scispace - formally typeset
Search or ask a question
Journal ArticleDOI

A Survey on Internet of Things: Security and Privacy Issues

26 Mar 2014-International Journal of Computer Applications (Foundation of Computer Science (FCS))-Vol. 90, Iss: 11, pp 20-26
TL;DR: This survey summarizes the security threats and privacy concerns of IoT.
Abstract: This paper introduces Internet of Things (IoTs), which offers capabilities to identify and connect worldwide physical objects into a unified system. As a part of IoTs, serious concerns are raised over access of personal information pertaining to device and individual privacy. This survey summarizes the security threats and privacy concerns of IoT..

Content maybe subject to copyright    Report

Citations
More filters
Proceedings ArticleDOI
07 Jun 2015
TL;DR: This paper gives an introduction to industrial IoT systems, the related security and privacy challenges, and an outlook on possible solutions towards a holistic security framework for Industrial IoT systems.
Abstract: Today, embedded, mobile, and cyberphysical systems are ubiquitous and used in many applications, from industrial control systems, modern vehicles, to critical infrastructure. Current trends and initiatives, such as "Industrie 4.0" and Internet of Things (IoT), promise innovative business models and novel user experiences through strong connectivity and effective use of next generation of embedded devices. These systems generate, process, and exchange vast amounts of security-critical and privacy-sensitive data, which makes them attractive targets of attacks. Cyberattacks on IoT systems are very critical since they may cause physical damage and even threaten human lives. The complexity of these systems and the potential impact of cyberattacks bring upon new threats. This paper gives an introduction to Industrial IoT systems, the related security and privacy challenges, and an outlook on possible solutions towards a holistic security framework for Industrial IoT systems.

761 citations


Cites background from "A Survey on Internet of Things: Sec..."

  • ...Figure 2) [12, 37, 74, 65, 33, 73, 2, 71, 30]....

    [...]

  • ...With the increasing number of interconnected CPPS and the possibility to use Big Data techniques to analyze data collected by CPPS, privacy becomes a fundamental aspect [42, 30]....

    [...]

  • ...The foundation of Industrial IoT are cyberphsical systems (CPS), which are computing platforms that monitor and control physical processes [30]....

    [...]

Journal ArticleDOI
01 Feb 2018
TL;DR: This paper surveys the security of the main IoT frameworks, and shows that the same standards used for securing communications, whereas different methodologies followed for providing other security properties are shown.
Abstract: The Internet of Things (IoT) is heavily affecting our daily lives in many domains, ranging from tiny wearable devices to large industrial systems. Consequently, a wide variety of IoT applications have been developed and deployed using different IoT frameworks. An IoT framework is a set of guiding rules, protocols, and standards which simplify the implementation of IoT applications. The success of these applications mainly depends on the ecosystem characteristics of the IoT framework, with the emphasis on the security mechanisms employed in it, where issues related to security and privacy are pivotal. In this paper, we survey the security of the main IoT frameworks, a total of 8 frameworks are considered. For each framework, we clarify the proposed architecture, the essentials of developing third-party smart apps, the compatible hardware, and the security features. Comparing security architectures shows that the same standards used for securing communications, whereas different methodologies followed for providing other security properties.

616 citations


Cites background from "A Survey on Internet of Things: Sec..."

  • ...Authors in [17], [18] addressed the security and privacy issues in IoT at each layer identified in the 3-layer architecture [3]....

    [...]

Journal ArticleDOI
TL;DR: This survey aims to shape a coherent and comprehensive picture of the current state-of-the-art efforts in this direction by starting with fundamental working principles of blockchains and how blockchain-based systems achieve the characteristics of decentralization, security, and auditability.
Abstract: The blockchain technology has revolutionized the digital currency space with the pioneering cryptocurrency platform named Bitcoin. From an abstract perspective, a blockchain is a distributed ledger capable of maintaining an immutable log of transactions happening in a network. In recent years, this technology has attracted significant scientific interest in research areas beyond the financial sector, one of them being the Internet of Things (IoT). In this context, the blockchain is seen as the missing link toward building a truly decentralized, trustless, and secure environment for the IoT and, in this survey, we aim to shape a coherent and comprehensive picture of the current state-of-the-art efforts in this direction. We start with fundamental working principles of blockchains and how blockchain-based systems achieve the characteristics of decentralization, security, and auditability. From there, we build our narrative on the challenges posed by the current centralized IoT models, followed by recent advances made both in industry and research to solve these challenges and effectively use blockchains to provide a decentralized, secure medium for the IoT.

553 citations


Cites background from "A Survey on Internet of Things: Sec..."

  • ...Other issues associated with a centralized model are of security [76], [77], data privacy [78] and the trust inherently required in using centralized servers [79]....

    [...]

Journal ArticleDOI
TL;DR: A comprehensive survey of ML methods and recent advances in DL methods that can be used to develop enhanced security methods for IoT systems and presents the opportunities, advantages and shortcomings of each method.
Abstract: The Internet of Things (IoT) integrates billions of smart devices that can communicate with one another with minimal human intervention. IoT is one of the fastest developing fields in the history of computing, with an estimated 50 billion devices by the end of 2020. However, the crosscutting nature of IoT systems and the multidisciplinary components involved in the deployment of such systems have introduced new security challenges. Implementing security measures, such as encryption, authentication, access control, network and application security for IoT devices and their inherent vulnerabilities is ineffective. Therefore, existing security methods should be enhanced to effectively secure the IoT ecosystem. Machine learning and deep learning (ML/DL) have advanced considerably over the last few years, and machine intelligence has transitioned from laboratory novelty to practical machinery in several important applications. Consequently, ML/DL methods are important in transforming the security of IoT systems from merely facilitating secure communication between devices to security-based intelligence systems. The goal of this work is to provide a comprehensive survey of ML methods and recent advances in DL methods that can be used to develop enhanced security methods for IoT systems. IoT security threats that are related to inherent or newly introduced threats are presented, and various potential IoT system attack surfaces and the possible threats related to each surface are discussed. We then thoroughly review ML/DL methods for IoT security and present the opportunities, advantages and shortcomings of each method. We discuss the opportunities and challenges involved in applying ML/DL to IoT security. These opportunities and challenges can serve as potential future research directions.

543 citations


Cites background from "A Survey on Internet of Things: Sec..."

  • ...For example, Surveys [11]–[17] reviewed extant research and classified the challenges in encryption, authentication, access control, network security and application security in IoT systems....

    [...]

  • ...For example, Surveys [13-19] reviewed extant research and classified the challenges in encryption, authentication, access control, network security and application security in IoT systems....

    [...]

Journal ArticleDOI
TL;DR: A comprehensive top down survey of the most recent proposed security and privacy solutions in IoT in terms of flexibility and scalability and a general classification of existing solutions is given.

432 citations


Cites background from "A Survey on Internet of Things: Sec..."

  • ...In [14, 74, 127, 137, 108, 66], authors underlined the security challenges and issues in IoT without discussing the various solutions proposed for these challenges....

    [...]

References
More filters
Journal ArticleDOI
TL;DR: This survey is directed to those who want to approach this complex discipline and contribute to its development, and finds that still major issues shall be faced by the research community.

12,539 citations

Journal ArticleDOI
TL;DR: The fields of application for IoT technologies are as numerous as they are diverse, as IoT solutions are increasingly extending to virtually all areas of everyday.
Abstract: It has been next to impossible in the past months not to come across the term ‘‘Internet of Things’’ (IoT) one way or another. Especially the past year has seen a tremendous surge of interest in the Internet of Things. Consortia have been formed to define frameworks and standards for the IoT. Companies have started to introduce numerous IoTbased products and services. And a number of IoT-related acquisitions have been making the headlines, including, e.g., the prominent takeover of Nest by Google for $3.2 billion and the subsequent acquisitions of Dropcam by Nest and of SmartThings by Samsung. Politicians as well as practitioners increasingly acknowledge the Internet of Things as a real business opportunity, and estimates currently suggest that the IoT could grow into a market worth $7.1 trillion by 2020 (IDC 2014). While the term Internet of Things is now more and more broadly used, there is no common definition or understanding today of what the IoT actually encompasses. The origins of the term date back more than 15 years and have been attributed to the work of the Auto-ID Labs at the Massachusetts Institute of Technology (MIT) on networked radio-frequency identification (RFID) infrastructures (Atzori et al. 2010; Mattern and Floerkemeier 2010). Since then, visions for the Internet of Things have been further developed and extended beyond the scope of RFID technologies. The International Telecommunication Union (ITU) for instance now defines the Internet of Things as ‘‘a global infrastructure for the Information Society, enabling advanced services by interconnecting (physical and virtual) things based on, existing and evolving, interoperable information and communication technologies’’ (ITU 2012). At the same time, a multitude of alternative definitions has been proposed. Some of these definitions exhibit an emphasis on the things which become connected in the IoT. Other definitions focus on Internet-related aspects of the IoT, such as Internet protocols and network technology. And a third type centers on semantic challenges in the IoT relating to, e.g., the storage, search and organization of large volumes of information (Atzori et al. 2010). The fields of application for IoT technologies are as numerous as they are diverse, as IoT solutions are increasingly extending to virtually all areas of everyday. The most prominent areas of application include, e.g., the smart industry, where the development of intelligent production systems and connected production sites is often discussed under the heading of Industry 4.0. In the smart home or building area, intelligent thermostats and security systems are receiving a lot of attention, while smart energy applications focus on smart electricity, gas and water meters. Smart transport solutions include, e.g., vehicle fleet tracking and mobile ticketing, while in the smart health area, topics such as patients’ surveillance and chronic disease management are being addressed. And in the context of Accepted after one revision by Prof. Dr. Sinz.

3,499 citations

Journal ArticleDOI
TL;DR: This paper surveys context awareness from an IoT perspective and addresses a broad range of techniques, methods, models, functionalities, systems, applications, and middleware solutions related to context awareness and IoT.
Abstract: As we are moving towards the Internet of Things (IoT), the number of sensors deployed around the world is growing at a rapid pace. Market research has shown a significant growth of sensor deployments over the past decade and has predicted a significant increment of the growth rate in the future. These sensors continuously generate enormous amounts of data. However, in order to add value to raw sensor data we need to understand it. Collection, modelling, reasoning, and distribution of context in relation to sensor data plays critical role in this challenge. Context-aware computing has proven to be successful in understanding sensor data. In this paper, we survey context awareness from an IoT perspective. We present the necessary background by introducing the IoT paradigm and context-aware fundamentals at the beginning. Then we provide an in-depth analysis of context life cycle. We evaluate a subset of projects (50) which represent the majority of research and commercial solutions proposed in the field of context-aware computing conducted over the last decade (2001-2011) based on our own taxonomy. Finally, based on our evaluation, we highlight the lessons to be learnt from the past and some possible directions for future research. The survey addresses a broad range of techniques, methods, models, functionalities, systems, applications, and middleware solutions related to context awareness and IoT. Our goal is not only to analyse, compare and consolidate past research work but also to appreciate their findings and discuss their applicability towards the IoT.

2,542 citations


"A Survey on Internet of Things: Sec..." refers background in this paper

  • ...1 Definition of Internet of Things [1]....

    [...]

  • ...In addition, we identified several open issues related to the security and privacy that need to be addressed by research community to make a secure and trusted platform for the delivery of future Internet of Things....

    [...]

  • ...1, the IoTs allow people and things to be connected anytime, anyplace, with anything and anyone, ideally using any path/network and any service [1]....

    [...]

  • ...Internet of Things virtually is a network of real world systems with real-time interactions....

    [...]

  • ...what we want, and what we need and act accordingly without explicit instructions [1]....

    [...]

Journal ArticleDOI
TL;DR: The wireless communications stack the industry believes to meet the important criteria of power-efficiency, reliability and Internet connectivity, and the protocol stack proposed in the present work converges towards the standardized notations of the ISO/OSI and TCP/IP stacks is proposed.
Abstract: We have witnessed the Fixed Internet emerging with virtually every computer being connected today; we are currently witnessing the emergence of the Mobile Internet with the exponential explosion of smart phones, tablets and net-books. However, both will be dwarfed by the anticipated emergence of the Internet of Things (IoT), in which everyday objects are able to connect to the Internet, tweet or be queried. Whilst the impact onto economies and societies around the world is undisputed, the technologies facilitating such a ubiquitous connectivity have struggled so far and only recently commenced to take shape. To this end, this paper introduces in a timely manner and for the first time the wireless communications stack the industry believes to meet the important criteria of power-efficiency, reliability and Internet connectivity. Industrial applications have been the early adopters of this stack, which has become the de-facto standard, thereby bootstrapping early IoT developments with already thousands of wireless nodes deployed. Corroborated throughout this paper and by emerging industry alliances, we believe that a standardized approach, using latest developments in the IEEE 802.15.4 and IETF working groups, is the only way forward. We introduce and relate key embodiments of the power-efficient IEEE 802.15.4-2006 PHY layer, the power-saving and reliable IEEE 802.15.4e MAC layer, the IETF 6LoWPAN adaptation layer enabling universal Internet connectivity, the IETF ROLL routing protocol enabling availability, and finally the IETF CoAP enabling seamless transport and support of Internet applications. The protocol stack proposed in the present work converges towards the standardized notations of the ISO/OSI and TCP/IP stacks. What thus seemed impossible some years back, i.e., building a clearly defined, standards-compliant and Internet-compliant stack given the extreme restrictions of IoT networks, is commencing to become reality.

723 citations


"A Survey on Internet of Things: Sec..." refers methods in this paper

  • ...From the transport layer and an application perspective, the introduction of the IETF CoAP protocol family has been instrumental in ensuring that application layers and applications themselves do not need to be re-engineered to run over low-power embedded networks [3]....

    [...]

01 May 2000
TL;DR: This Glossary (191 pages of definitions and 13 pages of references) provides abbreviations, explanations, and recommendations for use of information system security terminology to improve the comprehensibility of writing that deals with Internet security, particularly Internet Standards documents (ISDs).
Abstract: This Glossary (191 pages of definitions and 13 pages of references) provides abbreviations, explanations, and recommendations for use of information system security terminology. The intent is to improve the comprehensibility of writing that deals with Internet security, particularly Internet Standards documents (ISDs). To avoid confusion, ISDs should use the same term or definition whenever the same concept is mentioned. To improve international understanding, ISDs should use terms in their plainest, dictionary sense. ISDs should use terms established in standards documents and other well-founded publications and should avoid substituting private or newly made-up terms. ISDs should avoid terms that are proprietary or otherwise favor a particular vendor, or that create a bias toward a particular security technology or mechanism versus other, competing techniques that already exist or might be developed in the future.

388 citations


"A Survey on Internet of Things: Sec..." refers background in this paper

  • ...Privacy Concerns in IOTs The Internet security glossary [9] defines privacy as "the right of an entity (normally a person), acting in its own behalf, to determine the degree to which it will interact with its environment, including the degree to which the entity is willing to share information about itself with others"....

    [...]