Skip to main content
SpringerLink
Log in

Security in Internet of Things: issues, challenges, taxonomy, and architecture

  • Published:
Telecommunication Systems Aims and scope Submit manuscript

Abstract

Internet technology is very pervasive today. The number of devices connected to the Internet, those with a digital identity, is increasing day by day. With the developments in the technology, Internet of Things (IoT) become important part of human life. However, it is not well defined and secure. Now, various security issues are considered as major problem for a full-fledged IoT environment. There exists a lot of security challenges with the proposed architectures and the technologies which make the backbone of the Internet of Things. Some efficient and promising security mechanisms have been developed to secure the IoT environment, however, there is a lot to do. The challenges are ever increasing and the solutions have to be ever improving. Therefore, aim of this paper is to discuss the history, background, statistics of IoT and security based analysis of IoT architecture. In addition, we will provide taxonomy of security challenges in IoT environment and taxonomy of various defense mechanisms. We conclude our paper discussing various research challenges that still exist in the literature, which provides better understanding of the problem, current solution space, and future research directions to defend IoT against different attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Ashton, K. (2009). That internet of things thing. RFiD Journal, 22(7), 97–114.

    Google Scholar 

  2. Tewari, A., & Gupta, B. B. (2016). Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags. The Journal of Supercomputing, 73(3), 1085–1102.

    Article  Google Scholar 

  3. Stergiou, C., Psannis, K. E., Kim, B. G., & Gupta, B. (2016). Secure integration of IoT and cloud computing. Future Generation Computer systems. doi:10.1016/j.future.2016.11.031.

  4. Stojkoska, B. L. R., & Trivodaliev, K. V. (2017). A review of Internet of Things for smart home: Challenges and solutions. Journal of Cleaner Production, 140, 1454–1464.

    Article  Google Scholar 

  5. Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud computing and internet of things: A survey. Future Generation Computer Systems, 56, 684–700.

    Article  Google Scholar 

  6. Odelu, V., Das, A. K., Khan, M. K., Choo, K. K. R., & Jo, M. (2017). Expressive CP-ABE scheme for mobile devices in IoT satisfying constant-size Keys and ciphertexts. IEEE Access, 5, 3273–3283.

    Article  Google Scholar 

  7. Kong, L., Khan, M. K., Wu, F., Chen, G., & Zeng, P. (2017). Millimeter-wave wireless communications for IoT-cloud supported autonomous vehicles: Overview, design, and challenges. IEEE Communications Magazine, 55(1), 62–68.

    Article  Google Scholar 

  8. Ab Malek, M. S. B., Ahmadon, M. A. B., Yamaguchi, S., & Gupta, B. B. (2016). On privacy verification in the IoT service based on PN 2. In Proceedings of the Consumer Electronics, IEEE 5th Global Conference on 2016, IEEE. (pp. 1–4).

  9. Tewari, A., & Gupta, B. B. (2017). A lightweight mutual authentication protocol based on elliptic curve cryptography for IoT devices. International Journal of Advanced Intelligence Paradigms, 9(2–3), 111–121.

    Article  Google Scholar 

  10. Deering, S., & Hinden, R. (1998). Internet protocol, version 6 (IPv6) specification. RFC 2460. https://rfc-editor.org/rfc/rfc2460.txt. Accessed 20 March 2017.

  11. Molisch, A. F., Balakrishnan, K., Chong, C. C., Emami, S., Fort, A., Karedal, J., et al. (2004). IEEE 802.15. 4a channel model-final report. IEEE P802, 15(04), 0662.

    Google Scholar 

  12. Wang, Y., Attebury, G., & Ramamurthy, B. (2006). A survey of security issues in wireless sensor networks. IEEE Communications Surveys & Tutorials, 8(2), 2–23.

    Article  Google Scholar 

  13. Winter, T. (2012). RPL: IPv6 routing protocol for low-power and lossy networks. RFC 6550. https://tools.ietf.org/html/rfc6550. Accessed 20 March 2017.

  14. Le, A., Loo, J., Lasebae, A., Aiash, M., & Luo, Y. (2012). 6LoWPAN: A study on QoS security threats and countermeasures using intrusion detection system approach. International Journal of Communication Systems, 25(9), 1189–1212.

    Article  Google Scholar 

  15. Sonar, K., & Upadhyay, H. (2014). A survey: DDOS attack on Internet of Things. International Journal of Engineering Research and Development, 10(11), 58–63.

    Google Scholar 

  16. Evans, D. (2011). The Internet of Things: How the next evolution of the internet is changing everything. CISCO White Paper, 1(2011), 1–11.

    Google Scholar 

  17. Hinden, R., & Deering, S. (1995). Internet protocol, version 6 (IPv6) specification. RFC 1883. https://tools.ietf.org/html/rfc1883. Accessed 20 March 2017.

  18. Montenegro, G., Kushalnagar, N., Hui, J., & Culler, D. (2007). Transmission of IPv6 packets over IEEE 802.15. 4 networks. RFC 4944. https://www.rfc-editor.org/rfc/rfc4944.txt. Accessed 20 March 2017.

  19. IEEE Standards Association. P2413-Standard for an Architectural Framework for the Internet of Things (IoT). https://standards.ieee.org/develop/project/2413.html. Accessed 20 March 2017.

  20. IEEE Internet of Things. http://iot.ieee.org/. Accessed 20 March 2017.

  21. Alliance for Internet of Things Innovation. https://www.aioti.eu/. Accessed 20 March 2017.

  22. Abramovich, G. (2015). Mind-blowing stats about the Internet of Things. http://www.cmo.com/features/articles/2015/4/13/mind-blowing-stats-internet-of-things-iot.html. Accessed 20 March 2017.

  23. Attivo Networks. (2016). Deception of attack detection of IoT devices. https://attivonetworks.com/documentation/Attivo_Networks-IoT.pdf. Accessed 20 March 2017.

  24. Says, G. (2015). 6.4 billion connected “Things” will be in use in 2016, up 30 percent from 2015. Laval: Gart. Inc.

    Google Scholar 

  25. Hayashi, K. (2014) IoT worm used to mine cryptocurrency. http://www.symantec.com/connect/blogs/iot-worm-used-mine-cryptocurrency. Accessed 20 March 2017.

  26. Paganini, P. (2014). IoT—Discovered first Internet of Things cyberattack on large-scale. http://securityaffairs.co/wordpress/21397/cyber-crime/iot-cyberattack-large-scale.html. Accessed 20 March 2017.

  27. Wood, P., Nahomey, B., Chandrasekar, K., Wallace, S., & Haley, K. (2016). Symantec internet security threat report. Technical report, Symantec Corporation.

  28. Bitdefender BOX. https://www.bitdefender.com/box/compare/. Accessed 20 March 2017.

  29. CUJO Device. https://www.getcujo.com/. Accessed 20 March 2017.

  30. IoT Guardian. https://www.zingbox.com/iot-guardian/. Accessed 20 March 2017.

  31. DOJO. https://www.dojo-labs.com/product/dojo/. Accessed 20 March 2017.

  32. Luma Surround WiFi. https://lumahome.com/surround-wifi/. Accessed 20 March 2017.

  33. F-Secure SAFE. https://www.f-secure.com/en/web/home_global/safe. Accessed 20 March 2017.

  34. Internet of Things Global Standards Initiative. (2016). International Telecommunication Union. http://www.itu.int/en/ITU-T/gsi/iot/Pages/default.aspx. Accessed 20 March 2017.

  35. Li, J., Li, J., Chen, X., Jia, C., & Lou, W. (2015). Identity-based encryption with outsourced revocation in cloud computing. IEEE Transactions on Computers, 64(2), 425–437.

    Article  Google Scholar 

  36. Li, J., Liu, Z., Chen, X., Xhafa, F., Tan, X., & Wong, D. S. (2015). L-EncDB: A lightweight framework for privacy-preserving data queries in cloud computing. Knowledge-Based Systems, 79, 18–26.

    Article  Google Scholar 

  37. Zhangjie, F., Xingming, S., Qi, L., Lu, Z. H. O. U., & Jiangang, S. H. U. (2015). Achieving efficient cloud search services: Multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Transactions on Communications, 98(1), 190–200.

    Google Scholar 

  38. Xia, Z., Wang, X., Sun, X., & Wang, Q. (2016). A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Transactions on Parallel and Distributed Systems, 27(2), 340–352.

    Article  Google Scholar 

  39. Xia, Z., Wang, X., Zhang, L., Qin, Z., Sun, X., & Ren, K. (2016). A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Transactions on Information Forensics and Security, 11(11), 2594–2608.

    Article  Google Scholar 

  40. Wu, M., Lu, T. J., Ling, F. Y., Sun, J., & Du, H. Y. (2010). Research on the architecture of Internet of Things. In Proceedings of 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE) 2010, IEEE (Vol. 5, pp. V5–484).

  41. Tan, L., & Wang, N. (2010). Future internet: The Internet of Things. In Proceedings of 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE), 2010, IEEE (Vol. 5, pp. V5–376).

  42. Suo, H., Wan, J., Zou, C., & Liu, J. (2012). Security in the Internet of Things: A review. In International Conference on Computer Science and Electronics Engineering (ICCSEE), 2012, IEEE (Vol. 3, pp. 648–651).

  43. Gubbi, J., Buyya, R., Marusic, S., & Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems, 29(7), 1645–1660.

    Article  Google Scholar 

  44. Bonomi, F., Milito, R., Zhu, J., & Addepalli, S. (2012). Fog computing and its role in the Internet of Things. In Proceedings of the First Edition of the MCC Workshop on Mobile Cloud Computing, ACM (pp. 13–16).

  45. Bonomi, F., Milito, R., Natarajan, P., & Zhu, J. (2014). Fog computing: A platform for internet of things and analytics. In N. Bessis & C. Dobre (Eds.), Big data and internet of things: A roadmap for smart environments (pp. 169–186). Springer International Publishing.

  46. Weber, R. H. (2010). Internet of Things-new security and privacy challenges. Computer Law & Security Review, 26(1), 23–30.

    Article  Google Scholar 

  47. Hu, Z. (2011). The research of several key question of Internet of Things. In International Conference on Intelligence Science and Information Engineering (ISIE), 2011, IEEE (pp. 362–365).

  48. Gan, G., Lu, Z., & Jiang, J. (2011). Internet of Things security analysis. In International Conference on Internet Technology and Applications (iTAP), 2011, IEEE (pp. 1–4).

  49. Yan, Z., Zhang, P., & Vasilakos, A. V. (2014). A survey on trust management for Internet of Things. Journal of Network and Computer Applications, 42, 120–134.

    Article  Google Scholar 

  50. Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud computing. New Jersey: Wiley.

    Google Scholar 

  51. Riahi, A., Natalizio, E., Challal, Y., Mitton, N., & Iera, A. (2014). A systemic and cognitive approach for IoT security. In International Conference on Computing, Networking and Communications (ICNC), 2014, IEEE (pp. 183–188).

  52. Mulligan, G. (2007). The 6LoWPAN architecture. In Proceedings of the 4th Workshop on Embedded Networked Sensors, ACM (pp. 78–82).

  53. Kushalnagar, N., Montenegro, G., & Schumacher, C. (2007). IPv6 over low-power wireless personal area networks (6LoWPANs): Overview, assumptions, problem statement, and goals (No. RFC 4919).

  54. Wallgren, L., Raza, S., & Voigt, T. (2013). Routing attacks and countermeasures in the RPL-based Internet of Things. International Journal of Distributed Sensor Networks, 9(8).

  55. Le, A., Loo, J., Lasebae, A., Vinel, A., Chen, Y., & Chai, M. (2013). The impact of rank attack on network topology of routing protocol for low-power and lossy networks. IEEE Sensors Journal, 13(10), 3685–3692.

    Article  Google Scholar 

  56. Atzori, L., Iera, A., & Morabito, G. (2010). The Internet of Things: A survey. Computer Networks, 54(15), 2787–2805.

    Article  Google Scholar 

  57. Akyildiz, I. F., Su, W., Sankarasubramaniam, Y., & Cayirci, E. (2002). A survey on sensor networks. IEEE Communications Magazine, 40(8), 102–114.

    Article  Google Scholar 

  58. Wood, A. D., & Stankovic, J. A. (2002). Denial of service in sensor networks. Computer, 35(10), 54–62.

    Article  Google Scholar 

  59. Shi, E., & Perrig, A. (2004). Designing secure sensor networks. IEEE Wireless Communications, 11(6), 38–43.

    Article  Google Scholar 

  60. Modares, H., Salleh, R., & Moravejosharieh, A. (2011). Overview of security issues in wireless sensor networks. In Third International Conference on Computational Intelligence, Modelling and Simulation (CIMSiM), 2011, IEEE (pp. 308–311).

  61. Pathan, A. S. K., Lee, H. W., & Hong, C. S. (2006). Security in wireless sensor networks: Issues and challenges. In Proceedings of the 8th International Conference Advanced Communication Technology, 2006. ICACT 2006, IEEE (Vol. 2, p. 6).

  62. Singh, S., & Verma, H. K. (2011). Security for wireless sensor network. International Journal on Computer Science and Engineering, 3(6), 2393–2399.

    Google Scholar 

  63. Karlof, C., & Wagner, D. (2003). Secure routing in wireless sensor networks: Attacks and countermeasures. Ad Hoc Networks, 1(2), 293–315.

    Article  Google Scholar 

  64. Newsome, J., Shi, E., Song, D., & Perrig, A. (2004). The sybil attack in sensor networks: Analysis & defenses. In Proceedings of the 3rd International Symposium on Information Processing in Sensor Networks, ACM (pp. 259–268).

  65. Hu, Y. C., Perrig, A., & Johnson, D. B. (2003). Packet leashes: A defense against wormhole attacks in wireless networks. In Twenty-Second Annual Joint Conference of the IEEE Computer and Communications. INFOCOM 2003. IEEE Societies, IEEE (Vol. 3, pp. 1976–1986).

  66. Zia, T., & Zomaya, A. (2006). Security issues in wireless sensor networks. In International Conference on Systems and Networks Communications, ICSNC’06, 2006, IEEE (p. 40).

  67. Khan, R., Khan, S. U., Zaheer, R., & Khan, S. (2012). Future internet: Ihe Internet of Things architecture, possible applications and key challenges. In 10th International Conference on Frontiers of Information Technology (FIT), 2012, IEEE (pp. 257–260).

  68. Weber, R. H. (2015). Internet of Things: Privacy issues revisited. Computer Law & Security Review, 31(5), 618–627.

    Article  Google Scholar 

  69. Daemen, J., & Rijmen, V. (2013). The design of Rijndael: AES-the advanced encryption standard. Berlin: Springer.

    Google Scholar 

  70. Diffie, W., & Hellman, M. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644–654.

    Article  Google Scholar 

  71. Eastlake 3rd, D., & Jones, P. (2001). US secure hash algorithm 1 (SHA1)(No. RFC 3174).

  72. Gilbert, H., & Handschuh, H. (2004). Security analysis of SHA-256 and sisters. In M. Matsui & R. J. Zuccherato (Eds.), Selected areas in cryptography. SAC 2003. Lecture notes in computer science (Vol. 3006, pp. 175–193). Springer, Berlin, Heidelberg.

  73. Kalra, S., & Sood, S. K. (2015). Secure authentication scheme for IoT and cloud servers. Pervasive and Mobile Computing, 24, 210–223.

    Article  Google Scholar 

  74. Raza, S., Wallgren, L., & Voigt, T. (2013). SVELTE: Real-time intrusion detection in the Internet of Things. Ad Hoc Networks, 11(8), 2661–2674.

    Article  Google Scholar 

  75. Dunkels, A. (2012). Contiki: The open source OS for the Internet of Things. Accessed 20 March 2017.

  76. Amin, S. O., Siddiqui, M. S., Hong, C. S., & Lee, S. (2009). RIDES: Robust intrusion detection system for IP-based ubiquitous sensor networks. Sensors, 9(5), 3447–3468.

    Article  Google Scholar 

  77. Bloom, B. H. (1970). Space/time trade-offs in hash coding with allowable errors. Communications of the ACM, 13(7), 422–426.

    Article  Google Scholar 

  78. Le, A., Loo, J., Luo, Y., & Lasebae, A. (2011). Specification-based IDS for securing RPL from topology attacks. In Wireless Days (WD), 2011 IFIP, IEEE (pp. 1–3).

  79. Kasinathan, P., Pastrone, C., Spirito, M. A., & Vinkovits, M. (2013). Denial-of-service detection in 6LoWPAN based Internet of Things. In IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), 2013, IEEE (pp. 600–607).

  80. Kasinathan, P., Costamagna, G., Khaleel, H., Pastrone, C., & Spirito, M. A. (2013). DEMO: An IDS framework for internet of things empowered by 6LoWPAN. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, ACM (pp. 1337–1340).

  81. Gupta, B. B., Joshi, R. C., & Misra, M. (2009). Defending against distributed denial of service attacks: Issues and challenges. Information Security Journal: A Global Perspective, 18(5), 224–247.

    Google Scholar 

  82. Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys & Tutorials, 15(4), 2046–2069.

    Article  Google Scholar 

  83. Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2016). Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Communications Surveys & Tutorials, 18(1), 602–622.

    Article  Google Scholar 

  84. Haas, A., Haas, M., & Weinert, M. (2015). The Internet of Things is already here, but who bears the risks?

  85. Esraa Alomari, R. A., Manickam, S., et al. (2012). Botnet-based distributed denial of service (DDoS) attacks on web servers: Classification and art. International Journal of Computer Application (IJCA), 49(07), 24–32.

    Article  Google Scholar 

  86. Chhabra, M., et al. (2013). A novel solution to handle DDOS attack in MANET. Journal of Information Security, 4(3), 165.

    Article  Google Scholar 

  87. Gupta, B. B., & Badve, O. P. (2016). Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a cloud computing environment. Neural Computing and Applications, 1–28.

Download references

Acknowledgements

This research work is being supported by sponsored Project Grant (SB/FTP/ETA-131/2014) from SERB, DST, Government of India.

Author information

Authors and Affiliations

  1. Computer Engineering Department, National Institute of Technology Kurukshetra, Haryana, India

    Vipindev Adat & B. B. Gupta

Authors
  1. Vipindev Adat
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. B. B. Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to B. B. Gupta.

Ethics declarations

Conflicts of interest

On behalf of all authors, the corresponding author states that there is no conflict of interest

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Adat, V., Gupta, B.B. Security in Internet of Things: issues, challenges, taxonomy, and architecture. Telecommun Syst 67, 423–441 (2018). https://doi.org/10.1007/s11235-017-0345-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11235-017-0345-9

Keywords

Search

Navigation