Internet of things (IoT) is realized by the idea of free flow of information amongst various low-power embedded devices that use the Internet to communicate with one another. It is predicted that the IoT will be widely deployed and will find applicability in various domains of life. Demands of IoT have lately attracted huge attention, and organizations are excited about the business value of the data that will be generated by deploying such networks. On the contrary, IoT has various security and privacy concerns for the end users that limit its proliferation. In this paper, we have identified, categorized, and discussed various security challenges and state-of-the-art efforts to resolve these challenges.
The emerging trends in embedded technologies and the Internet have enabled objects surrounding us to be interconnected with each other. We envision a future where IoT devices will be invisibly embedded in the environment around us and would be generating an enormous amount of data. These data would have to be saved and processed to make it understandable and useful.
An IoT model involves numerous actors which include mobile operators, software developers, access technology providers, and so on. The application domains of IoT are also very broad and such networks can be deployed in manufacturing, utility management, agriculture, and healthcare. IoT can be seen as the next generation interconnection paradigm which will enable connectivity among people’s devices and machines enabling actions to happen without human intervention. The success of the IoT world requires a merger of a different communication infrastructure. This has lead to the design of smart gateways to connect IoT devices with the traditional Internet. Most recent efforts are directed to interconnect IoT infrastructure and cloud computing which supplements the potentials of IoT.
Increasing complexity of IoT networks also magnifies the security challenges faced by such networks. The complexity of IoT networks is attributed to the huge amount of devices connected to the Internet along with huge data generated by these devices. Attacks in IoT are possible as the devices in the IoT network are an easy target for intrusion [
In this paper, we have discussed the state-of-the-art efforts to secure IoT networks and applications from the attacks and vulnerabilities briefly highlighted above. The IoT security challenges mainly fall under privacy in IoT, lightweight cryptographic framework for IoT, secure routing and forwarding in IoT, robustness and resilience management in IoT and DoS, and insider attack detection in IoT. Furthermore, we have identified and discussed open issues and challenges in each of the domains mentioned above.
The rest of the paper is organized as follows. Section
Privacy in IoT is a prime security issue that needs full attention from researchers in academia and industry. There is a dire need to propose protocols and management frameworks to handle privacy in IoT. IoT has become an integral part in various applications like remote patient monitoring, energy consumption control, traffic control, and smart parking system. In all of these applications, users require protection of personal information which is related to their movement, habits, and interactions with other people.
With regards to privacy in IoT, every solution or framework must address the following challenges:
In this section, we discuss existing efforts in the direction of ensuring privacy in IoT application especially body sensor networks.
Most recent work which addresses the security and privacy challenges of cloud-based IoT can be found in [
The authors in [
A detailed discussion on security threats and privacy in IoT architectures can be found in [
In [
Efforts in managing privacy for IoT by efficient data tagging through IFC (information flow control) tags can be found in [
In [
Enabling technologies for IoT privacy provisioning such as RFID can be found in [
In [
Medical sensor networks (MSNs) require efficient and reliable access control that is a crucial requirement to authorizing staff to access private medical data and ensure productive and dependable access control. The authors in [
In [
The authors in [
In [
The authors in [
In [
In [
Latest evaluations of IoT networks for security and privacy can be found in [
A comprehensive survey of privacy and trust issues in IoT can be found in [
In [
The research community has proposed protocols for ensuring privacy in IoT; such as in [
Some of the major open issues and/or future directions that are emerging in the domain of privacy for IoT are listed as follows:
IoT introduces new challenges in terms of energy and power consumption. It is desired that the cryptographic primitives designed for IoT should be lightweight. These primitives must consume fewer resources without compromising the required level of security. Hence, the research community has started focusing on lightweight cryptography. Properties of lightweight cryptography are discussed in ISO/IEC 29192 and ISO/IEC JTC 1/SC 27. There is also a project of lightweight cryptography (ISO/IEC 29192) under the process of standardization. Lightweight cryptography in ISO/IEC 29192 is described based on the target platform. Chip size and energy consumption are important measures to assess lightweight properties. Furthermore, small code and/or RAM size are preferable for lightweight applications in case of software implementation.
Given the constraints of hardware resources, there is a need to design a lightweight cryptographic framework for IoT. This can be achieved by proposing cryptographic primitives that need to be revisited and designed considering the constraints of IoT devices.
In this section, we discuss efforts in the direction of proposing a lightweight cryptographic framework for IoT.
The authors in [
In [
The authors in [
Lightweight key predistribution schemes can be found in [
The authors in [
Efforts in proposing a lightweight security framework can be found in [
Standard compliant security framework can be found in [
In [
In [
We have identified following shortcomings for potential future work directions in this area:
IP-based IoT inherits attack threats of IPv4. Some of these well-known attacks are black-hole attacks, sybil, spoofing, smurfing, eavesdropping, neighbor discovery, man-in-the-middle, rogue devices, and fragmentation attacks. This means IoT is in need of the same security measures as required for IPv4, as it is envisioned with IoT that the physical world will be connected with the Internet which leads to a wide variety of security concerns. Attack threats not only include manipulation of information but actual control of devices in IoT network. With more electronic systems, i.e., Modbus, SCADA becoming part of IP-based systems, a significant increase in attacks are expected. This adds new security threats as heterogeneous devices become part of the IoT network.
In a wireless mobile network, a route is established when route information is transmitted from node to node until the destination is found. Throughout this route maintenance phase, nodes are added or deleted. Furthermore, these nodes may unnecessarily delay transmission of control information, which usually is done by selfish or misbehaving nodes. During this phase of route setup and discovery, several attacks are possible by malicious nodes in routing information. For example, a certain node may introduce a routing table overflow attack by transmitting a huge amount of false route information to neighboring nodes which cause the neighbor’s routing table to overflow. Due to such actions, the table is filled with spurious routes and real routes are denied to occupy the routing table.
The key challenges in secure routing and forwarding are highlighted below:
In this section, we discuss efforts in the direction of secure routing and forwarding in IoT.
IoT not only requires provisioning of security services but often experiences problems in routing and forwarding the data. Securing a routing algorithm for IoT has become a crucial requirement. A comprehensive state of the art in securing routing for WSN can be found in [
In [
The authors in [
Advance security attacks in routing can be found in [
Secure multihop routing for IoT is proposed in [
There are several efforts where researchers have proposed trust-aware routing algorithms such as in [
Other such efforts in proposing a secure routing algorithm for IoT can be found in [
In addition to efforts in secure routing, there are proposals of detecting devastating attacks in IoT routing; such as in [
We have identified following shortcomings for potential future work directions in this area:
IoT network constitutes heterogeneous devices where managing such kind of network is not an easy task. Lately, researchers have focused their attention towards service-oriented architecture (SOA) for the management of IoT [
The key challenges in robustness and resilience management are highlighted below:
In this section, we discuss efforts in the direction of ensuring robustness in IoT network.
In [
Efforts in fault management can be found in [
In another work [
In [
People have approached the problem of ensuring robustness in IoT network by proposing protocols and network management framework. Faults in IoT network can occur due to either network attacks or depletion of energy. Efforts in tackling faults are numerous, and most of them have not considered the resource constraint nature of IoT devices. Centralizing the network view can ensure failures over IoT network to be controlled and provision fault-tolerant routing. As the decisions of routing will be concentrated on the controller, it will be possible to detect faults centrally. By detecting faults, decisions to divert the traffic to an alternative server or path will be carried out at the controller. Creative solutions that detect faults in a timely manner are required so that actions can be taken promptly to handle the situation by suggesting alternate possibilities.
Denial of service (DoS) attacks have devastating effects on IoT applications [
With IoT becoming an integral part of business applications. Businesses face a remarkable challenge of understanding and addressing risks of protecting themselves from a range of insider attacks. These attacks are usually launched by the use of devices that are unknown and remain undetectable and unmanaged by the IoT applications.
The key challenges in DoS and insider attacks are highlighted below:
In this section, we discuss efforts in countering DDoS and insider attacks in IoT.
Insider attacks have received attention from researchers such as in [
Efforts addressing DDoS attacks in IoT are discussed as follows. In [
A detailed description of IDS for IoT i.e., SCADA can be found in [
In [
In [
Most of the proposed frameworks for tackling DDoS and insider attacks are based on monitoring system and detection engine. Implementing a detection engine over IoT network is resource consuming as they are based on AI algorithms. Hence, novel lightweight solutions for detecting DoS attacks is required. Apart from novel lightweight solutions, emerging paradigm of SDN enables monitoring of network state from a central point called controller. By monitoring flows at the controller, it is possible to implement algorithms to detect DDoS attacks and malicious activities such as insider attack [
Comparison of challenges and open/future issues for different security requirements in IoT network.
Security requirements | Challenges | Open issues and future directions |
---|---|---|
Profiling and tracking | Comprehensive privacy-preserving frameworks | |
Privacy | Localization | Context-aware privacy policies |
Secure data transmission | Game theory based privacy-preserving incentives | |
Network virtualization and SDNs | ||
|
||
Confidentiality | Lightweight primitives | Efficient holistic frameworks |
Consume low resource | Utilization of SDNs for lightweight security provisioning | |
|
||
Secure routing | Secure route establishment | IoT network performance focused routing protocol design |
Isolation of malicious nodes | Effective and fine grained control over routing activities leveraging SDN | |
Self-stabilization of the security protocol | ||
Preservation of location privacy | ||
|
||
Robust and resilient management | Attack tolerance | SDN-based centralized management frameworks |
Early detection of attacks | ||
Quick recovery from failures | ||
|
||
Attack detection (DDOS and insider) | Resource efficient DoS attack detection | Lightweight solution for resource constraint device |
Resource efficient countermeasures | Centralized SDN detection and mitigation algorithms | |
Resource efficient insider attack detection |
In this paper, we have categorized and discussed the state-of-the-art work done in ensuring security in the IoT network. Efforts in privacy provisioning, lightweight cryptographic framework, secure routing and forwarding, robustness and resilience management, denial of service, and insider attack detection are discussed comprehensively. Privacy is crucial in IoT especially as the characteristics of such a network is different than the typical Internet network. Such issues and requirements are identified and discussed in this paper. Besides privacy for ensuring security in the IoT network, lightweight cryptographic primitives are required which are suited for IoT network. All the efforts in this direction are compiled and future actions are discussed.
In order to preserve privacy, context-aware techniques and lightweight protocols are proposed and most lately virtualization techniques are used to maintain the integrity of the data. For lightweight cryptographic primitives, novel solutions are required which should consume limited resources of an IoT mote. Apart from that, SDN solution offers to implement lightweight cryptographic solutions over IoT with the assistance of centralized routing carried at the SDN controller. IoT network experiences failures due to IoT nodes being subjected to heterogeneous kind of network attacks. Efforts in this direction are discussed with future insight. Faulty nodes within the IoT network can be experienced due to denial of service attacks launched by multiple coordinated nodes. Furthermore, such faults are prevalent due to frequent insider attack within the IoT network. To realize fault tolerance in IoT, centralized monitoring of the network state is required in order to timely react to counter faulty nodes within the network. Virtualization technology like SDN offers to centralize monitoring of the network which can assist in suggesting alternative servers or path to ensure consistent provisioning of service. As far as DDoS in IoT is concerned, lightweight detection engine suitable for IoT is required to detect and mitigate DDoS in a timely manner. Centralized monitoring enabled by SDN can assist in detecting DDoS and mitigate them within an IoT network.
For all of the security requirements, there is a need for a centralized management framework which can provide all the discussed security issues and requirements within the IoT network. SDN is a hot candidate which provides central configuration of the network by the controller which manages the network. Initial efforts in this direction can be found in [
The authors declare that they have no conflicts of interest.