to act without any
human intervention. The existing and upcoming IoT applications are highly promising to increase the level
of comfort, efficiency, and automation for the users. To be able to implement such a world in an ever
growing fashion requires high security, privacy, authentication, and recovery from attacks. In this regard, it
is imperative to make the required changes in the architecture of IoT applications for achieving end-to-end
secure IoT environments. In this paper, a detailed review of the security-related challenges and sources of
threat in IoT applications is presented. After discussing the security issues, various emerging and existing
technologies focused on achieving a high degree of trust in IoT applications are discussed. Four different
technologies: Blockchain, fog computing, edge computing, and machine learning to increase the level of
security in IoT are discussed.

INDEX TERMS IoT, IoT Security, Blockchain, Fog Computing, Edge Computing, Machine Learning, IoT
applications, Distributed Systems.

I. INTRODUCTION of IoT. In future, the devices are not only expected to be

connected to the Internet and other local devices but are also
HE pace of connecting physical devices around us to
T the Internet is increasing rapidly. According to a recent
Gartner report, there will be around 8.4 billion connected
expected to communicate with other devices on the Internet
directly. Apart from the devices or things being connected,
the concept of social IoT (SIoT) is also emerging. SIoT will
things worldwide in 2020. This number is expected to grow enable different social networking users to be connected to
to 20.4 billion by 2022 [1]. The use of IoT applications the devices and users can share the devices over the Internet
is increasing in all parts of the world. The major driving [4].
countries in this include western Europe, North America,
and China [1]. The number of machine to machine (M2M) With all this vast spectrum of IoT applications comes
connections is expected to grow from 5.6 billion in 2016 to the issue of security and privacy. Without a trusted and
27 billion in 2024 [1]. This leap in numbers itself declares interoperable IoT ecosystem, emerging IoT applications can-
IoT to be one of the major upcoming markets that could form not reach high demand and may lose all their potential.
a cornerstone of the expanding digital economy. The IoT Along with the security issues faced generally by the Inter-
industry is expected to grow in terms of revenue from $892 net, cellular networks, and WSNs, IoT also has its special
billion in 2018 to $4 trillion by 2025 [2]. M2M connections security challenges such as privacy issues, authentication
cover a broad range of applications like smart cities, smart issues, management issues, information storage and so on.
environment, smart grids, smart retail, smart farming, etc. Table 1 summarizes various factors due to which securing
[3]. Figure 1 shows the past, present and future architecture IoT environment is much more challenging than securing

VOLUME x, 2019 1

This work is licensed under a Creative Commons Attribution 3.0 License. For more information, see http://creativecommons.org/licenses/by/3.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2924045, IEEE Access

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

FIGURE 1: Present and Future Architecture of IoT.

TABLE 1: Comparison of Security of IT devices and IoT devices.

Widespread IT Security IoT security

Widespread IT has devices which is resource rich IoT devices need to be carefully provisioned with security
measures
Widespread IT is based on resource rich devices IoT system are composed of devices having limitation in
terms of their software and hardware
For wide security and lower capabilities complex algorithm only lightweight algorithms are preferred
are implemented
Homogeneous technology is responsible for high security IoT with heterogeneous technology produce large amount
of heterogeneous data increasing the attack surface

normal information technology (IT) devices. Due to all these the physical changes. Since CPS encompass assets of crit-
issues and vulnerabilities, the IoT applications create a fertile ical importance (e.g., power grids, transportation systems),
ground for different kinds of cyber threats. There have been security vulnerabilities in such systems have serious conse-
various security and privacy attacks on the already deployed quences. However, security challenges for CPS have their
IoT applications worldwide. Mirai attack in the last quarter unique characteristics and are outside the scope of this paper.
of 2016 was estimated to infect around 2.5 million devices In any IoT ecosystem or environment, there are four im-
connected to the Internet and launch distributed denial of portant layers. The first layer includes the use of various
service (DDoS) attack [5]. After Mirai, Hajime and Reaper sensors and actuators to perceive the data or information
are the other big botnet attacks launched against a large to perform various functionalities. Based on that, in the
number of IoT devices [5]. IoT devices, being low powered second layer, a communication network is used to transmit
and less secure, provide a gateway to the adversaries for the collected data. Most of the evolving IoT applications
entering into home and corporate networks, thereby giving deploy the third layer, called a middleware layer, to act as
easy access to the user’s data. Also, the domain of IoT is a bridge between the network and application layer. Finally,
expanding beyond mere things or objects. There have been on the fourth layer, there are various IoT based end-to-end
various successful attempts to implant IoT devices into the applications like smart grids, smart transport, smart factories,
human body to monitor the live condition of various organs etc. All of these four layers have security problems specific
[6]. Attackers can target such devices to track the location of to them. Apart from these layers, various gateways connect
a particular individual or falsify data. Such an attack has not these layers and help in the data movement. There are certain
taken place yet in real life but can be highly dangerous, if security threats specific to these gateways as well.
such devices are compromised.
In this paper, a detailed survey of IoT security solutions in
Cyber Physical Systems (CPS) is another area benefitting the existing literature is presented. First of all, the fundamen-
from the growth of IoT. In CPS physical objects in the tal constraints to achieve high levels for security in IoT ap-
environment are monitored, and actions are taken based on plications are presented. The goal of this paper is to highlight
2 VOLUME x, 2019

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

the major existing and upcoming solutions for IoT security. 4. Review on the proposed countermeasures to the secu-
Specifically, the four major classes of IoT security solutions rity issues in IoT.
namely: (1) blockchain based solutions; (2) fog computing 5. An assessment of the open issues, challenges and
based solutions; (3) machine learning based solutions and future research directions for developing secure IoT
(4) edge computing based solutions are highlighted. Table 3 applications.
gives a list of acronyms related to IoT used in this paper.
B. ORGANIZATION
A. RELATED SURVEYS AND OUR CONTRIBUTIONS The organization of the rest of the paper is as follows: Section
There are various existing surveys on IoT security and pri- II describes various application areas of IoT where high
vacy issues. Yuchen et al. [10] have summarized various security is required. Section III discusses various sources of
security issues in IoT applications. Authors of [11] have dis- threats in an IoT environment. In section IV various con-
cussed the security issues specific to location-based services straints and requirements to be considered while developing
in IoT. The authors target the particular problems related to a secure IoT application are reviewed. Four major IoT se-
localization and positioning of the IoT devices. Anne et al. curity approaches, i.e., blockchain, fog computing, machine
in [12] focus mainly on the security issues related to IoT learning, and edge computing are presented in Section V,
middleware and provide a detailed survey of related existing VI, VII, and VIII, respectively. Section IX describes various
protocols and their security issues. M. Guizani et al. in [14] open issues, challenges and upcoming research opportunities
have surveyed various trust management techniques for IoT in IoT security and finally, Section X concludes the paper.
along with their pros and cons. Security mechanisms for
IoT security such as software defined networking (SDN) II. SECURITY CRITICAL APPLICATION AREAS OF IOT
and network function virtualization (NFV) are discussed Security is highly critical in almost all IoT applications that
in [13]. In [8] the authors have compared edge computing have already been deployed or are in the process of deploy-
with traditional cloud systems to secure IoT systems. Jie ment. The applications of IoT are increasing very rapidly
Lin et al. in [9] have discussed the relationship between and penetrating most of the existing industries. Although
IoT and fog computing. Some of the security issues related operators support these IoT applications through existing
to fog computing have also been discussed. Authors of [7] networking technologies, several of these applications need
have discussed vulnerabilities faced by IoT in brief. Table 2 more stringent security support from technologies they use.
summarizes the main contributions of the previous compre- In this section various security critical IoT applications are
hensive surveys on IoT security. Although there are several discussed.
works in this direction, they are specific to certain limited 1. Smart Cities: Smart cities involve extensive use of
aspects of IoT. This calls the need for a detailed survey emerging computation and communication resources
on all the existing and upcoming security challenges in IoT for increasing the overall quality of life of the people
applications. This paper will help the reader to get a detailed [15]. It includes smart homes, smart traffic manage-
idea of the state-of-the-art in IoT security and will give them ment, smart disaster management, smart utilities, etc.
a general understanding of the area. The main contributions There is a push to make cities smarter, and govern-
of this work are as follows: ments worldwide are encouraging their development
1. A classification of different IoT applications and spe- through various incentives [16]. Although the use of
cific security and privacy issues related to those appli- smart applications is intended to improve the overall
cations. quality of life of the citizens, it comes with a threat
2. A detailed explanation of different threat sources in to the privacy of the citizens. Smart card services tend
different layers of IoT. to put the card details and purchase behavior of the
3. Detailed and realistic recommendations to improve the citizens at risk. Smart mobility applications may leak
IoT infrastructure to facilitate secure communications. the location traces of the users. There are applications

TABLE 2: Related Surveys on IoT Security

Year Author Contributions
2016 Arsalan Mosenia et al., [7] A brief discussion of vulnerabilities faced by the edge side layer of IoT
2017 Yu wei et al., [8] Survey on using Edge Computing to secure IoT
2017 Jie Lin ea al., [9] Discussion on relationship between IoT and Fog Computing
2017 Y yang et al., [10] A brief discussion on most relevant limitations of IoT devices
2017 L chen , S. Thombre et al., [11] security issues specific to location-based services in IoT
2017 A H Ngu, V. Metsis et al., [12] Security issues related to the IoT middle ware
2018 I Farris, T Taleb et al., [13] Security mechanism for IoT security like SDN and NFB
2019 Ikram Ud din, M. Guizani et al,. [14] Trust Management Techniques for Internet of Things

VOLUME x, 2019 3

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

TABLE 3: List of Acronyms application is not able to predict the earthquake, then
Notation Meaning it will lead to the loss of both property and life. There-
ABSI Adaptive Binary Splitting Inspection fore, smart environment applications have to be highly
AMI Advanced Metering Infrastructure precise, and security breaches and data tampering must
AMQP Advanced Message Queuing Protocol be avoided.
APT Advanced Persistent Threat 3. Smart Metering and Smart Grids: Smart metering
CoAP Constrained Application Protocol includes applications related to various measurements,
DAC Distributed Autonomous Corporation monitoring, and management. The most common ap-
DAOs Decentalized Autonomous Organizations plication of smart metering is smart grids, where the
electricity consumption is measured and monitored.
DDoS Distributed denial of service
Smart metering may also be used to address the prob-
GPS Global Positioning System
lem of electricity theft [17]. Other applications of smart
HAN Home Area Network
metering include monitoring of water, oil and gas
IIoT Industrial Internet of Things
levels in storage tanks and cisterns. Smart meters are
IOE Internet of Everything
also used to monitor and optimize the performance of
IoT Internet of Things
solar energy plants by dynamically changing the angle
M2M Machine to Machine
of solar panels to harvest the maximum possible solar
MCC Mobile Cloud Computing energy. There also exist some IoT applications that use
MEC Mobile Edge Computing smart meters to measure the water pressure in water
MLP Multi-Layer Perceptron transport systems or to measure the weight of goods.
MQTT Message Queuing Telemetry Transport However, smart metering systems are vulnerable to
NFC Near Field Communication both physical and cyber-attacks as compared to analog
NFV Network Function Virtualization meters that can be tampered only by physical attacks.
P2P peer to peer Also, smart meters or advanced metering infrastruc-
QoS Quality of Service ture (AMI) are intended to perform functions beyond
RFID Radio Frequency Identification generic energy usage recording. In a smart home area
RSN RFID sensor Networks network (HAN) all electric equipment at home are con-
SDN Software-Defined Networking nected to smart meters and the information collected
SHA Secure Hash Algorithm from these equipments can be used for load and cost
SIoT Social Internet of Things management. Intentional intrusion in such communi-
SMQTT Secure Message Queue Telemetry Transport cation systems by the consumer or an adversary may
STD Security Trust and Decentralization modify the collected information, leading to monetary
WSN Wireless Sensor Networks loss for the service providers or consumers [18].
XMPP Extensible Messaging and Presence Protocol 4. Security and Emergencies: Security and emergencies
XSS cross-site scripting is another important area where various IoT applica-
tions are being deployed. It includes applications such
as allowing only authorized people in restricted areas
using which parents can keep track of their child. How- etc. Another application in this domain is the detection
ever, if such applications are hacked, then the safety of of leakage of hazardous gases in industrial areas or
the child can come to risk. areas around chemical factories. Radiation levels can
2. Smart Environment: Smart environment includes also be measured in the areas around nuclear power
various IoT applications such as fire detection in reactors or cellular base stations and alerts can be
forests, monitoring the level of snow in high alti- generated when the radiation level is high. There are
tude regions, preventing landslides, early detection of various buildings whose systems have sensitive data or
earthquakes, pollution monitoring, etc. All these IoT that house sensitive goods. Security applications can
applications are closely related to the life of human be deployed to protect sensitive data and goods. IoT
beings and animals in those areas. The government applications that detect various liquids can also be used
agencies involved in such fields will also be relying on to prevent corrosion and break downs in such sensitive
the information from these IoT applications. Security buildings. Security breaches in such applications can
breaches and vulnerability in any area related to such also have various serious consequences. For example,
IoT applications can have serious consequences. In this the criminals may try to enter the restricted areas by
context, both false negatives and false positives can attacking the vulnerabilities in such applications. Also,
lead to disastrous results for such IoT applications. For false radiation level alarms can have serious immediate
example, if the application starts detecting earthquakes and long term impacts. For example, if infants are
falsely, then it will lead to monetary losses for the exposed to high levels of radiation, then it may lead
government and businesses. On the other hand, if the to serious life threatening diseases in long term.
4 VOLUME x, 2019

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

5. Smart Retail: IoT applications are being extensively

used in the retail sector. Various applications have been
developed to monitor the storage conditions of the
goods as they move along the supply chain. IoT is also
being used to control the tracking of products in the
warehouses so that restocking can be done optimally.
Various intelligent shopping applications are also being
developed for assisting the customers based on their
preferences, habits, allergies to certain components,
etc. Mechanisms to provide the experience of online
shopping to offline retailers using augmented reality
techniques have also been developed. Various compa-
nies in retail have faced security issues in deploying
and using various IoT applications. Some of these com-
panies include Apple, Home Depot, JP Morgan Chase
and Sony [19]. Adversaries may try to compromise the
IoT applications associated with storage conditions of
the goods and may try to send wrong information about
the products to the users in order to increase the sale.
If security features are not implemented in smart retail,
attackers may steal debit and credit card information,
phone numbers, email-addresses, etc. of the customers
which can lead to monetary losses for the customers
and retailers.
6. Smart Agriculture and Animal Farming: Smart FIGURE 2: Layers in IoT System.
agriculture includes monitoring soil moisture, control-
ling micro-climate conditions, selective irrigation in
dry zones, and controlling humidity and temperature. increased rapidly after the deployment of various home
Usage of such advanced features in agriculture can help automation systems [20]. There have also been various
in achieving high yields and can save farmers from cases in the past where the adversaries try to analyze
monetary losses. Control of temperature and humidity the type and volume of Internet traffic to/from the smart
levels in various grain and vegetable production can home for judging the behavior and presence of the
help in preventing fungus and other microbial contam- residents.
inants. Controlling the climate conditions can also help
in increasing the vegetable and crop yield and quality. III. SOURCES OF SECURITY THREATS IN IOT
Just like crop monitoring, there are IoT applications to APPLICATIONS
monitor the activities and the health condition of farm As discussed in Section I, any IoT application can be divided
animals by attaching sensors to the animals. If such into four layers: (1) sensing layer; (2) network layer; (3) mid-
applications are compromised, then it may lead to the dleware layer; and (4) application layer. Each of these layers
theft of animals from the farm and adversaries may also in an IoT application uses diverse technologies that bring a
damage the crops. number of issues and security threats. Figure 2 shows various
7. Home Automation: Home automation is one of the technologies, devices, and applications at these four layers.
most widely used and deployed IoT applications. This This section discusses various possible security threats in
includes applications such as those for remotely con- IoT applications for these four layers. Figure 3 shows the
trolling electrical appliances to save energy, systems possible attacks on these four layers. The special security
deployed on windows and doors to detect intruders, etc. issues associated with the gateways that connect these layers
Monitoring systems are being applied to track energy are also discussed in this section.
and water supply consumption, and users are being ad-
vised to save cost and resources. Authors in [20] have A. SECURITY ISSUES AT SENSING LAYER
proposed the use of logic based security algorithms The sensing layer mainly deals with physical IoT sensors and
to enhance security level in homes. Intrusions are de- actuators. Sensors sense the physical phenomenon happening
tected by comparing the user actions at key locations around them [21]–[23]. Actuators, on the other hand, perform
of the home with normal behavior of the user in these a certain action on the physical environment, based on the
locations. However, attackers may gain unauthorized sensed data. There are various kinds of sensors for sens-
access of the IoT devices in the home and try to harm ing different kinds of data, e.g., ultrasonic sensors, camera
the users. For instance, cases of home burglaries have sensors, smoke detection sensors, temperature and humidity
VOLUME x, 2019 5

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

FIGURE 3: Types of Attacks on IoT.

sensors, etc. There can be mechanical, electrical, electronic power consumption, laser-based attacks, timing attacks
or chemical sensors used to sense the physical environment. or electromagnetic attacks. Modern chips take care of
Various sensing layer technologies are used in different IoT various countermeasures to prevent these side-channel
applications like RFID, GPS, WSNs, RSNs, etc. Major secu- attacks while implementing the cryptographic mod-
rity threats that can be encountered at the sensing layer are as ules.
follows: 5. Eavesdropping and Interference: IoT applications
1. Node Capturing: IoT applications comprise of sev- often consist of various nodes deployed in open envi-
eral low power nodes such as sensors and actuators. ronments [25]. As a result, such IoT applications are
These nodes are vulnerable to a variety of attacks by exposed to eavesdroppers. The attackers may eaves-
the adversaries. The attackers may try to capture or drop and capture the data during different phases like
replace the node in the IoT system with a malicious data transmission or authentication.
node. The new node may appear to be the part of 6. Sleep Deprivation Attacks: In such type of attacks the
the system but is controlled by the attacker. This may adversaries try to drain the battery of the low-powered
lead to compromising the security of the complete IoT IoT edge devices. This leads to a denial of service
application [24]. from the nodes in the IoT application due to a dead
2. Malicious Code Injection Attack: The attack in- battery. This can be done by running infinite loops in
volves the attacker injecting some malicious code in the edge devices using malicious code or by artificially
the memory of the node. Generally, the firmware or increasing the power consumption of the edge devices.
software of IoT nodes are upgraded on the air, and 7. Booting Attacks: The edge devices are vulnerable to
this gives a gateway to the attackers to inject malicious various attacks during the boot process. This is because
code. Using such malicious code, the attackers may the inbuilt security processes are not enabled at that
force the nodes to perform some unintended functions point. The attackers may take advantage of this vul-
or may even try to access the complete IoT system. nerability and try to attack the node devices when they
3. False Data Injection Attack: Once the node is cap- are being restarted. As edge devices are typically low
tured, the attacker may use it to inject erroneous data powered and at times go through sleep-wake cycles,
onto the IoT system. This may lead to false results and it is thus essential to secure the boot process in these
may result in malfunctioning of the IoT application. devices.
The attacker may also use this method to cause a DDoS
attack. B. SECURITY ISSUES AT NETWORK LAYER
4. Side-Channel Attacks (SCA): Apart from direct at- The key function of the network layer is transmitting the
tacks on the nodes, various side-channel attacks may information received from the sensing layer to the computa-
lead to leaking of sensitive data. The microarchitec- tional unit for processing. The major security issues that are
tures of processors, electromagnetic emanation and encountered at the network layer are as follows.
their power consumption reveal sensitive information 1. Phishing Site Attack: Phishing attacks often refer to
to adversaries. Side channel attacks may be based on attacks where several IoT devices can be targeted by a
6 VOLUME x, 2019

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

minimal effort put by the attacker. The attackers expect warm-hole between a compromised node and a device
that at least few of the devices will become a victim of on the internet and try to bypass the basic security
the attack. There is a possibility of encountering phish- protocols in an IoT application.
ing sites in the course of users visiting web pages on
the Internet. Once the user’s account and password are C. SECURITY ISSUES AT MIDDLEWARE LAYER
compromised, the whole IoT environment being used The role of the middleware in IoT is to create an abstraction
by the user becomes vulnerable to cyber attacks. The layer between the network layer and the application layer.
network layer in IoT is highly vulnerable to phishing Middleware can also provide powerful computing and stor-
sites attacks [26]. age capabilities [29]. This layer provides APIs to fulfill the
2. Access Attack: Access attack is also referred to as ad- demands of the application layer. Middleware layer includes
vanced persistent threat (APT). This is a type of attack brokers, persistent data stores, queuing systems, machine
in which an unauthorized person or an adversary gains learning, etc. Although the middleware layer is useful to
access to the IoT network. The attacker can continue provide a reliable and robust IoT application, it is also sus-
to stay in the network undetected for a long duration. ceptible to various attacks. These attacks can take control
The purpose or intention of this kind of attack is to of the entire IoT application by infecting the middleware.
steal valuable data or information, rather than to cause Database security and cloud security are other main security
damage to the network. IoT applications continuously challenges in the middleware layer. Various possible attacks
receive and transfer valuable data and are therefore in the middleware layer are discussed as follows.
highly vulnerable to such attacks [27]. 1. Man-in-the-Middle Attack: The MQTT protocol
3. DDoS/DoS Attack: In this kind of attacks, the attacker uses publish-subscribe model of communication be-
floods the target servers with a large number of un- tween clients and subscribers using the MQTT bro-
wanted requests. This incapacitates the target server, ker, which effectively acts as a proxy. This helps in
thereby disrupting services to genuine users. If there decoupling the publishing and the subscribing clients
are multiple sources used by the attacker to flood the from each other and messages can be sent without the
target server, then such an attack is termed as DDoS knowledge of the destination. If the attacker can con-
or distributed denial of service attack. Such attacks are trol the broker and become a man-in-the-middle, then
not specific to IoT applications, but due to the hetero- he/she can get complete control of all communication
geneity and complexity of IoT networks, the network without any knowledge of the clients.
layer of the IoT is prone to such attacks. Many IoT 2. SQL Injection Attack: MIddleware is also suscep-
devices in IoT applications are not strongly configured, tible to SQL Injection (SQLi) attacks. In such at-
and thus become easy gateways for attackers to launch tacks, attacker can embed malicious SQL statements
DDoS attacks on the target servers. The Mirai botnet in a program [30], [31]. Then, the attackers can obtain
attack as discussed in Section I used this vulnerability private data of any user and can even alter records
and blocked various servers by constantly propagating in the database [32]. Open Web Application Security
requests to the weakly configured IoT devices [28]. Project (OWASP) has listed SQLi as a top threat to web
4. Data Transit Attacks: IoT applications deal with a security in their OWASP top 10 2018 document [33].
lot of data storage and exchange. Data is valuable, and 3. Signature Wrapping Attack: In the web services
therefore it is always the target of hackers and other ad- used in the middleware, XML signatures are used [34].
versaries. Data that is stored in the local servers or the In a signature wrapping attack, the attacker breaks
cloud has a security risk, but the data that is in transit the signature algorithm and can execute opera-
or is moving from one location to another is even more tions or modify eavesdropped message by exploit-
vulnerable to cyber attacks. In IoT applications, there ing vulnerabilities in SOAP (Simple Object Access
is a lot of data movement between sensors, actuators, Protocol) [35].
cloud, etc. Different connection technologies are used 4. Cloud Malware Injection: In cloud malware injec-
in such data movements, and therefore IoT applications tion, the attacker can obtain control, inject malicious
are susceptible to data breaches. code or can inject a virtual machine into the cloud.
5. Routing Attacks: In such attacks, malicious nodes The attacker pretends to be a valid service by trying
in an IoT application may try to redirect the routing to create a virtual machine instance or a malicious
paths during data transit. Sinkhole attacks are a specific service module. In this way, the attacker can obtain
kind of routing attack in which an adversary advertises access to service requests of the victim’s service and
an artificial shortest routing path and attracts nodes to can capture sensitive data which can be modified as per
route traffic through it. A worm-hole attack is another the instance.
attack which can become serious security threat if 5. Flooding Attack in Cloud: This attack works almost
combined with other attacks such as sinkhole attacks. the same as DoS attack in the cloud and affects the
A warm-hole is an out of band connection between two quality of service (QoS). For depleting cloud resources,
nodes for fast packet transfer. An attacker can create a the attackers continuously send multiple requests to a
VOLUME x, 2019 7

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

service. These attacks can have a big impact on cloud applications. Many IoT applications also consist of a sub-
systems by increasing the load on the cloud servers. layer between the network layer and application layer, usu-
ally termed as an application support layer or middleware
D. SECURITY ISSUES AT GATEWAYS layer. The support layer supports various business services
Gateway is a broad layer that has an important role in con- and helps in intelligent resource allocation and computation.
necting multiple devices, people, things and cloud services. Major security issues encountered by the application layer
Gateways also help in providing hardware and software are discussed below.
solutions for IoT devices. Gateways are used for decrypting 1. Data Thefts: IoT applications deal with lot of critical
and encrypting IoT data and translating protocols for com- and private data. The data in transit is even more
munication between different layers [36]. IoT systems today vulnerable to attacks than data at rest, and in IoT
are heterogeneous including LoraWan, ZigBee, Z-Wave and applications, there is a lot of data movement. The users
TCP/IP stacks with many gateways in between. Some of the will be reluctant to register their private data on IoT
security challenges for IoT gateway are discussed below. applications if these applications are vulnerable to data
theft attacks. Data encryption, data isolation, user and
1. Secure On-boarding: When a new device or sensor is network authentication, privacy management, etc. are
installed in an IoT system, it is imperative to protect some of the techniques and protocols being used to
encryption keys. Gateways act as an intermediary be- secure IoT applications against data thefts.
tween the new devices and the managing services, and 2. Access Control Attacks: Access control is authoriza-
all the keys pass through the gateways. The gateways tion mechanism that allows only legitimate users or
are susceptible to man-in-the-middle attacks and eaves- processes to access the data or account. Access control
dropping to capture the encryption keys, especially attack is a critical attack in IoT applications because
during the on-boarding process. once the access is compromised, then the complete IoT
2. Extra Interfaces: Minimizing the attack surface is an application becomes vulnerable to attacks.
important strategy that needs to be kept in mind while 3. Service Interruption Attacks: These attacks are also
installing the IoT devices [37]. Only the necessary referred to as illegal interruption attacks or DDoS
interfaces and protocols should be implemented by attacks in existing literature. There have been various
an IoT gateway manufacturer. Some of the services instances of such attacks on IoT applications. Such
and functionalities should be restricted for end-users to attacks deprive legitimate users from using the services
avoid backdoor authentication or information breach. of IoT applications by artificially making the servers or
3. End-to-End Encryption: True end-to-end application network too busy to respond.
layer security is required to ensure the confidentiality 4. Malicious Code Injection Attacks: Attackers gener-
of the data [38]. The application should not let anyone ally go for the easiest or simplest method they can use
other than the unique recipient to decrypt the encrypted to break into a system or network. If the system is
messages. Although Zigbee and Zwave protocols sup- vulnerable to malicious scripts and misdirections due
port encryption, this is not end-to-end encryption, be- to insufficient code checks, then that would be the first
cause, in order to translate the information from one entry point that an attacker would choose. Generally,
protocol to another, the gateways are required to de- attackers use XSS (cross-site scripting) to inject some
crypt and re-encrypt the messages. This decryption at malicious script into an otherwise trusted website. A
the gateway level makes the data susceptible to data successful XSS attack can result in the hijacking of an
breaches. IoT account and can paralyze the IoT system.
4. Firmware updates: Most IoT devices are resource 5. Sniffing Attacks: The attackers may use sniffer appli-
constrained, and therefore they do not have an user cations to monitor the network traffic in IoT applica-
interface or the computation power to download and tions. This may allow the attacker to gain access to
install the firmware updates. Generally, gateways are confidential user data if there are not enough security
used to download and apply the firmware updates. protocols implemented to prevent it [39].
The current and new version of the firmware should 6. Reprogram Attacks: If the programming process is
be recorded, and validity of the signatures should be not protected, then the attackers can try to reprogram
checked for secure firmware updates. the IoT objects remotely. This may lead to the hijack-
ing of the IoT network [40].
E. SECURITY ISSUES AT APPLICATION LAYER
The application layer directly deals with and provides ser- IV. IMPROVEMENTS AND ENHANCEMENTS REQUIRED
vices to the end users. IoT applications like smart homes, FOR UPCOMING IOT APPLICATIONS
smart meters, smart cities, smart grids, etc. lie in this layer. Personal computers (PC) and smartphones have a number
This layer has specific security issues that are not present of security features built into them, e.g., firewalls, anti-
in other layers, such as data theft and privacy issues. The virus softwares, address space randomization, etc. These
security issues in this layer are also specific to different safety shields are, in general, missing in various IoT devices
8 VOLUME x, 2019

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

FIGURE 4: Research papers addressing IoT security using various security techniques.

that are already in the market. There are various security For example, imposing too many security checks and proto-
challenges that the IoT applications are facing currently. A cols in all data transactions in IoT applications may end up
well-defined framework and standard for an end-to-end IoT increasing the cost and latency of the application, thereby,
application is not yet available. An IoT application is not a making it unsuitable for the users.
standalone application, and it is an assembled product which A typical IoT application consists of a big chain of
includes work from many individuals and industries. At every connected devices, technologies, domains, and geographies.
layer starting from sensing to the application, several diverse Even if one of the device or technology or their combination
products and technologies are being used. These include a is left weak, then that may be the cause of a security threat
large number of sensors and actuators at the edge nodes. for the entire application. The chain is considered to be as
There are multiple communication standards like cellular strong as the weakest link. There has been a large increase
network, WiFi, IEEE 802.15.4, Insteon, dash7, Bluetooth, in the number of weak links in IoT applications recently. For
etc. A handshake mechanism is required between all these example, even basic IoT applications such as smart bulbs and
standards. Apart from this, various connectivity technologies smart door locks can be used as a weak link in a smart home
are being used at different levels in the same IoT application IoT application to extract the user’s WiFi password [41] and
like Zigbee, 6LOWPAN, wireless HART, Z-Wave, ISA100, [42].
Bluetooth, NFC, RFID, etc. Over and above this, the generic The large number of IoT devices being deployed around
HTTP protocol cannot be used in the application layer. HTTP the world to make it smart generates a large amount of en-
is not suitable for resource-constrained environments because vironment and user-related data. A lot of private information
it is heavy-weight and thus incurs a large parsing overhead. can be inferred from this data, and that can be another cause
Therefore, at the application layer also there are many alter- of threat for an individual and society at large [7]. As a result,
nate protocols that have been deployed for IoT environments. significant improvements and enhancements in the current
Some of them are MQTT, SMQTT, CoAP, XMPP, AMQP, IoT application structure and framework are required to make
M3DA, JavascriptIoT, etc. it reliable, secure and robust. In this regard:
Due to the intense diversity of protocols, technologies, 1. Rigorous penetration testing for IoT devices is nec-
and devices in an IoT application, the significant trade-offs essary to quantify the level of risk involved in de-
are between cost effectiveness, security, reliability, privacy, ploying these devices in different applications. Based
coverage, latency, etc. If one metric for improvement is on the risk involved, a priority list can be made and
optimized, it may result in the degradation of other metric. the devices can be deployed appropriately in different
VOLUME x, 2019 9

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

applications. ture [45].

2. Encryption techniques are being used in IoT system at 9. Since the ultimate goal of all IoT applications is to cre-
different layers and protocols. However, there are var- ate an autonomous system that needs minimum human
ious levels of encrypt, decrypt, and re-encrypt cycles interventions, the use of some artificial intelligence
in the complete system. These cycles make the system (AI) based techniques or algorithms to secure IoT
vulnerable to attacks. End to end encryption would be devices might be useful. This can help in reducing the
a promising solution to prevent different attacks. analysis and communication load on IoT environment
3. Authenticate-always protocols need to be imple- [46].
mented. Whenever a device wants to interact with There are various techniques and approaches in the ex-
another device, an authentication process should be isting literature for securing IoT environments and applica-
implemented. Digital certificates can be a promising tions. These solutions may be divided into four categories:
solution to provide seamless authentication with bound (1) blockchain based solutions; (2) fog computing based
identities that are tied to cryptographic protocols. solutions; (3) machine learning based solutions and (4) edge
4. Any IoT security framework being implemented computing based solutions. Figure 4 shows various works
should be tested and confirmed for scalability. The in different domains that have used the above-mentioned
security protocols should not be working only for a solutions for securing the IoT environments [47]–[97]. In the
limited set of users. The real threats start coming only following sections, these solutions are described in detail.
when the application becomes public and starts being
used widely in the public domain. Therefore, proper V. IOT SECURITY USING BLOCKCHAIN
strategy and planning are required. Blockchain and IoT are important technologies that will
5. A mechanism based on encryption techniques like have a high impact on the IT and communication industry.
RSA, SHA256, or hash chains is required to secure the These two technologies focus on improving the overall trans-
user and environment data from being captured. IoT parency, visibility, level of comfort and level of trust for the
devices need to be designed in a way that they can users. The IoT devices provide real-time data from sensors
transmit the sensed data in a secure and encrypted way. and blockchain provides the key for data security using a
This will help in gaining the trust of the individuals, distributed, decentralized and shared ledger [108].
government agencies and industries in IoT applica- The basic idea behind the blockchain is simple: it is a dis-
tions. tributed ledger (also called replicated log files). The entries
6. Since the IoT devices and applications are growing in the blockchain are chronological and time-stamped. Each
rapidly, an approach needs to be designed to handle entry in the ledger is tightly coupled with the previous entry
the cost and capacity constraints that are expected using cryptographic hash keys. A Merkle tree is used to store
to be encountered shortly. A paradigm shift from a the individual transactions and the root hash of the tree is
centralized approach to some decentralized approach stored in the blockchain. In the figure, T 1, T 2, T 3, · · · , T n
might be needed, where devices can automatically and represent the individual transactions. The transactions are
securely communicate with each other. This can help cryptographically hashed and stored on the leaf nodes of the
in reducing the cost of managing the applications and tree as Ha, Hb, Hc and so on. The hash of the child nodes
can reduce the issues of capacity constraints [43]. are concatenated and a new root hash is generated. The final
7. Since most of the IoT applications use cloud services root hash (e.g., H1andH2) is stored on the blockchain. Just
for data storage and retrieval, the risks caused by the the root hash can be verified in order to make sure that all
cloud should also be considered. Cloud is a public the transactions associated with that root hash are secure and
platform used by multiple users and there may be have not been tampered with. Even if a single transaction
malicious users on the cloud who can be the cause of is changed, all the hash values on that particular side of the
threat for IoT related data. The data should be stored tree will change. The ledger maintainer or the miner verifies
as ciphertext in the cloud and the cloud should not the logs or transactions and generates a key that enables the
be allowed to decrypt any ciphertext. This can further latest transaction to become the part of complete ledger. This
enhance data security and can save us from the generic process makes the latest entries available to all the nodes in
risks of using cloud services [44]. the network. Due to the presence of cryptographic hash keys
8. Apart from the challenges from outside entities, there in each block, it is too time-consuming and difficult for the
are various scenarios where the sensors in an IoT appli- adversaries to tamper with the blocks [109].
cation start collecting or sending erroneous data. These The miners do not have any personal interest in the trans-
errors might be easy to handle in case of a centralized actions, and they are mining just to earn their incentives. The
architecture but can become a bottleneck in case of an miners do not know the identity of the owners of the transac-
autonomous decentralized architecture. Faulty reading tions. Over and above, there are multiple miners working on
or transmitting of data can lead to undesirable results. the same set of transactions, and there is a strong competition
Thus, mechanism needs to be identified to validate the between them to add the transactions to the blockchain. All
data flow, especially in case of a distributed architec- these unique features empower the blockchain to be a strong,
10 VOLUME x, 2019

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

FIGURE 5: Working process of Blockchain

tamper-proof, distributed and open data structure for IoT data A. PERMISSIONED AND PERMISSION-LESS
[110]. Figure 5 shows the complete flow of a transaction from BLOCKCHAIN
being initialized to being committed to the distributed chain. There are two types of blockchain architectures based on
There are various platforms and frameworks being developed the type of data being added and the nature of application
in academia and industry that support the creation and main- using blockchain. In permission-less blockchain, there is no
tenance of blockchain. Some examples of such platforms are specific permission required for a user to become the part
Ethereum, Hyperledger fabric, Ripple, etc. [111]. of the blockchain network or to become a miner. Anyone
can join or leave this network of permission-less blockchain.
The best example of permission-less blockchains is Bitcoin.
Although the throughput of transactions is not very high, the

TABLE 4: Challenges in IoT and Possible Blockchain Solution

Challenge Towards IoT Specification Possible Blockchain Solution

Privacy in IoT devices IoT devices are vulnerable to exposing To address such a challenge, pro-
private user data posed solution is to use Permissioned
Blockchain that can secure the IoT de-
vices [98], [99], [100].
Cost and traffic To handle exponential growth in IoT Moving towards decentralization us-
devices ing blockchian. The devices can di-
rectly connect and communicate with
the peers rather than communicating
via central servers [3], [101], [102].
Heavy load on cloud service and ser- Cloud services are unavailable due to Records are updated on different nodes
vices insufficiency attacks, bugs in software, power or on the network that hold same data so
other problems there is no single point of failure [103],
[104].
Defective architecture All parts of IoT devices have point Validity of devices is verified due to
of failure that affects network and the blockchain. The data is also verified
whole device cryptographically to ensure that only
main originator can send it [105].
Data manipulation Data is extracted from IoT devices and Due to blockchain, devices are inter-
after manipulating, the data it is used in locked. If any device updates data the
some inappropriate way system rejects it [106], [107].

VOLUME x, 2019 11

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

FIGURE 6: Basic Blockchain Architecture.

permission-less blockchains can support a large number of application, blockchain can act as a suitable solution to
nodes in the network. store and transmit data.
On the other hand, the permissioned blockchains have a 2. Distributed nature of blockchain allowing secure
defined set of rules to participate in the blockchain network. data storage: Since the blockchain architecture is
The miners are also the authorized persons and the blocks are distributed in nature, it can avoid the risk of being
allowed to be added to the chain only after their validation. a single point of failure as is faced by various IoT
The blockchain of Ripple and Hyperledger are two prime applications based on the cloud. Irrespective of the
examples of permissioned blockchain. The permissioned distance between the devices, the data generated by
concept of blockchain improves the overall throughput of them can be easily stored on the blockchain in a secure
transactions as compared to permission-less blockchains. manner [112].
Figure 6 shows the sample architecture of a blockchain and 3. Data encryption using the hash key and verified by
the way every block is connected to all the previous blocks miners: In blockchain, only the 256-bit hash key for
based on cryptographic hashing. the data can be stored, rather than storing the actual
data. The actual data can be stored on the cloud and
B. BENEFITS OF BLOCKCHAIN IN IOT the hash key can be mapped with the original data. If
The usage of blockchain has many advantages in IoT appli- there is any change in the data, the hash of the data
cations. Table 4 gives a summary of some specific challenges will change. This makes the data secure and private.
in IoT security and their possible solutions using blockchain. The size of blockchain will also not get affected by the
Various security issues faced by IoT applications have al- size of the data as only the hash values are stored in the
ready been discussed in Section III. The key benefits of using chain. Only the intended parties, who are authorized
blockchain in IoT applications are discussed below. to use that data can access the data from the cloud
using the hash of the data. Every set of data being
1. Data coming from IoT devices can be stored in
stored on blockchain is properly verified by different
Blockchain: The IoT applications include a large va-
miners in the network, and therefore the probability of
riety of devices connected to each other. These devices
storing corrupt data from the devices reduces by using
are further connected and controlled by other devices.
blockchain as a solution.
This setup is further connected to the cloud to enable
4. Prevention from data loss and spoofing attacks: In
IoT applications to be used from any location. Due
spoofing attacks on IoT applications, a new adversary
to this large space for data movement, blockchain is
node enters into the IoT network and starts imitating
a promising solution to store the data and prevent it
to be the part of the original network. By spoofing, the
from being misused. Irrespective of the layer in an IoT
12 VOLUME x, 2019

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

adversary can easily capture, observe or inject data in blocks. Also, due to multiple levels of hashing, at every level
the network. Blockchain acts as a promising solution in the tree, the security of the data is enhanced [117]. IoT
to prevent such attacks. Each legitimate user or device devices involve a lot of small communications among each
is registered on blockchain, and devices can easily other and therefore using Merkle tree along with blockchain
identify and authenticate each other without the need can be a promising solution [118].
for central brokers or certification authorities [113].
Being low powered in nature, IoT devices inherit the D. IOTA
risk of losing data. There might be cases where due to IOTA is another upcoming and highly promising solution
some external environmental issues the data is lost by to secure IoT. IOTA is also a DLT (Distributed Ledger
both the sender and the receiver. Use of blockchain can Technology) as blockchain. IOTA is specially designed for
prevent such losses as once the block is added in the resource-constrained IoT devices. Every incoming request in
chain there is no way to remove it [114]. the network is required to validate the previous two requests.
5. Blockchain to prevent unauthorized access: Many Using this process of cumulative validations, IOTA can pro-
IoT applications involve a lot of frequent communi- vide a high level of security at the device or edge level.
cation between various nodes. The communication in The tip selection algorithm is used for request verification.
blockchain takes place using the public and private A cumulative weight is created for all requests. Higher the
keys, and therefore only the intended party or node weight of a device in the network, more secure the device is.
can access the data. Even if the unintended party is IOTA uses a tangle data structure as compared to the chain
able to access the data, the contents of the data will be data structure in blockchain [119].
incomprehensible as the data is encrypted with keys.
Therefore, the blockchain data structure tries to handle VI. IOT SECURITY USING FOG COMPUTING
various security issues faced by IoT applications. A. EVOLUTION OF FOG FROM CLOUD
6. Proxy-based architecture in blockchain for resource- IoT and cloud computing are two independent technologies
constrained devices: Although blockchain provides which have many applications. IoT has provided users with
various security features for a distributed environment, a large number of smart devices and applications. Simi-
IoT has a specific challenge of resource constraints. larly, a cloud provides a very effective solution to store and
Being highly resource-constrained, IoT devices cannot manage data which can be accessed from anywhere and is
store large ledgers. There have been various works widely used by many organizations. IoT is generating an
in this direction to facilitate the use of blockchain in unprecedented amount of data, which puts a lot of strain on
IoT. Proxy-based architecture is one of the promising the Internet infrastructure. The integration of cloud and IoT
solutions that can help IoT devices to use blockchain. has introduced an era of new opportunities and challenges
Proxy servers can be deployed in the network, to store for processing, storing, managing and securing data more
the resources in an encrypted form. The encrypted effectively. Industry and research groups have tried to solve
resources can be downloaded by the client from the some issues faced by the IoT by integrating it with the cloud.
proxy servers [115]. The benefits of this integration are not enough to address
7. Elimination of centralized cloud servers: Blockchain all the issues faced by IoT. Therefore, the concept of fog
can enhance the security of IoT systems because it computing was introduced by Cisco in 2012. Fog computing
ultimately eliminates the centralized cloud servers and complements cloud computing rather than replacing it.
makes the network peer-to-peer. Centralized cloud
servers are the prime target of the data thieves. Using B. FOG COMPUTING ARCHITECTURE
blockchain, the data will be distributed among all the The main task of fog computing is to handle the data gen-
nodes of the network and will be encrypted using a erated by IoT devices locally for better management and
cryptographic hash function. thus requires an architecture consisting of different layers.
It has two frameworks that are Fog-Device framework and
C. MERKLE TREE Fog-Cloud-Device framework [120]. The former framework
Merkle tree is an add-on that can be added to the blockchain consists of device and fog layer and the latter framework
data structure to enhance the security of IoT devices. This consists of device, fog and cloud layer. The arrangement
can also help in reducing the overall number of blocks being of layers is done based on their storing and computational
added in the chain. A Merkle tree is like a binary tree where powers. The communication between different layers is
every node contains two child nodes except the leaf nodes. done using wired (e.g., optical fiber, Ethernet) or wireless
The leaf nodes contain the data or transactions, and the roots communication (e.g., WiFi, Bluetooth, etc.). In Fog-Device
are the hash values of the data on the leaf nodes [116]. Based framework, the fog nodes provide various services to a user
on the size of the tree, multiple transactions can be combined without involving cloud servers. However, in Fog-Cloud-
to generate a single root hash. Rather than treating each Device framework the simple decisions are taken at the fog
transaction as a block, each root hash can be considered as a layer, whereas, the complex decisions are taken on cloud
block in the chain. This can help us in reducing the number of [121]. The architecture of Fog-Cloud-Device framework is
VOLUME x, 2019 13

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

goal is to enhance security, prevent data thefts, minimize the

data stored on the cloud and to increase the overall efficiency
of IoT applications. The latency in fog computation is less
than cloud computation because the fog layer is placed much
closer to the devices than the cloud. Only the selected and
important data is sent to the cloud for long-term storage.
Fog computing applications include smart vehicles, smart
homes, smart agriculture, health-care, smart traffic lights,
smart retail, software-defined networks, etc. Sending the
immense amount of data generated by IoT devices to the
cloud for processing and analyzing would be costly and
time-consuming. Along with minimizing network bandwidth
requirements, fog computing also reduces the frequency of
two-way communication between IoT devices and the cloud
[125].
In fog architecture, the data is collected at devices called
fog nodes which can analyze 40 percent of it [126]. It offloads
traffic from the core network minimizing the latency of IoT
devices. A fog node can be any device like a router, switch,
or a video surveillance camera which has computing, storage,
and network connectivity. These fog nodes can be installed
anywhere like on a factory floor or in a vehicle, provided it
has a network connection. Data is directed to the fog node,
aggregation node or cloud based on its time-sensitivity. Fog
nodes make the communication in IoT application secure by
providing cryptographic computations. Mere sensors and IoT
devices do not always have the necessary inbuilt resources for
FIGURE 7: Fog Computing Architecture. that purpose [127].

D. SOLUTIONS PROVIDED BY FOG COMPUTING TO

shown in Figure 7. The authors of [122] have considered OVERCOME IOT SECURITY THREATS
the fog computing architecture theoretically and mathemat- In regard to the attacks discussed in Section III, the solution
ically while comparing the performance of fog computing that fog computing provides or can provide to overcome
paradigm with traditional cloud computing framework based those security threats are discussed below.
on service latency and energy consumption. Fog computing 1. Man-in-the-middle attack: Fog acts as a security
reduces the data traffic between cloud and network edge by layer between end-user and cloud or IoT system. All
90% and average response time for a user by 20% when threats or attacks on the IoT systems need to pass
compared with cloud-only model [123]. Authors in [124] through the fog layer in between, and this layer can
have discussed the definition and concept of fog computing identify and mitigate unusual activities before they are
in-depth, comparing it with similar concepts such as mobile- passed to the system.
edge computing (MEC) and mobile cloud computing (MCC). 2. Data transit attacks: Data storage and management
Authors in [124] have also introduced some applications like is much better if performed on the secure fog nodes,
real-time video analytics and augmented reality (AR), mobile as compared to the IoT devices. Data will be better
big data analytics, and content delivery and caching for fog protected if it is stored on the fog nodes as compared
computing. to storing the data on the end-user devices. Fog nodes
also help in making the user data more available.
C. ADVANTAGES OF FOG OVER CLOUD 3. Eavesdropping: Using fog nodes, the communication
IoT devices generate large volumes of data every day. Mov- takes place between the end-user and the fog node
ing this data to the cloud in real-time for analysis is not only, rather than routing the information through the
feasible. Therefore, the concept of fog computing has been entire network. The chances of an adversary trying
developed. Figure 7 shows the placement and functionality to eavesdrop reduces a lot because the traffic on the
of fog layer in an IoT application. Fog computing refers to network is reduced.
extending cloud computing and its services to the edge of the 4. Resource-constraint issues: Most of the IoT devices
network. Fog computing is a decentralized infrastructure for are resource constrained and the attackers take advan-
analysis of data and computing and can be used to store and tage of this fact. They try to damage the edge devices
process time-sensitive data efficiently and quickly. Its main and use them as the weak links to enter the system. Fog
14 VOLUME x, 2019

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

TABLE 5: Characteristics and Solutions provided by Fog Computing

Characterstics Solutions Provided By Fog

Verifiable computation [128]–[130]
Decentralization Server-aided exchange [131], [132]
Big data analytics [133]–[137]
Designing protocol [138]
Data dissemination Sharing data securely [139]–[143]
Searching data securely [144], [145]
Identity recognition [146]–[151]
Real-time services Access management [152], [153]
Intrusion detection [154]–[159]
Recovery from attacks [160]
Transient storage Data distribution [161]
Identifying and protecting sensitive data [162]

nodes can support the edge devices and can prevent host file systems, the atack on the cloud can be
them from being affected by such attacks. A nearby detected [163].
fog node can perform the more sophisticated security • Identity authentication: There are various entities
functions necessary for protection. involved in the process of offering and accessing
5. Incident response services: Fog nodes can be pro- real-time services like fog nodes, service providers
grammed to provide real-time incident response ser- and users. Trusting all the entities involved is an
vices. Fog nodes can generate a flag to the IoT system arduous task, and creates security challenges for
or the end users as soon as they encounter a suspicious IoT services and user’s data. Accessibility of ser-
data or request. Fog computing allows for malware vices should be given only to authentic and cred-
detection and problem resolution in transit. In many ible users; otherwise, attackers may compromise
critical appliations, it might not be possible to stop the the server and exploit services and user privacy.
entire system to resolve malware incidences. Fog nodes Therefore, to prevent attackers from illegitimately
can help in such resolutions while the system is up and accessing services, identity authentication mech-
running. anisms are needed. To provide secure services,
some efficient identity authentication mechanisms
E. SECURITY CHALLENGES AND SOLUTIONS IN FOG have been proposed in the past [164]–[169].
LAYER 2. Transient Storage: Users can store and maintain
Although fog layer provides various features and security their data on fog nodes temporarily with the help of
aspects for IoT applications, the movement of data and transient storage. On the one hand, it helps in managing
computation to fog layer creates new vulnerabilities [120]. data easily on local storage, but on the other hand, it
Therefore, before implementing fog-assisted IoT applica- creates new challenges and security issues, especially
tions, these security and privacy goals of fog computing for maintaining data privacy.
are required to be studied. In this section, various features
• Identifying and protecting sensitive data: Data
provided by fog layer, privacy and security challenges faced,
stored in IoT devices may include social events,
and proposed solutions to overcome them are discussed.
traffic conditions, personal activities, temperature
Table 5 summarizes these issues and proposed solutions.
and so on. Some of the data might be personal
1. Real-Time Services: Fog computing tends to provide or sensitive while some data may be made public.
a near real-time service in the IoT systems by perform- Furthermore, for different users, the same data has
ing computation near the data generation points. different security levels. Therefore, it is important
• Intrusion detection: Policy violations and mali- to identify and protect the sensitive data from the
cious activities on fog nodes and IoT devices will large volume of information.
not be discovered if no proper intrusion detection • Sharing data securely: To provide security, data
mechanism is implemented. The attacks might not uploaded on fog nodes is first encrypted. No one
impact the whole architecture of fog computing, other than its owner can read that data once it is
but the attacker can control the local services. encrypted. This creates a problem for data shar-
Attacks targeting local services can be detected ing. To overcome this challenge, some crypto-
by fog nodes by collaborating with their adja- graphic techniques such as key-aggregate encryp-
cent nodes. By observing program behavior and tion, proxy re-encryption, and attribute-sharing,
VOLUME x, 2019 15

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

have been proposed in [170]. A. SOLUTIONS PROVIDED BY ML TO OVERCOME

SECURITY THREATS
3. Data Dissemination: The data cannot be transferred
to the fog node without encryption, due to security In regard to the attacks discussed in Section III, the solutions
issues. Due to this movement of encrypted data to the provided by ML to overcome these security threats are dis-
fog node, many desirable features are sacrificed such cussed below.
as sharing, searching, and aggregation.
1. DoS Attack: DoS attacks on IoT devices or origi-
• Searching data securely: As discussed in transient nating from IoT devices are a serious concern. One
storage, data is encrypted before uploading. How- approach to prevent such attacks is to use a Multi-
ever, once it is encrypted, searching or retrieving Layer Perceptron (MLP) based protocol that secures
on the ciphertext becomes difficult for owners networks against DoS attacks [178]. The authors of
as well as other entities. In order to retrieve the [179] have proposed a particle swarm optimization and
information from encrypted text, search-able en- back propagation algorithm to train a MLP that helps
cryption and its privacy levels are defined in [171]. in enhancing the security of wireless networks. ML
A dynamic symmetric search-able scheme is intro- techniques help in increasing the deduction accuracy
duced in [172]. and securing IoT devices vulnerable to DoS attacks.
• Data aggregation: Fog nodes might need to aggre- 2. Eavesdropping: Attackers may eavesdrop on mes-
gate the data in certain cases to prevent data leak- sages during data transmission. To provide protection
age and reduce communication overhead. It is im- from such attacks, ML techniques such as Q-learning
portant to develop secure aggregation algorithms based offloading strategy [180] or non-parametric
to prevent data thefts. Various homomorphic en- Bayesian techniques [181] can be used. Schemes such
cryption schemes, such as BGN encryption [173] as Q-learning and Dyna-Q are ML techniques that may
and Paillier encryption [174], have been proposed also be used to protect devices from eavesdropping.
to achieve secure data aggregation. Evaluation of these schemes via experiments and re-
4. Decentralized Computation: The data stored on the inforcement learning is presented in [182].
fog nodes can be processed and analyzed for better re- 3. Spoofing: Attacks from spoofers can be avoided by
sults. However, such computations have several threats using Q-learning [182], Dyna-Q [182], Support Vector
and risks associated with them. For example, attackers Machines (SVM) [183], Deep Neural Network (DNN)
can not only control the analyzed results, but can also model [184], incremental aggregated gradient (IAG)
expose processed data. [46], and distributed FrankWolfe (dFW) [185] tech-
niques. These techniques not only increase the detec-
• Server-aided computation: Tasks which cannot be tion accuracy and classification accuracy but also help
executed by IoT devices themselves are com- in reducing the average error rate and false alarm rate.
puted with the help of fog nodes. However, this 4. Privacy Leakage: Collection of personal information
can lead to exposure of data to attackers, if the such as health data, location, or photos puts the user’s
fog nodes which received data from IoT are al- privacy at stake. Privacy-preserving scientic computa-
ready compromised. Server-aided computation is tions (PPSC) [186] should be employed for preventing
one such method whose aim is to provide secure privacy leakage. A commodity integrity detection algo-
computation [175]. rithm (CIDA) which is based on the Chinese remainder
• Verifiable computation: Users rely on the fog theorem (CRT) is another technique that has been
nodes to compute their data. There must be a se- proposed to develop IoT application trust [187].
cure mechanism to verify the computation results 5. Digital Fingerprinting: Digital fingerprinting is one
coming from the fog node. Authors in [176], [177] of the upcoming and promising solutions to secure
have proposed certain multi-user mechanisms that IoT systems and to help the end users gain sufficient
help with verifiable computation. trust in the applications. Fingerprints are being widely
used to unlock smartphones, approve payments, unlock
the car and home doors, etc. Due to its low cost,
VII. IOT SECURITY USING MACHINE LEARNING
reliability, acceptability and high-security level, digital
The area of machine learning (ML) has attracted significant fingerprinting is emerging as a dominant bio-metric
interest over recent years. Many domains are using ML for identification method [188]. Apart from the benefits of
their development, and it is being used for IoT security digital fingerprinting, there are various challenges to
as well. ML appears to be a promising solution to protect efficiently use this technique in IoT, such as fingerprint
IoT devices against cyber attacks by providing a different classification, image enhancement, feature matching,
approach for defending against attacks as compared to other etc. Various machine learning based algorithms have
traditional methods. been developed to provide some non-traditional so-
lutions to overcome these challenges [189], some of
16 VOLUME x, 2019

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

which are discussed below.

• Support Vector Machine: SVM is a training al-
gorithm for non-linear and linear classifications,
principal component analysis, text categorization,
speaker identification, and regression. It maxi-
mizes the gap between the decision boundary and
training patterns. Authors of [190] have discussed
the use of SVM in digital fingerprinting in detail.
They have also compared it with other traditional
models. A feature vector is built based on pixel
values of the fingerprint, and it is used to train the
SVM. Various patterns behind the fingerprint are
analyzed, and then the matching of a fingerprint is
done based on patterns identified.
• Artificial Neural Networks: ANN is one of the
most commonly used algorithms in the machine FIGURE 8: Edge Computing Architecture.
learning. It offers many advantages like fault
tolerance, adaptive learning, and generalization.
outside the device, either to cloud or to fog nodes, and
In [191] a framework has been proposed for using
this can enhance the security of the IoT application. Edge
ANN to identify fingerprints digitally. The digital
computing also helps in providing low communication cost
values of various features in the fingerprint like
by preventing the need of moving all the data to the cloud
minutiae, ridge ending, and bifurcation is applied
[66].
as the input to the neural network for training pur-
pose using back propagation algorithm of ANN.
A. USING EDGE COMPUTING TO SECURE AND
The verification of the fingerprint is done based
IMPROVE IOT
on the previous experiential values stored in the
database. In regard to the attacks discussed in Section III, the solutions
The fundamental need in IoT is to secure all the systems that edge computing provides or can provide to overcome
and devices that are connected to the network. The role of these security threats are discussed below.
ML is to use and train algorithms to detect anomalies in IoT 1. Data Breaches: In edge computing, all the data is
devices or to detect any unwanted activity taking place in IoT stored and processed within the device or local net-
system to prevent data loss or other issues. Therefore, ML work. There is no movement of the data from the data
provides a promising platform to overcome the difficulties originator to the processor. This prevents the data from
faced in securing IoT devices. Further contributions in this being in transit and thereby prevents the risk of data
field are required to maintain the growth of IoT. thefts and data breaches. In fog computing there is
some movement of data from a device to fog layer and
VIII. IOT SECURITY USING EDGE COMPUTING adversaries can take advantage of this movement [194].
Edge and fog computing are both extensions of cloud com- 2. Data Compliance Issues: Many countries have strict
puting which is widely used by various organizations. Cloud, regulatory acts to prevent data movement outside their
fog and edge may appear similar but they constitute different boundaries, e.g., European Union’s GDPR (General
layers of IoT applications. The main difference between Data Protection Regulation). Using edge computing,
cloud, fog and edge computing is the location of intelligence organizations can keep the data within their bor-
and power computation. The cloud is deployed at a much ders and ensure compliance with data sovereignity
larger scale that needs to process huge amount of data and is laws [195].
situated at comparatively more distance from its users [192]. 3. Safety Issues: With the increase in the deployment of
To overcome the problems faced by cloud computing, edge cyber-physical systems, security and safety are consid-
computing is used as a solution where a small edge server is ered as integral issues. If there is even a little delay in
placed between the user and the cloud/fog. Some processing responses, then that may lead to physical safety issues.
activity is performed at the edge server, rather than the cloud. For example, if the sensors in a car predict that a crash
Edge computing architecture consists of edge devices, cloud is about to happen, then the airbags have to be deployed
server and fog nodes as shown in Figure 8 [193]. immediately. If the sensors completely rely on sending
In an edge computing framework the computation and all the data to the cloud and waiting for the response
analysis power is provided at the edge itself. The devices from the cloud to perform any action, then that may be
in an application can create a network among themselves too late to prevent injuries or loss of life. Surveillance
and can cooperate among each other to compute the data cameras can also be empowered using edge computing
[63]. Consequently, a lot of data can be saved from going and they can themselves analyze the anomalies and can
VOLUME x, 2019 17

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

send the summarized and suspected data to the data ing fog-assisted IoT applications, these security and privacy
centers to achieve faster response times. goals of fog computing are required to be studied. Some of
4. Bandwidth Issues: IoT application generate a lot of the challenges and research issues on security and privacy in
data at very high rate. Most of this data is raw and IoT environments and the solutions provided by fog comput-
of relatively low-value. Sending all the data to the ing are discussed in [127].
cloud involves a lot of bandwidth cost as well, along There are many machine learning algorithms in existence.
with the security challenges of data movement. If edge Therefore, it is imperative to select a proper algorithm suit-
computing is used, then a lot of data cleaning and able for the application. Selecting a wrong algorithm would
aggregation can be done at the edge nodes and only result in producing “garbage” output and will lead to loss
the summarized data, if required, needs to be sent to of effort, effectiveness and accuracy. Similarly, choosing
the cloud [196]. the wrong data set will lead to “garbage” input producing
incorrect results. The success of a machine learning solution
B. CHALLENGES IN EDGE LAYER depends on these factors as well as diversity in selecting data.
Although edge computing provides various features to in- If the data is not clustered and classified, the prediction accu-
crease the security and performance of IoT applications, there racy will be lower. Also, the historical data may contain many
are various challenges associate with completely relying on ambiguous values, outliers, missing values, and meaningless
the edge layer for all computation. Edge devices include sen- data. IoT applications are creating a huge amount of data,
sors, RFID devices, actuators, tags, and embedded devices. and therefore it is a difficult task to clean and preprocess that
The edge layer is highly susceptible to attacks in an IoT data accurately. Various features like attribute creation, linear
system. If the edge layer is compromised, then the entire regression, multiple regression, removing redundancies and
system may be compromised. MQTT and COAP are the most compressing data are required to effectively use machine
popular protocols for the edge layer. Both these protocols do learning for securing the IoT.
not use any security layer by default. Although the option to In case of edge computing, data security and user privacy
add an optional security layer in the form of TLS for MQTT are the main concerns. An user’s private data can be leaked
and DTLS for COAP is present, it creates additional overhead and misused if a house that is deployed with IoT devices is
in terms of processing and bandwidth. Issues specific to edge subjected to cyber attacks. For example, a person’s presence
devices include sleep deprivation attacks, battery draining at- or absence at home can be revealed simply by observing the
tacks, and outage attacks. Edge devices are typically resource electricity or water usage data. Since the data is computed
constrained, and the most important resource they rely upon at the edge of data resource (e.g., home), therefore, the user
is the battery backup. The foremost and easiest way to attack has to be aware of some of the measures like securing WiFi
the edge devices is to somehow deplete the battery of an edge connections. Secondly, data at edge should be owned fully by
device. For example, an attacker might force the edge device the user, and he/she should have control on which data to be
to do some power hungry or infinite loop computation [197]. shared.
The process of striking a balance between storing and Some of the future research directions in this field are:
processing data on edge or cloud is very important. Keeping • The edge devices are most resource constrained devices
too much data on edge may also lead to overwhelming of the in the IoT and are therefore uniquely vulnerable to
edge devices and may impact the entire application. attacks. Penetration studies show that while it takes very
little power to implement best practice security for the
IX. OPEN ISSUES, CHALLENGES, AND FUTURE edge nodes, they are still highly vulnerable to a variety
RESEARCH DIRECTIONS of malicious attacks.
There are some performance and security issues in the use • The gateways between different layers in the IoT system
of blockchain, fog computing, edge computing and machine need to be secured. Gateways provide an easy entry
learning for IoT security that are yet to be solved. This section point for the attackers into the IoT system. End to end
discusses some of these issues. encryption, rather than specific encryption techniques
The security of blockchain depends on its method of for specific protocols would be a promising solution to
implementation and the use of software and hardware in that secure the data passing through the gateways. The data
implementation. Since all the transactions made by users should be decrypted only at the intended destination and
in blockchain are public, there is a possibility that private not at the gateways for protocol translation.
information of users can be revealed. Also, as the number • Inter-fog sharing of resources is one of the areas where
of miners increases, the size of blockchain also increases further work needs to be done. As of now, when the
continuously. This increases the cost of storage and reduces fog layer is unable to process the requests due to heavy
the speed of distribution over the whole network, giving rise load, the requests are forwarded to the cloud. There can
to issues like scalability and availability of blockchain [198]. be resource sharing between neighboring fog layers to
Since fog computing is a nontrivial extension of cloud prevent unwanted requests to be transferred to the cloud.
computing, some of the issues such as security and privacy • The current blockchain architecture is highly limited in
will continue to persist [120]. Therefore, before implement- terms of the number of nodes in permissioned networks
18 VOLUME x, 2019

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

and in terms of throughput in permissionless networks. [3] T. M. Fernández-Caramés and P. Fraga-Lamas, “A review on the use of
Various consensus algorithms are being designed to blockchain for the internet of things,” IEEE Access, vol. 6, pp. 32 979–
33 001, 2018.
support high throughput along with a large number of [4] M. Frustaci, P. Pace, G. Aloi, and G. Fortino, “Evaluating critical security
nodes or users. issues of the iot world: present and future challenges,” IEEE Internet of
• Fog layer can be made more intelligent using various Things Journal, vol. 5, no. 4, pp. 2483–2495, 2018.
[5] Flashpoint, “Mirai Botnet Linked to Dyn DNS DDoS Attacks,”
ML and AI techniques. Fog layer must be able to decide https://www.flashpoint-intel.com/blog/cybercrime/mirai-botnet-linked-
the duration for which the data in the fog should be dyn-dns-ddos-attacks/, online; December. 18 ,2018.
retained and when the data should be discarded or [6] G. Yang, M. Jiang, W. Ouyang, G. Ji, H. Xie, A. M. Rahmani, P. Lil-
jeberg, and H. Tenhunen, “Iot-based remote pain monitoring system:
shifted to the cloud for prolonged storage. From device to cloud platform,” IEEE journal of biomedical and health
• More efficient and reliable consensus mechanisms can informatics, vol. 22, no. 6, pp. 1711–1719, 2018.
be designed to reach consensus among the nodes along [7] A. Mosenia and N. K. Jha, “A comprehensive study of security of
internet-of-things,” IEEE Transactions on Emerging Topics in Comput-
with preventing rampant use of computation power.
ing, vol. 5, no. 4, pp. 586–602, 2017.
The current consensus algorithms are highly resource [8] W. Yu, F. Liang, X. He, W. G. Hatcher, C. Lu, J. Lin, and X. Yang, “A
hungry and less efficient. survey on the edge computing for the internet of things,” IEEE access,
• The tamper-proof feature of blockchain is ending up vol. 6, pp. 6900–6919, 2018.
[9] J. Lin, W. Yu, N. Zhang, X. Yang, H. Zhang, and W. Zhao, “A survey
into a collection of a lot of garbage data and addresses. on internet of things: Architecture, enabling technologies, security and
There is a lot of invalid data that is never deleted like privacy, and applications,” IEEE Internet of Things Journal, vol. 4, no. 5,
the addresses of the destructed smart contracts. This pp. 1125–1142, 2017.
[10] Y. Yang, L. Wu, G. Yin, L. Li, and H. Zhao, “A survey on security and
affects the performance of the overall application and privacy issues in internet-of-things,” IEEE Internet of Things Journal,
better ways need to be designed to efficiently handle the vol. 4, no. 5, pp. 1250–1258, Oct 2017.
garbage data in the blockchain. [11] L. Chen, S. Thombre, K. Järvinen, E. S. Lohan, A. Alén-Savikko, H. Lep-
päkoski, M. Z. H. Bhuiyan, S. Bu-Pasha, G. N. Ferrara, S. Honkala,
• Data analysis in near real-time and in the proximity J. Lindqvist, L. Ruotsalainen, P. Korpisaari, and H. Kuusniemi, “Ro-
of the IoT node is crucial for successful deployment bustness, security and privacy in location-based services for future iot:
of IoT applications. Various ML-based algorithms can A survey,” IEEE Access, vol. 5, pp. 8956–8977, Mar 2017.
[12] A. H. Ngu, M. Gutierrez, V. Metsis, S. Nepal, and Q. Z. Sheng, “Iot mid-
be designed to analyze the data in the node itself to dleware: A survey on issues and enabling technologies,” IEEE Internet of
prevent the data transit for analysis. This can further Things Journal, vol. 4, no. 1, pp. 1–20, Feb 2017.
enhance the security of the application by preventing [13] I. Farris, T. Taleb, Y. Khettab, and J. Song, “A survey on emerging sdn
data movement. and nfv security mechanisms for iot systems,” IEEE Communications
Surveys & Tutorials, vol. 21, no. 1, pp. 812–837, 2018.
[14] I. U. Din, M. Guizani, B.-S. Kim, S. Hassan, and M. K. Khan, “Trust
X. CONCLUSION management techniques for the internet of things: A survey,” IEEE
In this survey, we have presented various security threats Access, vol. 7, pp. 29 763–29 787, 2019.
at different layers of an IoT application. We have covered [15] A. Gharaibeh, M. A. Salahuddin, S. J. Hussini, A. Khreishah, I. Khalil,
M. Guizani, and A. Al-Fuqaha, “Smart cities: A survey on data man-
the issues related to the sensing layer, network layer, mid- agement, security, and enabling technologies,” IEEE Communications
dleware layer, gateways, and application layer. We have Surveys & Tutorials, vol. 19, no. 4, pp. 2456–2501, 2017.
also discussed the existing and upcoming solutions to IoT [16] D. Eckhoff and I. Wagner, “Privacy in the smart city—applications,
technologies, challenges, and solutions,” IEEE Communications Surveys
security threats including blockchain, fog computing, edge & Tutorials, vol. 20, no. 1, pp. 489–516, 2018.
computing, and machine learning. Various open issues and [17] X. Xia, Y. Xiao, and W. Liang, “Absi: An adaptive binary splitting algo-
issues that originate from the solution itself have also been rithm for malicious meter inspection in smart grid,” IEEE Transactions
on Information Forensics and Security, vol. 14, no. 2, pp. 445–458, 2019.
discussed. The state-of-the-art of IoT security has also been [18] V. Namboodiri, V. Aravinthan, S. N. Mohapatra, B. Karimi, and W. Jew-
discussed with some of the future research directions to ell, “Toward a secure wireless-based home area network for metering in
enhance the security levels is IoT. This survey is expected smart grids,” IEEE Systems Journal, vol. 8, no. 2, pp. 509–520, 2014.
[19] N. N. Dlamini and K. Johnston, “The use, benefits and challenges
to serve as a valuable resource for security enhancement for of using the internet of things (iot) in retail businesses: A literature
upcoming IoT applications. review,” in 2016 International Conference on Advances in Computing
and Communication Engineering (ICACCE). IEEE, 2016, pp. 430–436.
ACKNOWLEDGMENT [20] A. C. Jose and R. Malekian, “Improving smart home security: Integrating
logical sensing into smart home,” IEEE Sensors Journal, vol. 17, no. 13,
This research was supported by the National Research Foun- pp. 4269–4286, 2017.
dation, Prime Minister’s Office, Singapore under its Corpo- [21] Bridgera, “IoT System | Sensors and Actuators,” https://bridgera.com/
rate Laboratory@University Scheme, National University of IoT-system-sensors-actuators//, online;accessed 09 Feburary 2019.
[22] Smarthomeblog, “How to make your smoke detecter smarter,” https:
Singapore, and Singapore Telecommunications Ltd //www.smarthomeblog.net/smart-smoke-detector///, online;accessed 10
Feburary 2019.
REFERENCES [23] Tictecbell, “Sensor d’ultrasons,” https://sites.google.com/site/tictecbell/
[1] D. F. Rajesh Kandaswamy, “Blockchain-based transformation,” Arduino/ultrasons//, online;accessed 11 Feburary 2019.
https://www.gartner.com/en/doc/3869696-blockchain-based- [24] S. Kumar, S. Sahoo, A. Mahapatra, A. K. Swain, and K. Mahapatra,
transformation-a-gartner-trend-insight-report/, online; accessed June. 5, “Security enhancements to system on chip devices for iot perception
2018. layer,” in 2017 IEEE International Symposium on Nanoelectronic and
[2] Gsma, “Safety, privacy and security,” https://www.gsma.com/ Information Systems (iNIS). IEEE, 2017, pp. 151–156.
publicpolicy/resources/safetyprivacy-security-across-mobile- [25] C.-H. Liao, H.-H. Shuai, and L.-C. Wang, “Eavesdropping prevention for
ecosystem/, online; accessed 29 January 2019. heterogeneous internet of things systems,” in 2018 15th IEEE Annual

VOLUME x, 2019 19

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

Consumer Communications & Networking Conference (CCNC). IEEE, 2017 IFIP/IEEE Symposium on Integrated Network and Service Man-
2018, pp. 1–2. agement (IM). IEEE, 2017, pp. 772–777.
[26] APWG, “Phishing Activity Trends Report,” https://docs.apwg.org/ [50] Z. Shae and J. J. Tsai, “On the design of a blockchain platform for
reports/apwg_trends_report_q4_2017.pdf//, online;accessed 12 Feburary clinical trial and precision medicine,” in 2017 IEEE 37th International
2019. Conference on Distributed Computing Systems (ICDCS). IEEE, 2017,
[27] C. Li and C. Chen, “A multi-stage control method application in the pp. 1972–1980.
fight against phishing attacks,” Proceeding of the 26th computer security [51] M. A. Salahuddin, A. Al-Fuqaha, M. Guizani, K. Shuaib, and F. Sallabi,
academic communication across the country, p. 145, 2011. “Softwarization of internet of things infrastructure for secure and smart
[28] C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “Ddos in the iot: healthcare,” arXiv preprint arXiv:1805.11011, 2018.
Mirai and other botnets,” Computer, vol. 50, no. 7, pp. 80–84, 2017. [52] D. Wilson and G. Ateniese, “From pretty good to great: Enhancing pgp
[29] S. Bandyopadhyay, M. Sengupta, S. Maiti, and S. Dutta, “A survey of using bitcoin and the blockchain,” in International conference on network
middleware for internet of things,” in Recent trends in wireless and and system security. Springer, 2015, pp. 368–375.
mobile networks. Springer, 2011, pp. 288–296. [53] Y. Zhang and J. Wen, “An iot electric business model based on the proto-
[30] Q. Zhang and X. Wang, “Sql injections through back-end of rfid system,” col of bitcoin,” in 2015 18th International Conference on Intelligence in
in 2009 International Symposium on Computer Network and Multimedia Next Generation Networks. IEEE, 2015, pp. 184–191.
Technology. IEEE, 2009, pp. 1–4. [54] Y. R. Kafle, K. Mahmud, S. Morsalin, and G. E. Town, “Towards an
[31] R. Dorai and V. Kannan, “Sql injection-database attack revolution and internet of energy,” in 2016 IEEE International Conference on Power
prevention,” J. Int’l Com. L. & Tech., vol. 6, p. 224, 2011. System Technology (POWERCON), Sep. 2016, pp. 1–6.
[32] M. A. Razzaque, M. Milojevic-Jevric, A. Palade, and S. Clarke, “Mid- [55] Ó. Blanco-Novoa, T. Fernández-Caramés, P. Fraga-Lamas, and
dleware for internet of things: a survey,” IEEE Internet of things journal, L. Castedo, “An electricity price-aware open-source smart socket for the
vol. 3, no. 1, pp. 70–95, 2016. internet of energy,” Sensors, vol. 17, no. 3, p. 643, 2017.
[33] acunetix, “Insecure Deserialization,” https://www.acunetix.com/blog/ [56] T. Lundqvist, A. De Blanche, and H. R. H. Andersson, “Thing-to-thing
articles/owasp-top-10-2017/, online; accessed 09 Feburary 2019. electricity micro payments using blockchain technology,” in 2017 Global
[34] J. Kumar, B. Rajendran, B. Bindhumadhava, and N. S. C. Babu, “Xml Internet of Things Summit (GIoTS). IEEE, 2017, pp. 1–6.
wrapping attack mitigation using positional token,” in 2017 International [57] A. Lei, H. Cruickshank, Y. Cao, P. Asuquo, C. P. A. Ogah, and Z. Sun,
Conference on Public Key Infrastructure and its Applications (PKIA). “Blockchain-based dynamic key management for heterogeneous intel-
IEEE, 2017, pp. 36–42. ligent transportation systems,” IEEE Internet of Things Journal, vol. 4,
no. 6, pp. 1832–1843, 2017.
[35] ws attacks, “Attack subtypes,” https://www.ws-attacks.org/XML_
Signature_Wrapping, online; accessed 09 Feburary 2019. [58] S. Huh, S. Cho, and S. Kim, “Managing iot devices using blockchain
platform,” in 2017 19th international conference on advanced communi-
[36] C. Fife, “Securing the IoT Gateway,” https://www.citrix.com/blogs/2015/
cation technology (ICACT). IEEE, 2017, pp. 464–467.
07/24/securing-the-iot-gateway/, online; accessed 09 Feburary 2019.
[59] M. Samaniego and R. Deters, “Internet of smart things-iost: Using
[37] A. Stanciu, T.-C. Balan, C. Gerigan, and S. Zamfir, “Securing the iot
blockchain and clips to make things autonomous,” in 2017 IEEE Inter-
gateway based on the hardware implementation of a multi pattern search
national Conference on Cognitive Computing (ICCC). IEEE, 2017, pp.
algorithm,” in 2017 International Conference on Optimization of Electri-
9–16.
cal and Electronic Equipment (OPTIM) & 2017 Intl Aegean Conference
[60] T. Muhammed, R. Mehmood, A. Albeshri, and I. Katib, “Ubehealth: A
on Electrical Machines and Power Electronics (ACEMP). IEEE, 2017,
personalized ubiquitous cloud and edge-enabled networked healthcare
pp. 1001–1006.
system for smart cities,” IEEE Access, vol. 6, pp. 32 258–32 285, 2018.
[38] S.-C. Cha, J.-F. Chen, C. Su, and K.-H. Yeh, “A blockchain connected
[61] R. K. Barik, H. Dubey, and K. Mankodiya, “Soa-fog: secure service-
gateway for ble-based devices in the internet of things,” IEEE Access,
oriented edge computing architecture for smart health big data analytics,”
vol. 6, pp. 24 639–24 649, 2018.
in 2017 IEEE Global Conference on Signal and Information Processing
[39] S. N. Swamy, D. Jadhav, and N. Kulkarni, “Security threats in the (GlobalSIP). IEEE, 2017, pp. 477–481.
application layer in iot applications,” in 2017 International Conference on
[62] D. Singh, G. Tripathi, A. M. Alberti, and A. Jara, “Semantic edge
I-SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC). IEEE,
computing and iot architecture for military health services in battlefield,”
2017, pp. 477–480.
in 2017 14th IEEE Annual Consumer Communications & Networking
[40] H. A. Abdul-Ghani, D. Konstantas, and M. Mahyoub, “A comprehen- Conference (CCNC). IEEE, 2017, pp. 185–190.
sive iot attacks survey based on a building-blocked reference model,” [63] Y. Li and S. Wang, “An energy-aware edge server placement algorithm
International Journal of Advanced Computer Science and Applications in mobile edge computing,” in 2018 IEEE International Conference on
(IJACSA), vol. 9, no. 3, 2018. Edge Computing (EDGE). IEEE, 2018, pp. 66–73.
[41] M. Kumar, “How to Hack WiFi Password from Smart [64] C. Pan, M. Xie, and J. Hu, “Enzyme: An energy-efficient transient
Doorbells,” http://thehackernews.com/2016/01/doorbell-hacking- computing paradigm for ultralow self-powered iot edge devices,” IEEE
wifi-pasword.html//. Transactions on Computer-Aided Design of Integrated Circuits and Sys-
[42] A. Chapman, “Analysing the attack surface,” http://www.contextis.com/ tems, vol. 37, no. 11, pp. 2440–2450, 2018.
resources/blog/hacking-internet-connected-light-bulbs//, online; Feb. 1, [65] Y. Huang, Y. Lu, F. Wang, X. Fan, J. Liu, and V. C. Leung, “An edge
2016. computing framework for real-time monitoring in smart grid,” in 2018
[43] N. Kshetri, “Can blockchain strengthen the internet of things?” IT pro- IEEE International Conference on Industrial Internet (ICII). IEEE, 2018,
fessional, vol. 19, no. 4, pp. 68–72, 2017. pp. 99–108.
[44] W. Wang, P. Xu, and L. T. Yang, “Secure data collection, storage and [66] E. Oyekanlu, C. Nelatury, A. O. Fatade, O. Alaba, and O. Abass, “Edge
access in cloud-assisted iot,” IEEE Cloud Computing, vol. 5, no. 4, pp. computing for industrial iot and the smart grid: Channel capacity for m2m
77–88, 2018. communication over the power line,” in 2017 IEEE 3rd International
[45] S. Suhail, C. S. Hong, Z. U. Ahmad, F. Zafar, and A. Khan, “Introducing Conference on Electro-Technology for National Development (NIGER-
secure provenance in iot: Requirements and challenges,” in 2016 Interna- CON). IEEE, 2017, pp. 1–11.
tional Workshop on Secure Internet of Things (SIoT). IEEE, 2016, pp. [67] S. He, B. Cheng, H. Wang, Y. Huang, and J. Chen, “Proactive per-
39–46. sonalized services through fog-cloud computing in large-scale iot-based
[46] L. Xiao, X. Wan, X. Lu, Y. Zhang, and D. Wu, “Iot security techniques healthcare application,” China Communications, vol. 14, no. 11, pp. 1–
based on machine learning: how do iot devices use ai to enhance secu- 16, 2017.
rity?” IEEE Signal Processing Magazine, vol. 35, no. 5, pp. 41–49, 2018. [68] S. K. Sood and I. Mahajan, “A fog-based healthcare framework for
[47] K. Christidis and M. Devetsikiotis, “Blockchains and smart contracts for chikungunya,” IEEE Internet of Things Journal, vol. 5, no. 2, pp. 794–
the internet of things,” Ieee Access, vol. 4, pp. 2292–2303, 2016. 801, 2018.
[48] T. Swanson, “Consensus-as-a-service: a brief report on the emergence of [69] F. A. Kraemer, A. E. Braten, N. Tamkittikhun, and D. Palma, “Fog
permissioned, distributed ledger systems,” Report, available online, Apr, computing in healthcare–a review and discussion,” IEEE Access, vol. 5,
2015. pp. 9206–9222, 2017.
[49] T. Bocek, B. B. Rodrigues, T. Strasser, and B. Stiller, “Blockchains [70] L. Gu, D. Zeng, S. Guo, A. Barnawi, and Y. Xiang, “Cost efficient re-
everywhere-a use-case of blockchains in the pharma supply-chain,” in source management in fog computing supported medical cyber-physical

20 VOLUME x, 2019

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

system,” IEEE Transactions on Emerging Topics in Computing, vol. 5, [91] M. N. Aman, K. C. Chua, and B. Sikdar, “Mutual authentication in iot
no. 1, pp. 108–119, 2017. systems using physical unclonable functions,” IEEE Internet of Things
[71] J. Ni, A. Zhang, X. Lin, and X. S. Shen, “Security, privacy, and fairness Journal, vol. 4, no. 5, pp. 1327–1340, 2017.
in fog-based vehicular crowdsensing,” IEEE Communications Magazine, [92] ——, “Secure data provenance for the internet of things,” in Proceedings
vol. 55, no. 6, pp. 146–152, 2017. of the ACM International Workshop on IoT Privacy, Trust, and Security.
[72] E. K. Markakis, K. Karras, N. Zotos, A. Sideris, T. Moysiadis, A. Cor- ACM, 2017, pp. 11–14.
saro, G. Alexiou, C. Skianis, G. Mastorakis, C. X. Mavromoustakis [93] M. N. Aman, B. Sikdar, K. C. Chua, and A. Ali, “Low power data
et al., “Exegesis: Extreme edge resource harvesting for a virtualized fog integrity in iot systems,” IEEE Internet of Things Journal, vol. 5, no. 4,
environment,” IEEE Communications Magazine, vol. 55, no. 7, pp. 173– pp. 3102–3113, 2018.
179, 2017. [94] M. N. Aman, S. Taneja, B. Sikdar, K. C. Chua, and M. Alioto, “Token-
[73] T. H. Luan, L. Gao, Z. Li, Y. Xiang, G. Wei, and L. Sun, “Fog computing: based security for the internet of things with dynamic energy-quality
Focusing on mobile users at the edge,” arXiv preprint arXiv:1502.01815, tradeoff,” IEEE Internet of Things Journal, 2018.
2015. [95] M. N. Aman, M. H. Basheer, and B. Sikdar, “Two-factor authentication
[74] O. T. T. Kim, N. D. Tri, N. H. Tran, C. S. Hong et al., “A shared parking for iot with location information,” IEEE Internet of Things Journal, 2018.
model in vehicular network using fog and cloud environment,” in 2015 [96] P. Gope and B. Sikdar, “Lightweight and privacy-preserving two-factor
17th Asia-Pacific Network Operations and Management Symposium authentication scheme for iot devices,” IEEE Internet of Things Journal,
(APNOMS). IEEE, 2015, pp. 321–326. vol. 6, no. 1, pp. 580–589, 2019.
[97] M. N. Aman and B. Sikdar, “Att-auth: A hybrid protocol for industrial iot
[75] S. Basudan, X. Lin, and K. Sankaranarayanan, “A privacy-preserving
attestation with authentication,” IEEE Internet of Things Journal, vol. 5,
vehicular crowdsensing-based road surface condition monitoring system
no. 6, pp. 5119–5131, 2018.
using fog computing,” IEEE Internet of Things Journal, vol. 4, no. 3, pp.
[98] O. Novo, “Blockchain meets iot: An architecture for scalable access
772–782, 2017.
management in iot,” IEEE Internet of Things Journal, vol. 5, no. 2, pp.
[76] H. Dubey, A. Monteiro, N. Constant, M. Abtahi, D. Borthakur, L. Mahler, 1184–1195, April 2018.
Y. Sun, Q. Yang, U. Akbar, and K. Mankodiya, “Fog computing in med- [99] P. Lv, L. Wang, H. Zhu, W. Deng, and L. Gu, “An iot-oriented privacy-
ical internet-of-things: Architecture, implementation, and applications,” preserving publish/subscribe model over blockchains,” IEEE Access,
in Handbook of Large-Scale Distributed Computing in Smart Healthcare. vol. 7, pp. 41 309–41 314, Jan 2019.
Springer, 2017, pp. 281–321.
[100] U. Javaid, M. N. Aman, and B. Sikdar, “Blockpro: Blockchain based data
[77] A. M. Rahmani, T. N. Gia, B. Negash, A. Anzanpour, I. Azimi, M. Jiang, provenance and integrity for secure iot environments,” in Proceedings
and P. Liljeberg, “Exploiting smart e-health gateways at the edge of of the 1st Workshop on Blockchain-enabled Networked Sensor Systems.
healthcare internet-of-things: A fog computing approach,” Future Gen- ACM, 2018, pp. 13–18.
eration Computer Systems, vol. 78, pp. 641–658, 2018. [101] K. Valtanen, J. Backman, and S. Yrjölä, “Blockchain-powered value
[78] Y. Cao, P. Hou, D. Brown, J. Wang, and S. Chen, “Distributed analytics creation in the 5g and smart grid use cases,” IEEE Access, vol. 7, pp.
and edge intelligence: Pervasive health monitoring at the era of fog 25 690–25 707, Feb 2019.
computing,” in Proceedings of the 2015 Workshop on Mobile Big Data. [102] U. Javaid, A. K. Siang, M. N. Aman, and B. Sikdar, “Mitigating lot device
ACM, 2015, pp. 43–48. based ddos attacks using blockchain,” in Proceedings of the 1st Workshop
[79] W. Shi and S. Dustdar, “The promise of edge computing,” Computer, on Cryptocurrencies and Blockchains for Distributed Systems. ACM,
vol. 49, no. 5, pp. 78–81, 2016. 2018, pp. 71–76.
[80] T. N. Gia, M. Jiang, A.-M. Rahmani, T. Westerlund, P. Liljeberg, and [103] K. R. Ozyilmaz and A. Yurdakul, “Designing a blockchain-based iot
H. Tenhunen, “Fog computing in healthcare internet of things: A case with ethereum, swarm, and lora: The software solution to create high
study on ecg feature extraction,” in 2015 IEEE International Conference availability with minimal security risks,” IEEE Consumer Electronics
on Computer and Information Technology. IEEE, 2015, pp. 356–363. Magazine, vol. 8, no. 2, pp. 28–34, March 2019.
[81] A. V. Dastjerdi and R. Buyya, “Fog computing: Helping the internet of [104] V. Sharma, “An energy-efficient transaction model for the blockchain-
things realize its potential,” Computer, vol. 49, no. 8, pp. 112–116, 2016. enabled internet of vehicles (iov),” IEEE Communications Letters,
[82] M. A. Al Faruque and K. Vatanparvar, “Energy management-as-a-service vol. 23, no. 2, pp. 246–249, Feb 2019.
over fog computing platform,” IEEE internet of things journal, vol. 3, [105] P. K. Sharma, M. Chen, and J. H. Park, “A software defined fog node
no. 2, pp. 161–169, 2016. based distributed blockchain cloud architecture for iot,” IEEE Access,
[83] S. Gao, Z. Peng, B. Xiao, Q. Xiao, and Y. Song, “Scop: Smart- vol. 6, pp. 115–124, Mar 2018.
phone energy saving by merging push services in fog computing,” in [106] Y. Yu, Y. Li, J. Tian, and J. Liu, “Blockchain-based solutions to security
2017 IEEE/ACM 25th International Symposium on Quality of Service and privacy issues in the internet of things,” IEEE Wireless Communica-
(IWQoS). IEEE, 2017, pp. 1–10. tions, vol. 25, no. 6, pp. 12–18, December 2018.
[84] W. Shi, J. Cao, Q. Zhang, Y. Li, and L. Xu, “Edge computing: Vision and [107] U. Javaid, M. N. Aman, and B. Sikdar, “Drivman: Driving trust manage-
challenges,” IEEE Internet of Things Journal, vol. 3, no. 5, pp. 637–646, ment and data sharing in vanets with blockchain and smart contracts,” in
2016. Proceedings of IEEE Vehicular Technology Conference. IEEE, 2019,
pp. 1–6.
[85] I. Kotenko, I. Saenko, and A. Branitskiy, “Framework for mobile internet
[108] D. Miller, “Blockchain and the internet of things in the industrial sector,”
of things security monitoring based on big data processing and machine
IT Professional, vol. 20, no. 3, pp. 15–18, 2018.
learning,” IEEE Access, vol. 6, pp. 72 714–72 723, 2018.
[109] H. Orman, “Blockchain: The emperors new pki?” IEEE Internet Com-
[86] P. K. Chan and R. P. Lippmann, “Machine learning for computer secu- puting, vol. 22, no. 2, pp. 23–28, 2018.
rity,” Journal of Machine Learning Research, vol. 7, no. Dec, pp. 2669– [110] T. Aste, P. Tasca, and T. Di Matteo, “Blockchain technologies: The
2672, 2006. foreseeable impact on society and industry,” computer, vol. 50, no. 9,
[87] B. Chatterjee, D. Das, S. Maity, and S. Sen, “Rf-puf: Enhancing iot pp. 18–28, 2017.
security through authentication of wireless nodes using in-situ machine [111] R. Henry, A. Herzberg, and A. Kate, “Blockchain access privacy: chal-
learning,” IEEE Internet of Things Journal, vol. 6, no. 1, pp. 388–398, lenges and directions,” IEEE Security & Privacy, vol. 16, no. 4, pp. 38–45,
2019. 2018.
[88] K. Merchant, S. Revay, G. Stantchev, and B. Nousain, “Deep learning [112] T. T. A. Dinh, R. Liu, M. Zhang, G. Chen, B. C. Ooi, and J. Wang,
for rf device fingerprinting in cognitive communication networks,” IEEE “Untangling blockchain: A data processing view of blockchain systems,”
Journal of Selected Topics in Signal Processing, vol. 12, no. 1, pp. 160– IEEE Transactions on Knowledge and Data Engineering, vol. 30, no. 7,
167, 2018. pp. 1366–1385, 2018.
[89] C. Mercer, “How machine learning will change society,” [113] B. DICKSON, “How blockchain can change the future of IoT,”
https://www.techworld.com/picture-gallery/tech-innovation/5-ways- https://venturebeat.com/2016/11/20/how-blockchain-can-change-the-
machine-learning-will-change-society-3666674//, online;. future-of-iot/, online; accessed 27 April 2019.
[90] M. Chen, Y. Hao, K. Hwang, L. Wang, and L. Wang, “Disease prediction [114] D. He, S. Chan, and M. Guizani, “Security in the internet of things
by machine learning over big data from healthcare communities,” Ieee supported by mobile edge computing,” IEEE Communications Magazine,
Access, vol. 5, pp. 8869–8879, 2017. vol. 56, no. 8, pp. 56–61, 2018.

VOLUME x, 2019 21

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

[115] O. Alphand, M. Amoretti, T. Claeys, S. Dall’Asta, A. Duda, G. Ferrari, Proceedings of the 2016 ACM SIGSAC Conference on Computer and
F. Rousseau, B. Tourancheau, L. Veltri, and F. Zanichelli, “Iotchain: A Communications Security. ACM, 2016, pp. 192–203.
blockchain security architecture for the internet of things,” in 2018 IEEE [138] J. Zhang, Q. Li, X. Wang, B. Feng, and D. Guo, “Towards fast and
Wireless Communications and Networking Conference (WCNC). IEEE, lightweight spam account detection in mobile social networks through
2018, pp. 1–6. fog computing,” Peer-to-Peer Networking and Applications, vol. 11,
[116] D. Koo, Y. Shin, J. Yun, and J. Hur, “An online data-oriented authen- no. 4, pp. 778–792, 2018.
tication based on merkle tree with improved reliability,” in 2017 IEEE [139] A. Alrawais, A. Alhothaily, C. Hu, X. Xing, and X. Cheng, “An attribute-
International Conference on Web Services (ICWS). IEEE, 2017, pp. based encryption scheme to secure fog communications,” IEEE access,
840–843. vol. 5, pp. 9131–9138, 2017.
[117] J. Wang, M. Li, Y. He, H. Li, K. Xiao, and C. Wang, “A blockchain based [140] A. Alotaibi, A. Barnawi, and M. Buhari, “Attribute-based secure data
privacy-preserving incentive mechanism in crowdsensing applications,” sharing with efficient revocation in fog computing,” Journal of Informa-
IEEE Access, vol. 6, pp. 17 545–17 556, 2018. tion Security, vol. 8, no. 03, p. 203, 2017.
[118] M. C. Muñoz, M. Moh, and T.-S. Moh, “Improving smart grid security [141] Y. Jiang, W. Susilo, Y. Mu, and F. Guo, “Ciphertext-policy attribute-
using merkle trees,” in 2014 IEEE Conference on Communications and based encryption against key-delegation abuse in fog computing,” Future
Network Security. IEEE, 2014, pp. 522–523. Generation Computer Systems, vol. 78, pp. 720–729, 2018.
[119] Oodles, “Will IOTA Blockchain Solution Secure Internet of Things [142] Z. Yu, M. H. Au, Q. Xu, R. Yang, and J. Han, “Towards leakage-
Ecosystem? ,” https://blockchain.oodles.io/blog/blockchain-solution- resilient fine-grained access control in fog computing,” Future Generation
iota-iot-security/, online; Jan. 30 ,2019. Computer Systems, vol. 78, pp. 763–777, 2018.
[120] J. Ni, K. Zhang, X. Lin, and X. S. Shen, “Securing fog computing [143] C.-C. Lee, C.-T. Li, S.-T. Chiu, and S.-D. Chen, “Time-bound key-
for internet of things applications: Challenges and solutions,” IEEE aggregate encryption for cloud storage,” Security and Communication
Communications Surveys & Tutorials, vol. 20, no. 1, pp. 601–628, 2018. Networks, vol. 9, no. 13, pp. 2059–2069, 2016.
[121] V. K. Sehgal, A. Patrick, A. Soni, and L. Rajput, “Smart human security
[144] X. Yang, F. Yin, and X. Tang, “A fine-grained and privacy-preserving
framework using internet of things, cloud and fog computing,” in Intelli-
query scheme for fog computing-enhanced location-based service,” Sen-
gent distributed computing. Springer, 2015, pp. 251–263.
sors, vol. 17, no. 7, p. 1611, 2017.
[122] S. Sarkar and S. Misra, “Theoretical modelling of fog computing: A green
[145] P. Rizomiliotis and S. Gritzalis, “Oram based forward privacy preserving
computing paradigm to support iot applications,” Iet Networks, vol. 5,
dynamic searchable symmetric encryption schemes,” in Proceedings of
no. 2, pp. 23–29, 2016.
the 2015 ACM Workshop on Cloud Computing Security Workshop.
[123] B. Varghese, N. Wang, D. S. Nikolopoulos, and R. Buyya, “Feasibility of
ACM, 2015, pp. 65–76.
fog computing,” arXiv preprint arXiv:1701.05451, 2017.
[146] S. Chandrasekhar and M. Singhal, “Efficient and scalable query authenti-
[124] S. Yi, C. Li, and Q. Li, “A survey of fog computing: concepts, applica-
cation for cloud-based storage systems with multiple data sources,” IEEE
tions and issues,” in Proceedings of the 2015 workshop on mobile big
Transactions on Services Computing, vol. 10, no. 4, pp. 520–533, 2017.
data. ACM, 2015, pp. 37–42.
[147] Q. Jiang, J. Ma, F. Wei, Y. Tian, J. Shen, and Y. Yang, “An untraceable
[125] I. Agenda, “IoT and big data analytics,” https://internetofthingsagenda.
temporal-credential-based two-factor authentication scheme using ecc for
techtarget.com//, online; November. 3, 2018.
wireless sensor networks,” Journal of Network and Computer Applica-
[126] A. Mitra, “Smart Contracts and Blockchain,” https://www.
tions, vol. 76, pp. 37–48, 2016.
thesecuritybuddy.com//, online; November. 3, 2018.
[148] P. Hu, H. Ning, T. Qiu, H. Song, Y. Wang, and X. Yao, “Security
[127] A. Alrawais, A. Alhothaily, C. Hu, and X. Cheng, “Fog computing
and privacy preservation scheme of face identification and resolution
for the internet of things: Security and privacy issues,” IEEE Internet
framework using fog computing in internet of things,” IEEE Internet of
Computing, vol. 21, no. 2, pp. 34–42, 2017.
Things Journal, vol. 4, no. 5, pp. 1143–1155, 2017.
[128] G. Zhuo, Q. Jia, L. Guo, M. Li, and P. Li, “Privacy-preserving verifiable
data aggregation and analysis for cloud-assisted mobile crowdsourcing,” [149] C. Li, Z. Qin, E. Novak, and Q. Li, “Securing sdn infrastructure of iot–
in IEEE INFOCOM 2016-The 35th Annual IEEE International Confer- fog networks from mitm attacks,” IEEE Internet of Things Journal, vol. 4,
ence on Computer Communications. IEEE, 2016, pp. 1–9. no. 5, pp. 1156–1164, 2017.
[129] S. D. Gordon, J. Katz, F.-H. Liu, E. Shi, and H.-S. Zhou, “Multi-client [150] J. Zhou, X. Lin, X. Dong, and Z. Cao, “Psmpa: Patient self-
verifiable computation with stronger security guarantees,” in Theory of controllable and multi-level privacy-preserving cooperative authentica-
Cryptography Conference. Springer, 2015, pp. 144–168. tion in distributedm-healthcare cloud computing system,” IEEE Transac-
[130] K. Elkhiyaoui, M. Önen, M. Azraoui, and R. Molva, “Efficient techniques tions on Parallel and Distributed Systems, vol. 26, no. 6, pp. 1693–1703,
for publicly verifiable delegation of computation,” in Proceedings of 2015.
the 11th ACM on Asia Conference on Computer and Communications [151] D. Pointcheval and O. Sanders, “Short randomizable signatures,” in
Security. ACM, 2016, pp. 119–128. Cryptographers’ Track at the RSA Conference. Springer, 2016, pp. 111–
[131] B. Cavallo, G. Di Crescenzo, D. Kahrobaei, and V. Shpilrain, “Efficient 126.
and secure delegation of group exponentiation to a single server,” in [152] S. Salonikias, I. Mavridis, and D. Gritzalis, “Access control issues in
International Workshop on Radio Frequency Identification: Security and utilizing fog computing for transport infrastructure,” in International
Privacy Issues. Springer, 2015, pp. 156–173. Conference on Critical Information Infrastructures Security. Springer,
[132] T. Wang, J. Zeng, M. Z. A. Bhuiyan, H. Tian, Y. Cai, Y. Chen, and 2015, pp. 15–26.
B. Zhong, “Trajectory privacy preservation based on a fog structure for [153] J. Ni, X. Lin, K. Zhang, Y. Yu, and X. S. Shen, “Device-invisible two-
cloud location services,” IEEE Access, vol. 5, pp. 7692–7701, 2017. factor authenticated key agreement protocol for byod,” in 2016 IEEE/CIC
[133] L. Li, R. Lu, K.-K. R. Choo, A. Datta, and J. Shao, “Privacy-preserving- International Conference on Communications in China (ICCC). IEEE,
outsourced association rule mining on vertically partitioned databases,” 2016, pp. 1–6.
IEEE Transactions on Information Forensics and Security, vol. 11, no. 8, [154] J. Ni, K. Zhang, K. Alharbi, X. Lin, N. Zhang, and X. S. Shen, “Dif-
pp. 1847–1861, 2016. ferentially private smart metering with fault tolerance and range-based
[134] X. Liu, R. H. Deng, Y. Yang, H. N. Tran, and S. Zhong, “Hybrid privacy- filtering,” IEEE Transactions on Smart Grid, vol. 8, no. 5, pp. 2483–2493,
preserving clinical decision support system in fog–cloud computing,” 2017.
Future Generation Computer Systems, vol. 78, pp. 825–837, 2018. [155] R. Lu, K. Heung, A. H. Lashkari, and A. A. Ghorbani, “A lightweight
[135] M. Abadi, A. Chu, I. Goodfellow, H. B. McMahan, I. Mironov, K. Talwar, privacy-preserving data aggregation scheme for fog computing-enhanced
and L. Zhang, “Deep learning with differential privacy,” in Proceedings of iot,” IEEE Access, vol. 5, pp. 3302–3312, 2017.
the 2016 ACM SIGSAC Conference on Computer and Communications [156] H. Wang, Z. Wang, and J. Domingo-Ferrer, “Anonymous and secure
Security. ACM, 2016, pp. 308–318. aggregation scheme in fog-based public cloud computing,” Future Gen-
[136] T. Zhang and Q. Zhu, “Dynamic differential privacy for admm-based eration Computer Systems, vol. 78, pp. 712–719, 2018.
distributed classification learning,” IEEE Transactions on Information [157] J. Zhou, Z. Cao, X. Dong, and X. Lin, “Security and privacy in cloud-
Forensics and Security, vol. 12, no. 1, pp. 172–187, 2017. assisted wireless wearable communications: Challenges, solutions, and
[137] Z. Qin, Y. Yang, T. Yu, I. Khalil, X. Xiao, and K. Ren, “Heavy hit- future directions,” IEEE wireless Communications, vol. 22, no. 2, pp.
ter estimation over set-valued data with local differential privacy,” in 136–144, 2015.

22 VOLUME x, 2019

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

[158] J. Ni, K. Zhang, X. Lin, and X. S. Shen, “Edat: Efficient data aggregation [181] L. Xiao, Q. Yan, W. Lou, G. Chen, and Y. T. Hou, “Proximity-based secu-
without ttp for privacy-assured smart metering,” in 2016 IEEE interna- rity techniques for mobile users in wireless networks,” IEEE Transactions
tional conference on communications (ICC). IEEE, 2016, pp. 1–6. on Information Forensics and Security, vol. 8, no. 12, pp. 2089–2100,
[159] J. Ni, X. Lin, K. Zhang, and Y. Yu, “Secure and deduplicated spatial 2013.
crowdsourcing: A fog-based approach,” in 2016 IEEE Global Commu- [182] L. Xiao, Y. Li, G. Han, G. Liu, and W. Zhuang, “Phy-layer spoofing
nications Conference (GLOBECOM). IEEE, 2016, pp. 1–6. detection with reinforcement learning in wireless networks,” IEEE Trans-
[160] X. Liang, X. Lin, and X. S. Shen, “Enabling trustworthy service evalu- actions on Vehicular Technology, vol. 65, no. 12, pp. 10 037–10 047,
ation in service-oriented mobile social networks,” IEEE Transactions on 2016.
Parallel and Distributed Systems, vol. 25, no. 2, pp. 310–320, 2014. [183] M. Ozay, I. Esnaola, F. T. Y. Vural, S. R. Kulkarni, and H. V. Poor,
[161] D. J. Wu, A. Taly, A. Shankar, and D. Boneh, “Privacy, discovery, and “Machine learning methods for attack detection in the smart grid,” IEEE
authentication for the internet of things,” in European Symposium on transactions on neural networks and learning systems, vol. 27, no. 8, pp.
Research in Computer Security. Springer, 2016, pp. 301–319. 1773–1786, 2016.
[162] M. Agrawal and P. Mishra, “A comparative survey on symmetric key [184] C. Shi, J. Liu, H. Liu, and Y. Chen, “Smart user authentication through
encryption techniques,” International Journal on Computer Science and actuation of daily activities leveraging wifi-enabled iot,” in Proceedings
Engineering, vol. 4, no. 5, p. 877, 2012. of the 18th ACM International Symposium on Mobile Ad Hoc Network-
[163] H. M. Hamad and M. Al-Hoby, “Managing intrusion detection as a ing and Computing. ACM, 2017, p. 5.
service in cloud networks,” Managing intrusion detection as a service in [185] L. Xiao, X. Wan, and Z. Han, “Phy-layer authentication with multiple
cloud networks, vol. 41, no. 1, 2012. landmarks with reduced overhead,” IEEE Transactions on Wireless Com-
[164] S. Chandrasekhar and M. Singhal, “Efficient and scalable query authenti- munications, vol. 17, no. 3, pp. 1676–1687, 2018.
cation for cloud-based storage systems with multiple data sources,” IEEE [186] Z. Yan, P. Zhang, and A. V. Vasilakos, “A survey on trust management for
Transactions on Services Computing, vol. 10, no. 4, pp. 520–533, 2017. internet of things,” Journal of network and computer applications, vol. 42,
[165] V. Odelu, A. K. Das, M. Wazid, and M. Conti, “Provably secure authenti- pp. 120–134, 2014.
cated key agreement scheme for smart grid,” IEEE Transactions on Smart [187] C. Li and G. Wang, “A light-weight commodity integrity detection
Grid, vol. 9, no. 3, pp. 1900–1910, 2018. algorithm based on chinese remainder theorem,” in 2012 IEEE 11th
[166] A. Wasef and X. Shen, “Emap: Expedite message authentication protocol International Conference on Trust, Security and Privacy in Computing
for vehicular ad hoc networks,” IEEE transactions on Mobile Computing, and Communications. IEEE, 2012, pp. 1018–1023.
vol. 12, no. 1, pp. 78–89, 2013. [188] K. Spirina, “Biometric Authentication: The Future of IoT Secu-
[167] Q. Jiang, J. Ma, F. Wei, Y. Tian, J. Shen, and Y. Yang, “An untraceable rity Solutions,” https://www.iotevolutionworld.com/iot/articles/438690-
temporal-credential-based two-factor authentication scheme using ecc for biometric-authentication-future-iot-security-solutions.htm, online; ac-
wireless sensor networks,” Journal of Network and Computer Applica- cessed 09 Feburary 2019.
tions, vol. 76, pp. 37–48, 2016. [189] A. I. Awad, “Machine learning techniques for fingerprint identification:
[168] P. Hu, H. Ning, T. Qiu, H. Song, Y. Wang, and X. Yao, “Security A short review,” in International Conference on Advanced Machine
and privacy preservation scheme of face identification and resolution Learning Technologies and Applications. Springer, 2012, pp. 524–531.
framework using fog computing in internet of things,” IEEE Internet of [190] N. A. Alias and N. H. M. Radzi, “Fingerprint classification using support
Things Journal, vol. 4, no. 5, pp. 1143–1155, 2017. vector machine,” in 2016 Fifth ICT International Student Project Confer-
[169] C. Li, Z. Qin, E. Novak, and Q. Li, “Securing sdn infrastructure of iot– ence (ICT-ISPC). IEEE, 2016, pp. 105–108.
fog networks from mitm attacks,” IEEE Internet of Things Journal, vol. 4, [191] R. Oulhiq, S. Ibntahir, M. Sebgui, and Z. Guennoun, “A fingerprint
no. 5, pp. 1156–1164, 2017. recognition framework using artificial neural network,” in 2015 10th In-
[170] C.-K. Chu, S. S. Chow, W.-G. Tzeng, J. Zhou, and R. H. Deng, “Key- ternational Conference on Intelligent Systems: Theories and Applications
aggregate cryptosystem for scalable data sharing in cloud storage,” IEEE (SITA). IEEE, 2015, pp. 1–6.
transactions on parallel and distributed systems, vol. 25, no. 2, pp. 468– [192] M. B. Mollah, M. A. K. Azad, and A. Vasilakos, “Secure data sharing and
477, 2014. searching at the edge of cloud-assisted internet of things,” IEEE Cloud
[171] P. Rizomiliotis and S. Gritzalis, “Oram based forward privacy preserving Computing, vol. 4, no. 1, pp. 34–42, Jan 2017.
dynamic searchable symmetric encryption schemes,” in Proceedings of [193] M. Alrowaily and Z. Lu, “Secure edge computing in iot systems: Review
the 2015 ACM Workshop on Cloud Computing Security Workshop. and case studies,” in 2018 IEEE/ACM Symposium on Edge Computing
ACM, 2015, pp. 65–76. (SEC). IEEE, 2018, pp. 440–444.
[172] M. Naveed, M. Prabhakaran, and C. A. Gunter, “Dynamic searchable [194] G. Premsankar, M. Di Francesco, and T. Taleb, “Edge computing for the
encryption via blind storage,” in 2014 IEEE Symposium on Security and internet of things: A case study,” IEEE Internet of Things Journal, vol. 5,
Privacy. IEEE, 2014, pp. 639–654. no. 2, pp. 1275–1284, April 2018.
[173] D. Boneh, E.-J. Goh, and K. Nissim, “Evaluating 2-dnf formulas on [195] L. Rosencrance, “6 significant issues that edge computing in IoT solves,”
ciphertexts,” in Theory of Cryptography Conference. Springer, 2005, https://internetofthingsagenda.techtarget.com/feature/6-significant-
pp. 325–341. issues-that-edge-computing-in-IoT-solves, online; Jan. 26 ,2019.
[174] P. Paillier, “Public-key cryptosystems based on composite degree resid- [196] N. Abbas, Y. Zhang, A. Taherkordi, and T. Skeie, “Mobile edge com-
uosity classes,” in International Conference on the Theory and Applica- puting: A survey,” IEEE Internet of Things Journal, vol. 5, no. 1, pp.
tions of Cryptographic Techniques. Springer, 1999, pp. 223–238. 450–465, Feb 2018.
[175] B. Cavallo, G. Di Crescenzo, D. Kahrobaei, and V. Shpilrain, “Efficient [197] R. Ullah, S. H. Ahmed, and B. Kim, “Information-centric networking
and secure delegation of group exponentiation to a single server,” in with edge computing for iot: Research challenges and future directions,”
International Workshop on Radio Frequency Identification: Security and IEEE Access, vol. 6, pp. 73 465–73 488, 2018.
Privacy Issues. Springer, 2015, pp. 156–173. [198] W. Gao, W. G. Hatcher, and W. Yu, “A survey of blockchain: Techniques,
[176] C. Papamanthou, E. Shi, and R. Tamassia, “Signatures of correct com- applications, and challenges,” in 2018 27th International Conference on
putation,” in Theory of Cryptography Conference. Springer, 2013, pp. Computer Communication and Networks (ICCCN). IEEE, 2018, pp.
222–242. 1–11.
[177] S. G. Choi, J. Katz, R. Kumaresan, and C. Cid, “Multi-client non-
interactive verifiable computation,” in Theory of Cryptography Confer-
ence. Springer, 2013, pp. 499–518.
[178] K. Pavani and A. Damodaram, “Intrusion detection using mlp for
manets,” in Third International Conference on Computational Intelli-
gence and Information Technology (CIIT 2013), Oct 2013, pp. 440–444.
[179] R. V. Kulkarni and G. K. Venayagamoorthy, “Neural network based
secure media access control protocol for wireless sensor networks,” in
2009 International Joint Conference on Neural Networks. IEEE, 2009,
pp. 1680–1687.
[180] L. Xiao, C. Xie, T. Chen, H. Dai, and H. V. Poor, “A mobile offloading
game against smart attacks,” IEEE Access, vol. 4, pp. 2281–2291, 2016.

VOLUME x, 2019 23

Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures

VIKAS HASSIJA is currently an Assistant Pro- PRANAV GOYAL is currently working as a sum-
fessor at Jaypee Institute of Information and tech- mer intern at Birla Institute of Technology and Sci-
nology (JIIT) , Noida. He received his B.tech de- ence (BITS), Pilani and is expecting B.tech degree
gree from M.D.U University, Rohtak, India, 2010 from Jaypee Institute of Information and Technol-
and M.S. degree in Telecommunications and Soft- ogy, in 2020. He has completed few projects on
ware engineering from Birla Institute of Technol- blockchain applications and machine leaning. His
ogy and Science (BITS), Pilani, India in 2014. areas of interest include distributed computing,
He is currently pursuing Phd from JIIT in IoT IoT and data analytics.
security and blockchain. He has 8 years of industry
experience and has worked with various telecom-
munication companies like Tech Mahindra and Accenture. His research
interests include IoT security, Network security, Blockchain and distributed
computing. BIPLAB SIKDAR [S’98, M’02, SM’09] received
the B.Tech. degree in electronics and communica-
tion engineering from North Eastern Hill Univer-
sity, Shillong, India, in 1996, the M.Tech. degree
VINAY CHAMOLA received his B.E. degree in in electrical engineering from the Indian Institute
electrical electronics engineeerig and Master’s of Technology, Kanpur, India, in 1998, and the
degree in communication engineering from Birla Ph.D. degree in electrical engineering from the
Institute of Technology Science (BITS), Pilani, Rensselaer Polytechnic Institute, Troy, NY, USA,
India in 2010 and 2013 respectively. He received in 2001. He is currently an Associate Professor
his Ph.D. degree in electrical and computer en- with the Department of Electrical and Computer
gineering from the National University of Singa- Engineering, National University of Singapore, Singapore. His research
pore, Singapore, in 2016. From June to Aug. 2015, interests include wireless MAC protocols, transport protocols, network
he was a visiting researcher at the Autonomous security, and queuing theory.
Networks Research Group (ANRG) at University
of Southern California (USC), USA. Currently he is a Research Fellow at
the National University of Singapore. His research interests include solar
powered cellular networks, energy efficiency in cellular networks, internet
of things, and networking issues in cyberphysical systems.

VIKAS SAXENA is currently Professor and head

of computer science and information technology
department at Jaypee Institute of Information and
Technology, Noida, India. He received his B.tech
degree from IET, MJP Rohilkhand University,
Breilly, india in 2000, the M.E degree from VJTI,
Mumbai, India, in 2002, and the Ph.D. degree
in CSE from Jaypee Institute of Information and
Technology, in 2009. He is having more than 17
years of experience of teaching and research. His
research interests include image processing, blockchain, computer vision,
software engineering and multimedia. Dr. Vikas served as Publicity Co-
Chair in the International Conference IC3-2008, India conducted by JIIT
and University of Florida, USA.

DIVYANSH JAIN is currently working as a sum-

mer intern at Birla Institute of Technology and Sci-
ence (BITS), Pilani and is expecting B.tech degree
from Jaypee Institute of Information and Tech-
nology, in 2020. He has completed few projects
on deep learning, blockchain and artificial intel-
ligence. His areas of interest include distributed
algorithms, and data structures.

24 VOLUME x, 2019

This work is licensed under a Creative Commons Attribution 3.0 License. For more information, see http://creativecommons.org/licenses/by/3.0/.

03-04-24 April
No ratings yet
03-04-24 April
26 pages
IFS Applications 10 Release Notes - Update 26
No ratings yet
IFS Applications 10 Release Notes - Update 26
120 pages
Creating a Security Framework for IoT Devices Against Cyber Threats
No ratings yet
Creating a Security Framework for IoT Devices Against Cyber Threats
53 pages
A Comprehensive and Systematic
No ratings yet
A Comprehensive and Systematic
43 pages
Power BI Class Notes
No ratings yet
Power BI Class Notes
18 pages
Vizard Materials
No ratings yet
Vizard Materials
130 pages
Qualification-Exam-System (1)
No ratings yet
Qualification-Exam-System (1)
39 pages
Exam Simul Course Catalogue 24/25
No ratings yet
Exam Simul Course Catalogue 24/25
12 pages
Mobile Application Development Lab Manual
No ratings yet
Mobile Application Development Lab Manual
61 pages
s11277-020-07649-9
No ratings yet
s11277-020-07649-9
27 pages
Internet of things Survey on security
No ratings yet
Internet of things Survey on security
22 pages
Security, Privacy & Trust in Internet of Things
No ratings yet
Security, Privacy & Trust in Internet of Things
68 pages
4
No ratings yet
4
20 pages
Vulnerability Classification
No ratings yet
Vulnerability Classification
41 pages
SecuritychallengesinIoT Springer
No ratings yet
SecuritychallengesinIoT Springer
25 pages
PiUS 3.0 Manual_English
No ratings yet
PiUS 3.0 Manual_English
14 pages
Electronics 12 00088
No ratings yet
Electronics 12 00088
20 pages
1 s2.0 S2542660522000592 Main
No ratings yet
1 s2.0 S2542660522000592 Main
24 pages
SOP goa police clearance application
No ratings yet
SOP goa police clearance application
9 pages
Sensors 22 07433 v3
No ratings yet
Sensors 22 07433 v3
51 pages
Career Councelling
No ratings yet
Career Councelling
48 pages
70 341 PDF
No ratings yet
70 341 PDF
38 pages
Chapter 4 Using Excel as Database
No ratings yet
Chapter 4 Using Excel as Database
4 pages
Internet of Things (IoT) Security Intelligence- A Comprehensive Overview, Machine Learning Solutions and Research Directions
No ratings yet
Internet of Things (IoT) Security Intelligence- A Comprehensive Overview, Machine Learning Solutions and Research Directions
17 pages
Eliminate the Shadow : IT Solutions to Secure the Looming Threat of the Internet of Things
No ratings yet
Eliminate the Shadow : IT Solutions to Secure the Looming Threat of the Internet of Things
11 pages
TTK IEEE
No ratings yet
TTK IEEE
6 pages
Internet of Things Security A Top Down Survey
No ratings yet
Internet of Things Security A Top Down Survey
23 pages
ICS - 103 - Practice Questions
No ratings yet
ICS - 103 - Practice Questions
15 pages
Docnumero 9
No ratings yet
Docnumero 9
21 pages
Research
No ratings yet
Research
20 pages
Dot Net Module-3 Notes
No ratings yet
Dot Net Module-3 Notes
33 pages
Document From Ρενέ
No ratings yet
Document From Ρενέ
9 pages
An Efficient Multi-Objective Particle Swarm Optimization Based Ranking System For Cloud Service Selection
No ratings yet
An Efficient Multi-Objective Particle Swarm Optimization Based Ranking System For Cloud Service Selection
24 pages
A_Survey_on_Security_and_Privacy_Issues_in_Internet-of-Things
No ratings yet
A_Survey_on_Security_and_Privacy_Issues_in_Internet-of-Things
9 pages
Future Generation Computer Systems: Kewei Sha Wei Wei T. Andrew Yang Zhiwei Wang Weisong Shi
No ratings yet
Future Generation Computer Systems: Kewei Sha Wei Wei T. Andrew Yang Zhiwei Wang Weisong Shi
12 pages
A Review of Security in Internet of Things
No ratings yet
A Review of Security in Internet of Things
20 pages
BP 20C25 20C25 Brochure 3
No ratings yet
BP 20C25 20C25 Brochure 3
8 pages
A Survey of IoT Authentication Schemes
No ratings yet
A Survey of IoT Authentication Schemes
43 pages
23-Submission+362+pp+124-131
No ratings yet
23-Submission+362+pp+124-131
8 pages
A Survey On Security in Internet of Things With A Focus On The Impact of Emerging Technologies - Elsevier Enhanced Reader
No ratings yet
A Survey On Security in Internet of Things With A Focus On The Impact of Emerging Technologies - Elsevier Enhanced Reader
24 pages
Frustaci 2017
No ratings yet
Frustaci 2017
13 pages
Report 19
No ratings yet
Report 19
20 pages
A Survey On Security and Privacy Issues in Internet-of-Things
No ratings yet
A Survey On Security and Privacy Issues in Internet-of-Things
9 pages
Cybersecurity Threats in The Internet of Things (Iot) : Apurv Parashar
No ratings yet
Cybersecurity Threats in The Internet of Things (Iot) : Apurv Parashar
8 pages
Resume of Eve
No ratings yet
Resume of Eve
5 pages
glpi-telegram-full
No ratings yet
glpi-telegram-full
4 pages
Security Considerations For Internet of Things: A Survey
No ratings yet
Security Considerations For Internet of Things: A Survey
19 pages
E-Tutorial - TRACES PDF Generation Utility
No ratings yet
E-Tutorial - TRACES PDF Generation Utility
25 pages
IOT Tasks
No ratings yet
IOT Tasks
9 pages
Evaluating Critical Security Issues of The IoT World: Present and Future Challenges
No ratings yet
Evaluating Critical Security Issues of The IoT World: Present and Future Challenges
13 pages
Systematic Review of Internet of Things Security: Amiruddin Amiruddin, Anak Agung Putri Ratna, and Riri Fitri Sari
No ratings yet
Systematic Review of Internet of Things Security: Amiruddin Amiruddin, Anak Agung Putri Ratna, and Riri Fitri Sari
8 pages
Training Design-Matrix School Backyard Camping Jan2018
No ratings yet
Training Design-Matrix School Backyard Camping Jan2018
5 pages
1 s2.0 S2772918424000237 Main
No ratings yet
1 s2.0 S2772918424000237 Main
18 pages
SkillMaster Official
No ratings yet
SkillMaster Official
15 pages
Gulzar 2019
No ratings yet
Gulzar 2019
6 pages
Alaba Othman Et Al 2017 Internet of Things - Survey
No ratings yet
Alaba Othman Et Al 2017 Internet of Things - Survey
19 pages
Sensors 23 04117 v2
No ratings yet
Sensors 23 04117 v2
46 pages
An 13563
No ratings yet
An 13563
47 pages
Research Project Report
No ratings yet
Research Project Report
9 pages
FALLSEM2018-19 - MAT5009 - TH - TT531 - VL2018191004951 - Reference Material I - 18 - Forward and Backward Analysis
No ratings yet
FALLSEM2018-19 - MAT5009 - TH - TT531 - VL2018191004951 - Reference Material I - 18 - Forward and Backward Analysis
12 pages
InternetofThingsSecurityASurvey
No ratings yet
InternetofThingsSecurityASurvey
5 pages
Cloud Services Ranking Based On Qos Attributes: Ntroduction
No ratings yet
Cloud Services Ranking Based On Qos Attributes: Ntroduction
7 pages
Analyzing Security Approaches For Threats Vulnerabilities and Attacks in An IoT Environment
No ratings yet
Analyzing Security Approaches For Threats Vulnerabilities and Attacks in An IoT Environment
7 pages
Abomhara 2014
No ratings yet
Abomhara 2014
8 pages
A Survey On Security Issues and Secure Frameworks in Internet of Things IoT
No ratings yet
A Survey On Security Issues and Secure Frameworks in Internet of Things IoT
9 pages
On The Security Aspects of Internet of Things: A Systematic Literature Review
No ratings yet
On The Security Aspects of Internet of Things: A Systematic Literature Review
14 pages
1 s2.0 S1877050918321379 Main
No ratings yet
1 s2.0 S1877050918321379 Main
5 pages
IoT Arch PDF
No ratings yet
IoT Arch PDF
32 pages
E3sconf Icsdg2023 01048
No ratings yet
E3sconf Icsdg2023 01048
8 pages
Internet of Things Security and Forensics Concern and Challenges
No ratings yet
Internet of Things Security and Forensics Concern and Challenges
6 pages
The Effect of Iot New Features On Security and Privacy: New Threats, Existing Solutions, and Challenges Yet To Be Solved
No ratings yet
The Effect of Iot New Features On Security and Privacy: New Threats, Existing Solutions, and Challenges Yet To Be Solved
11 pages
Wa0002.
No ratings yet
Wa0002.
28 pages
19 - Evaluating Critical Security Issues of The IoT World, Present and Future Challenges
No ratings yet
19 - Evaluating Critical Security Issues of The IoT World, Present and Future Challenges
13 pages
Paper 50-Security Issues in The Internet of Things
No ratings yet
Paper 50-Security Issues in The Internet of Things
7 pages
Release Notes
No ratings yet
Release Notes
3 pages
E-Books Palace Campus Books: EBSCO Management Database
No ratings yet
E-Books Palace Campus Books: EBSCO Management Database
8 pages
A Review on Cybersecurity Challenges in IoT Devices
No ratings yet
A Review on Cybersecurity Challenges in IoT Devices
7 pages
Security and Privacy in The Internet of Things Current Status and Open Issues
No ratings yet
Security and Privacy in The Internet of Things Current Status and Open Issues
8 pages
Security Threats in Iot: Vision, Technologies & Research Challenges
No ratings yet
Security Threats in Iot: Vision, Technologies & Research Challenges
10 pages
Apple Warranty Coverage Check IMEICheck.com
No ratings yet
Apple Warranty Coverage Check IMEICheck.com
1 page
Batch9 DataSecurityInIot
No ratings yet
Batch9 DataSecurityInIot
19 pages
DBMS Chapter 9
No ratings yet
DBMS Chapter 9
3 pages
Data-Analyst2 - Template 18
No ratings yet
Data-Analyst2 - Template 18
1 page
Technical Product Guide, Tricon v9.4 PDF
No ratings yet
Technical Product Guide, Tricon v9.4 PDF
88 pages
Recent Developments in IoT Security and Privacy: A Review of Best Practices with Challenges and Emerging Solutions
No ratings yet
Recent Developments in IoT Security and Privacy: A Review of Best Practices with Challenges and Emerging Solutions
7 pages
22CST201-Programming in C Syllabus
No ratings yet
22CST201-Programming in C Syllabus
2 pages
A Survey On IoT Security Application Areas Security Threats and Solution Architectures
No ratings yet
A Survey On IoT Security Application Areas Security Threats and Solution Architectures
23 pages
Security in IoT
100% (1)
Security in IoT
8 pages
DQLab - Python Practice Chapter List
No ratings yet
DQLab - Python Practice Chapter List
4 pages
Foreign Publishers Indian Publishers Doabooks PDF Drive Free Ebooks Gutenberg Many Books Open Culture Kobo
0% (1)
Foreign Publishers Indian Publishers Doabooks PDF Drive Free Ebooks Gutenberg Many Books Open Culture Kobo
3 pages
Apps Table-Query Main
No ratings yet
Apps Table-Query Main
11 pages
Security, Privacy and Trust in Internet of Things The Road Ahead PDF
No ratings yet
Security, Privacy and Trust in Internet of Things The Road Ahead PDF
19 pages
7CS081 Advanced Security Protocols
No ratings yet
7CS081 Advanced Security Protocols
13 pages
SMART DEFENSES: MACHINE LEARNING-BASED PROACTIVE CYBER ATTACK DETECTION IN IOT SYSTEMS
No ratings yet
SMART DEFENSES: MACHINE LEARNING-BASED PROACTIVE CYBER ATTACK DETECTION IN IOT SYSTEMS
5 pages
SAP ABAP Central - Data Migration - Using A Single Program To Upload Any Database Table
No ratings yet
SAP ABAP Central - Data Migration - Using A Single Program To Upload Any Database Table
8 pages
Condition Based Maintenance Optimization Considering Multiple Objectives
100% (1)
Condition Based Maintenance Optimization Considering Multiple Objectives
9 pages
IoT Applications and Use Cases
From Everand
IoT Applications and Use Cases
Houcem2028
No ratings yet
Botnet Attack Detection in the Internet of Things Using Selected Learning Algorithms: A Research Study on Securing IoT Against Cyber Threats Using Machine Learning
From Everand
Botnet Attack Detection in the Internet of Things Using Selected Learning Algorithms: A Research Study on Securing IoT Against Cyber Threats Using Machine Learning
Bolakale Aremu
5/5 (1)

A Survey On Iot Security: Application Areas, Security Threats, and Solution Architectures

Uploaded by

A Survey On Iot Security: Application Areas, Security Threats, and Solution Architectures

Uploaded by

This article has been accepted for publication in a future issue of this journal, but has not been

A Survey on IoT Security: Application

I. INTRODUCTION of IoT. In future, the devices are not only expected to be

FIGURE 1: Present and Future Architecture of IoT.

TABLE 1: Comparison of Security of IT devices and IoT devices.

Widespread IT Security IoT security

TABLE 2: Related Surveys on IoT Security

5. Smart Retail: IoT applications are being extensively

FIGURE 3: Types of Attacks on IoT.

applications. ture [45].

FIGURE 5: Working process of Blockchain

TABLE 4: Challenges in IoT and Possible Blockchain Solution

Challenge Towards IoT Specification Possible Blockchain Solution

FIGURE 6: Basic Blockchain Architecture.

goal is to enhance security, prevent data thefts, minimize the

D. SOLUTIONS PROVIDED BY FOG COMPUTING TO

TABLE 5: Characteristics and Solutions provided by Fog Computing

Characterstics Solutions Provided By Fog

have been proposed in [170]. A. SOLUTIONS PROVIDED BY ML TO OVERCOME

which are discussed below.

VIKAS SAXENA is currently Professor and head

DIVYANSH JAIN is currently working as a sum-

You might also like