Skip to main content
SpringerLink
Log in

A Review of Security in Internet of Things

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Internet of Things (IoT) has drawn significant attention in recent years since it has made revolutionary changes in human life. The IoT enables the exchange of information in a wide variety of applications such as smart buildings, smart health, smart transport, and so on. These diverse application domains can be unified into a single entity referred as smart life. The rapid evolution of the IoT has pushed a race between cyber-criminals and security experts. As billions of connected things communicate with each other and can exchange sensitive information that may be leaked. Hence, strengthening IoT’s security and preserving users’ privacy is a major challenge. This paper aims to provide a comprehensive study of the IoT security. Several IoT security attacks are analyzed, and a taxonomy of the security requirements based on the attacks’ purposes is proposed. Moreover, recent security solutions are described and classified based on their application domains. Finally, open research directions and security challenges are discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Gubbi, J., Buyya, R., Marusic, S., & Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems, 29(7), 1645.

    Article  Google Scholar 

  2. Yan, Z., Zhang, P., & Vasilakos, A. V. (2014). A survey on trust management for Internet of Things. Journal of Network and Computer Applications, 42, 120.

    Article  Google Scholar 

  3. Saif, I., Peasley, S., & Perinkolam, A. (2015). Safeguarding the Internet of Things: Being secure, vigilant, and resilient in the connected age. Deloitte Review, 17. https://www2.deloitte.com/insights/us/en/deloitte-review/issue-17/internet-of-things-data-security-and-privacy.html.

  4. Vermesan, O., & Friess, P. (2013). Internet of Things: Converging technologies for smart environments and integrated ecosystems. Aalborg: River Publishers.

    Google Scholar 

  5. Singh, S., & Singh, N. (2015). In 2015 International conference on Green computing and Internet of Things (ICGCIoT) (pp. 1577–1581). IEEE.

  6. Borgohain, T., Kumar, U., & Sanyal, S. (2015). Survey of security and privacy issues of Internet of Things. arXiv preprint arXiv:1501.02211.

  7. Jing, Q., Vasilakos, A. V., Wan, J., Lu, J., & Qiu, D. (2014). Security of the Internet of Things: Perspectives and challenges. Wireless Networks, 20(8), 2481.

    Article  Google Scholar 

  8. Cesare, S. (2014). Breaking the security of physical devices. Presentation at Blackhat, 14. http://regmedia.co.uk/2014/08/06/dfgvhbhjkui867ujk5ytghj.pdf.

  9. Andrea, I., Chrysostomou, C., & Hadjichristofi, G. (2015). In 2015 IEEE symposium on computers and communication (ISCC) (pp. 180–187). IEEE.

  10. Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud computing and Internet of Things: A survey. Future Generation Computer Systems, 56, 684.

    Article  Google Scholar 

  11. Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., & Ayyash, M. (2015). Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys & Tutorials, 17(4), 2347.

    Article  Google Scholar 

  12. Bormann, C., Castellani, A. P., & Shelby, Z. (2012). Coap: An application protocol for billions of tiny internet nodes. IEEE Internet Computing, 16(2), 62.

    Article  Google Scholar 

  13. Rghioui, A., Bouhorma, M., & Benslimane, A. (2013). In 2013 5th International conference on information and communication technology for the Muslim world (ICT4M) (pp. 1–5). IEEE.

  14. Ullah, S., Ali, M., Hussain, A. & Kwak, K. S. (2009). Applications of UWB technology. arXiv preprint arXiv:0911.1681.

  15. Madlmayr, G., Langer, J., Kantner, C., & Scharinger, J. (2008). In Third international conference on availability, reliability and security, 2008. ARES 08 (pp. 642–647). IEEE.

  16. Curran, K., Millar, A., & Garvey, C. Mc. (2012). Near field communication. International Journal of Electrical and Computer Engineering, 2(3), 371.

    Google Scholar 

  17. Cole, P. H., & Ranasinghe, D. C. (2007). Networked RFID Systems & lightweight cryptography. Berlin: Springer.

    Google Scholar 

  18. Eisenbarth, T., & Kumar, S. (2007). A survey of lightweight-cryptography implementations. IEEE Design & Test of Computers, 24(6), 522–533.

    Article  Google Scholar 

  19. Sfar, A. R., Natalizio, E., Challal, Y., & Chtourou, Z. (2017). A roadmap for security challenges in the Internet of Things. Digital Communications and Networks, 4, 118–137.

    Article  Google Scholar 

  20. Mendez, D. M., Papapanagiotou, I., & Yang, B. (2017). Internet of Things: Survey on security and privacy. arXiv preprint arXiv:1707.01879.

  21. Yang, Y., Wu, L., Yin, G., Li, L., & Zhao, H. (2017). A survey on security and privacy issues in Internet-of-Things. IEEE Internet of Things Journal, 4(5), 1250.

    Article  Google Scholar 

  22. Chahid, Y., Benabdellah, M., & Azizi, A. (2017). In 2017 International conference on wireless technologies, embedded and intelligent systems (WITS) (pp. 1–6). IEEE.

  23. Oracevic, A., Dilek, S., & Ozdemir, S. (2017). In 2017 International symposium on networks, computers and communications (ISNCC) (pp. 1–6). IEEE.

  24. Alaba, F. A., Othman, M., Hashem, I. A. T., & Alotaibi, F. (2017). Internet of things security: A survey. Journal of Network and Computer Applications, 88, 10.

    Article  Google Scholar 

  25. Razzaq, M. A., Gill, S. H., Qureshi, M. A., & Ullah, S. (2017). Security issues in the Internet of Things (IoT): A comprehensive study. International Journal of Advanced Computer Science and Applications, 8(6), 383.

    Google Scholar 

  26. Riahi, A., Natalizio, E., Challal, Y., Mitton, N., & Iera, A. (2014). In 2014 International conference on computing, networking and communications (ICNC) (pp. 183–188). IEEE.

  27. Ronen, E., & Shamir, A. (2016). In 2016 IEEE European symposium on security and privacy (EuroS&P) (pp. 3–12). IEEE.

  28. Zhao, K., & Ge, L. (2013). In 2013 9th International conference on computational intelligence and security (CIS) (pp. 663–667). IEEE.

  29. Perrig, A., Stankovic, J., & Wagner, D. (2004). Security in wireless sensor networks. Communications of the ACM, 47(6), 53.

    Article  Google Scholar 

  30. Mo, Y., & Sinopoli, B. (2009). In 47th Annual Allerton conference on communication, control, and computing, 2009. Allerton 2009 (pp. 911–918). IEEE.

  31. Soni, V., Modi, P., & Chaudhri, V. (2013). Detecting sinkhole attack in wireless sensor network. International Journal of Application or Innovation in Engineering & Management, 2(2), 29.

    Google Scholar 

  32. Lee, P., Clark, A., Bushnell, L., & Poovendran, R. (2014). A passivity framework for modeling and mitigating wormhole attacks on networked control systems. IEEE Transactions on Automatic Control, 59(12), 3224.

    Article  MathSciNet  MATH  Google Scholar 

  33. Yang, X., He, X., Yu, W., Lin, J., Li, R., Yang, Q., et al. (2015). Towards a low-cost remote memory attestation for the smart grid. Sensors, 15(8), 20799.

    Article  Google Scholar 

  34. Mpitziopoulos, A., Gavalas, D., Konstantopoulos, C., & Pantziou, G. (2009). A survey on jamming attacks and countermeasures in WSNs. IEEE Communications Surveys & Tutorials, 11(4), 42–56.

    Article  Google Scholar 

  35. Ghafir, I., Prenosil, V., Alhejailan, A., & Hammoudeh, M. (2016). In 2016 IEEE 4th international conference on future Internet of Things and cloud (FiCloud) (pp. 145–149). IEEE.

  36. Lin, J., Yu, W., Zhang, N., Yang, X., Zhang, H., & Zhao, W. (2017). A survey on Internet of Things: Architecture, enabling technologies, security and privacy, and applications. IEEE Internet of Things Journal, 4(5), 1125.

    Article  Google Scholar 

  37. Padhy, R. P., Patra, M. R., & Satapathy, S. C. (2011). Cloud computing: Security issues and research challenges. International Journal of Computer Science and Information Technology & Security (IJCSITS), 1(2), 136.

    Google Scholar 

  38. Nawir, M., Amir, A., Yaakob, N., & Lynn, O. B. (2016). In 2016 3rd International conference on electronic design (ICED) (pp. 321–326). IEEE.

  39. Alsaadi, E., & Tubaishat, A. (2015). Internet of Things: Features, challenges, and vulnerabilities. International Journal of Advanced Computer Science and Information Technology, 4(1), 1.

    Google Scholar 

  40. Misra, S., Krishna, P. V., Agarwal, H., Saxena, A., & Obaidat, M. S. (2011). In 2011 International conference on Internet of Things (iThings/CPSCom) and 4th international conference on cyber, physical and social computing (pp. 114–122). IEEE.

  41. Roman, R., Zhou, J., & Lopez, J. (2013). On the features and challenges of security and privacy in distributed Internet of Things. Computer Networks, 57(10), 2266.

    Article  Google Scholar 

  42. Khoo, B. (2011). In 2011 International conference on Internet of Things (iThings/CPSCom) and 4th international conference on cyber, physical and social computing (pp. 709–712). IEEE.

  43. Thakur, B. S., & Chaudhary, S. (2013). Content sniffing attack detection in client and server side: A survey. International Journal of Advanced Computer Research, 3(2), 7.

    Google Scholar 

  44. Mitrokotsa, A., Rieback, M. R., & Tanenbaum, A. S. (2010). Classifying rfid attacks and defenses. Information Systems Frontiers, 12(5), 491.

    Article  Google Scholar 

  45. Laurie, A. (2007). Practical attacks against RFID. Network Security, 2007(9), 4.

    Article  Google Scholar 

  46. Sushma, D. N., & Nandal, V. (2011). Security threats in wireless sensor networks. IJCSMS International Journal of Computer Science & Management Studies, 11(01), 59.

    Google Scholar 

  47. Zhang, K., Liang, X., Lu, R., & Shen, X. (2014). Sybil attacks and their defenses in the Internet of Things. IEEE Internet of Things Journal, 1(5), 372.

    Article  Google Scholar 

  48. Jagatic, T. N., Johnson, N. A., Jakobsson, M., & Menczer, F. (2007). Social phishing. Communications of the ACM, 50(10), 94.

    Article  Google Scholar 

  49. Zhang, J., Gu, D., Guo, Z., & Zhang, L. (2010). In 2010 3rd International conference on advanced computer theory and engineering (ICACTE) (Vol. 6, pp. V6–61). IEEE.

  50. Heer, T., Garcia-Morchon, O., Hummen, R., Keoh, S. L., Kumar, S. S., & Wehrle, K. (2011). Security challenges in the IP-based Internet of Things. Wireless Personal Communications, 61(3), 527.

    Article  Google Scholar 

  51. Hossain, M. M., Fotouhi, M., & Hasan, R. (2015). In 2015 IEEE world congress on services (SERVICES) (pp. 21–28). IEEE.

  52. Miorandi, D., Sicari, S., De Pellegrini, F., & Chlamtac, I. (2012). Internet of things: Vision, applications and research challenges. Ad Hoc Networks, 10(7), 1497.

    Article  Google Scholar 

  53. Alam, S., Chowdhury, M. M., & Noll, J. (2011). Interoperability of security-enabled Internet of Things. Wireless Personal Communications, 61(3), 567.

    Article  Google Scholar 

  54. Babar, S., Stango, A., Prasad, N., Sen, J., & Prasad, R. (2011). In 2011 2nd International conference on wireless communication, vehicular technology, information theory and aerospace & electronic systems technology (Wireless VITAE) (pp. 1–5). IEEE.

  55. Singh, J., Pasquier, T., Bacon, J., Ko, H., & Eyers, D. (2016). Twenty security considerations for cloud-supported Internet of Things. IEEE Internet of Things Journal, 3(3), 269.

    Article  Google Scholar 

  56. Weber, R. H. (2015). Internet of Things: Privacy issues revisited. Computer Law & Security Review, 31(5), 618.

    Article  Google Scholar 

  57. Misra, S., Maheswaran, M., & Hashmi, S. (2017). Security challenges and approaches in Internet of Things. Berlin: Springer.

    Book  Google Scholar 

  58. Sweeney, L. (2002). k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(05), 557.

    Article  MathSciNet  MATH  Google Scholar 

  59. Machanavajjhala, A., Gehrke, J., Kifer, D., & Venkitasubramaniam, M. (2006). In Proceedings of the 22nd international conference on data engineering, 2006. ICDE’06 (pp. 24–24). IEEE.

  60. Li, N., Li, T., & Venkatasubramanian, S. (2007). In IEEE 23rd international conference on data engineering, 2007. ICDE 2007 (pp. 106–115). IEEE.

  61. Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2009). LAMED: A PRNG for EPC class-1 generation-2 RFID specification. Computer Standards & Interfaces, 31(1), 88.

    Article  Google Scholar 

  62. Melia-Segui, J., Garcia-Alfaro, J., & Herrera-Joancomarti, J. (2010). In International conference on financial cryptography and data security (pp. 34–46). Springer.

  63. Mandal, K., Fan, X., & Gong, G. (2013). Warbler: A lightweight pseudorandom number generator for EPC C1 Gen2 passive RFID tags. International Journal of RFID Security and Cryptography, 2, 82.

    Article  Google Scholar 

  64. Mace, F., Standaert, F. X., Quisquater, J. J., et al. (2007). In Proceedings of the third international conference on RFID security-RFIDSec (pp. 103–114).

  65. Gong, Z., Nikova, S., & Law, Y. W. (2011). In International workshop on radio frequency identification: Security and privacy issues (pp. 1–18). Springer.

  66. Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., & Wingers, L. (2015). Simon and speck: Block ciphers for the Internet of Things. IACR Cryptology ePrint Archive, 2015, 585.

    MATH  Google Scholar 

  67. Hell, M., Johansson, T., & Meier, W. (2007). Grain: A stream cipher for constrained environments. International Journal of Wireless and Mobile Computing, 2(1), 86.

    Article  Google Scholar 

  68. David, M., Ranasinghe, D. C., & Larsen, T. (2011). In 2011 IEEE international conference on RFID (RFID) (pp. 176–183). IEEE.

  69. Fan, X., Mandal, K. & Gong, G. (2013). In International conference on heterogeneous networking for quality, reliability, security and robustness (pp. 617–632). Springer.

  70. Atzori, L., Iera, A., & Morabito, G. (2010). The Internet of Things: A survey. Computer Networks, 54(15), 2787.

    Article  MATH  Google Scholar 

  71. Bogdanov, A., Knežević, M., Leander, G., Toz, D., Varıcı, K., & Verbauwhede, I. (2011). In International workshop on cryptographic hardware and embedded systems (pp. 312–325). Springer.

  72. Berger, T. P., D’Hayer, J., Marquet, K., Minier, M., & Thomas, G. (2012). In International conference on cryptology in Africa (pp. 306–323). Springer.

  73. Aumasson, J. P., Henzen, L., Meier, W., & Naya-Plasencia, M. (2013). Quark: A lightweight hash. Journal of cryptology, 26(2), 313.

    Article  MathSciNet  MATH  Google Scholar 

  74. Abyaneh, M. R. S. (2012). Security analysis of lightweight schemes for RFID systems, PhD thesis, University of Bergen, Norway.

  75. Greenstadt, R., & Beal, J. (2008). In Proceedings of the 1st ACM workshop on AISec (pp. 27–30). ACM.

  76. Gusmeroli, S., Piccione, S., & Rotondi, D. (2013). A capability-based security approach to manage access control in the Internet of Things. Mathematical and Computer Modelling, 58(5–6), 1189.

    Article  Google Scholar 

  77. Liu, J., Xiao, Y., & Chen, C. P. (2012). Internet of Things’ authentication and access control. International Journal of Security and Networks, 7(4), 228.

    Article  Google Scholar 

  78. Bouij-Pasquier, I., Ouahman, A. A., El Kalam, A. A., & de Montfort, M. O. (2015). In 2015 IEEE/ACS 12th international conference of computer systems and applications (AICCSA) (pp. 1–8). IEEE.

  79. Dennis, J. B., & Van Horn, E. C. (1966). Programming semantics for multiprogrammed computations. Communications of the ACM, 9(3), 143.

    Article  MATH  Google Scholar 

  80. Mahalle, P. N., Anggorojati, B., Prasad, N. R., Prasad, R., et al. (2013). Identity authentication and capability based access control (iacac) for the Internet of Things. Journal of Cyber Security and Mobility, 1(4), 309.

    Google Scholar 

  81. Hernández-Ramos, J. L., Jara, A. J., Marin, L., & Skarmeta, A. F. (2013). Distributed capability-based access control for the Internet of Things. Journal of Internet Services and Information Security (JISIS), 3(3/4), 1.

    Google Scholar 

  82. Mahalle, P. N., Thakre, P. A., Prasad, N. R., & Prasad, R. (2013). In 2013 3rd International conference on wireless communications, vehicular technology, information theory and aerospace & electronic systems (VITAE) (pp. 1–5). IEEE.

  83. Pathan, A. S. K., Lee, H. W., & Hong, C. S. (2006). In The 8th international conference on advanced communication technology, 2006. ICACT 2006 (Vol. 2, p. 6). IEEE.

  84. Oriwoh, E., al Khateeb, H., & Conrad, M. (2016). In International conference on computing and technology innovation (CTI 2015).

  85. Koblitz, N., Menezes, A., & Vanstone, S. (2000). The state of elliptic curve cryptography. Designs, Codes and Cryptography, 19(2–3), 173.

    Article  MathSciNet  MATH  Google Scholar 

  86. Fan, J., Batina, L., & Verbauwhede, I. (2008). In International workshop on selected areas in cryptography (pp. 387–400). Springer.

  87. Coetzee, L., & Eksteen, J. (2011). In IST-Africa conference proceedings, 2011 (pp. 1–9). IEEE.

  88. Etalle, S., den Hartog, J., & Marsh, S. (2007). In Proceedings of the 1st international conference on autonomic computing and communication systems (ICST) (p. 5). Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering.

  89. Kasinathan, P., Pastrone, C., Spirito, M. A., & Vinkovits, M. (2013). In 2013 IEEE 9th international conference on wireless and mobile computing, networking and communications (WiMob) (pp. 600–607). IEEE.

  90. Sheng, Z., Yang, S., Yu, Y., Vasilakos, A., Mccann, J., & Leung, K. (2013). A survey on the IETF protocol suite for the Internet of Things: Standards, challenges, and opportunities. IEEE Wireless Communications, 20(6), 91.

    Article  Google Scholar 

  91. Suo, H., Wan, J., Zou, C. & Liu, J. (2012). In 2012 International conference on computer science and electronics engineering (ICCSEE) (Vol. 3, pp. 648–651). IEEE.

  92. Sridhar, S., & Smys, S. (2017). In 2017 International conference on inventive systems and control (ICISC) (pp. 1–5). IEEE.

  93. Regev, O. (2009). On lattices, learning with errors, random linear codes, and cryptography. Journal of the ACM (JACM), 56(6), 34.

    Article  MathSciNet  MATH  Google Scholar 

  94. Song, T., Li, R., Mei, B., Yu, J., Xing, X., & Cheng, X. (2017). A privacy preserving communication protocol for iot applications in smart homes. IEEE Internet of Things Journal, 4(6), 1844.

    Article  Google Scholar 

  95. Li, F., Hong, J., & Omala, A. A. (2017). Efficient certificateless access control for industrial Internet of Things. Future Generation Computer Systems, 76, 285.

    Article  Google Scholar 

  96. Li, R., Song, T., Capurso, N., Yu, J., Couture, J., & Cheng, X. (2017). IoT applications on secure smart shopping system. IEEE Internet of Things Journal, 4(6), 1945.

    Article  Google Scholar 

  97. Yang, Y., Zheng, X., & Tang, C. (2017). Lightweight distributed secure data management system for health Internet of Things. Journal of Network and Computer Applications, 89, 26.

    Article  Google Scholar 

  98. Li, N., Liu, D., & Nepal, S. (2017). Lightweight mutual authentication for iot and its applications. IEEE Transactions on Sustainable Computing, 2(4), 359.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LRSD Laboratory, Ferhat Abbas University of Setif1, Sétif, Algeria

    Yasmine Harbi, Zibouda Aliouat & Allaoua Refoufi

  2. College of Information Technology, United Arab Emirates University, Al Ain, UAE

    Saad Harous

  3. National University of Singapore, Singapore, Singapore

    Abdelhak Bentaleb

Authors
  1. Yasmine Harbi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zibouda Aliouat
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Saad Harous
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Abdelhak Bentaleb
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Allaoua Refoufi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Saad Harous.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Harbi, Y., Aliouat, Z., Harous, S. et al. A Review of Security in Internet of Things. Wireless Pers Commun 108, 325–344 (2019). https://doi.org/10.1007/s11277-019-06405-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-019-06405-y

Keywords

Search

Navigation