research-article

IoT Cloud Security Review: A Case Study Approach Using Emerging Consumer-oriented Applications

Authors:

Hong-Linh TruongAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 54, Issue 4

Article No.: 75, Pages 1 - 36

https://doi.org/10.1145/3447625

Published: 03 May 2021 Publication History

Abstract

Recent years have seen the rapid development and integration of the Internet of Things (IoT) and cloud computing. The market is providing various consumer-oriented smart IoT devices; the mainstream cloud service providers are building their software stacks to support IoT services. With this emerging trend even growing, the security of such smart IoT cloud systems has drawn much research attention in recent years. To better understand the emerging consumer-oriented smart IoT cloud systems for practical engineers and new researchers, this article presents a review of the most recent research efforts on existing, real, already deployed consumer-oriented IoT cloud applications in the past five years using typical case studies. Specifically, we first present a general model for the IoT cloud ecosystem. Then, using the model, we review and summarize recent, representative research works on emerging smart IoT cloud system security using 10 detailed case studies, with the aim that the case studies together provide insights into the insecurity of current emerging IoT cloud systems. We further present a systematic approach to conduct a security analysis for IoT cloud systems. Based on the proposed security analysis approach, we review and suggest potential security risk mitigation methods to protect IoT cloud systems. We also discuss future research challenges for the IoT cloud security area.

References

[1]

Abebe Abeshu and Naveen Chilamkurti. 2018. Deep learning: The frontier for distributed attack detection in fog-to-things computing. IEEE Commun. Mag. 56, 2 (2018), 169--175.

Digital Library

[2]

Neha Agrawal and Shashikala Tapaswi. 2019. Defense mechanisms against DDoS attacks in a cloud computing environment: State-of-the-art and research challenges. IEEE Commun. Surv. Tutor. 21, 4 (2019), 3769--3795.

Digital Library

[3]

Usama Ahmed, Imran Raza, and Syed Asad Hussain. 2019. Trust evaluation in cross-cloud federation: Survey and requirement analysis. Comput. Surv. 52, 1 (Feb. 2019).

Digital Library

[4]

Fadele Ayotunde Alaba, Mazliza Othman, Ibrahim Abaker Targio Hashem, and Faiz Alotaibi. 2017. Internet of Things security: A survey. J. Netw. Comput. Applic. 88 (2017), 10--28.

Digital Library

[5]

A. S. Albahri, A. A. Zaidan, O. S. Albahri, B. B. Zaidan, and M. A. Alsalem. 2018. Real-time fault-tolerant mHealth system: Comprehensive review of healthcare services, opens issues, challenges and methodological aspects. J. Med. Syst. 42, 8 (2018), 137.

Digital Library

[6]

Rana Alharbi and David Aspinall. 2018. An IoT analysis framework: An investigation of IoT smart cameras’ vulnerabilities. In Living in the Internet of Things: Cybersecurity of the IoT - 2018. IET Conference Proceedings. Retrieved from

[7]

Nawaf Almolhis, Abdullah Mujawib Alashjaee, Salahaldeen Duraibi, Fahad Alqahtani, and Ahmed Nour Moussa. 2020. The security issues in IoT - Cloud: A review. In Proceedings of the IEEE International Colloquium on Signal Processing Its Applications. 191--196.

[8]

Omar Alrawi, Chaz Lever, Manos Antonakakis, and Fabian Monrose. 2019. SoK: Security evaluation of home-based IoT deployments. In Proceedings of the IEEE Symposium on Security and Privacy. 208--226.

[9]

Mahmoud Ammar, Giovanni Russello, and Bruno Crispo. 2018. Internet of Things: A survey on the security of IoT frameworks. J. Inf. Secur. Applic. 38 (2018), 8--27.

[10]

Ross Anderson and Shailendra Fuloria. 2011. Smart meter security: A survey. Retrieved from https://www.cl.cam.ac.uk/ rja14/Papers/JSAC-draft.pdf.

[11]

Noah Apthorpe, Dillon Reisman, and Nick Feamster. 2017. A smart home is no castle: Privacy vulnerabilities of encrypted IoT traffic. arXiv preprint arXiv:1705.06805 (2017).

[12]

Noah Apthorpe, Sarah Varghese, and Nick Feamster. 2019. Evaluating the contextual integrity of privacy regulation: Parents’ IoT toy privacy norms versus COPPA. In Proceedings of the USENIX Security Symposium. 123--140.

[13]

Sebastian Banescu, Christian Collberg, Vijay Ganesh, Zack Newsham, and Alexander Pretschner. 2016. Code obfuscation against symbolic execution attacks. In Proceedings of the 32nd Conference on Computer Security Applications. 189--200.

Digital Library

[14]

Srijita Basu, Arjun Bardhan, Koyal Gupta, Payel Saha, M. Pal, Mahasweta Bose, Kaushik Basu, Saunak Chaudhury, and Pritika Sarkar. 2018. Cloud computing security challenges & solutions—A survey. In Proceedings of the IEEE 8th Computing and Communication Workshop and Conference. 347--356.

[15]

Daniel J. Bernstein. 2005. The Poly1305-AES message-authentication code. In Proceedings of the International Workshop on Fast Software Encryption. Springer, 32--49.

Digital Library

[16]

John Bethencourt, Amit Sahai, and Brent Waters. 2007. Ciphertext-policy attribute-based encryption. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 321--334.

Digital Library

[17]

Kevin D. Bowers, Ari Juels, and Alina Oprea. 2009. HAIL: A high-availability and integrity layer for cloud storage. In Proceedings of the 16th ACM Conference on Computer and Communications Security. 187--198.

Digital Library

[18]

Cole Bradley, Samy El-Tawab, and M. Hossain Heydari. 2018. Security analysis of an IoT system used for indoor localization in healthcare facilities. In Proceedings of the Systems and Information Engineering Design Symposium. IEEE, 147--152.

[19]

David D. Brandt, Kenwood Hall, Mark Burton Anderson, Craig D. Anderson, and George Bradford Collins. 2016. System and methodology providing automation security analysis and network intrusion protection in an industrial environment. US Patent 9,412,073.

[20]

Z. Berkay Celik, Earlence Fernandes, Eric Pauley, Gang Tan, and Patrick McDaniel. 2019. Program analysis of commodity IoT applications for security and privacy: Challenges and opportunities. Comput. Surv. 52, 4 (Aug. 2019).

[21]

Z. Berkay Celik, Patrick McDaniel, and Gang Tan. 2018. SOTERIA: Automated IoT safety and security analysis. In Proceedings of the USENIX Annual Technical Conference (USENIX ATC’18). USENIX Association, Berkeley, CA, 147--158.

[22]

Silvio Cesare. 2014. Breaking the Security of Physical Devices. In Proceedings of the Blackhat Conference. Retrieved from http://regmedia.co.uk/2014/08/06/dfgvhbhjkui867ujk5ytghj.pdf.

[23]

Fei Chen, Tao Xiang, Yuanyuan Yang, and Sherman S. M. Chow. 2015. Secure cloud storage meets with secure network coding. IEEE Trans. Comput. 65, 6 (2015), 1936--1948.

Digital Library

[24]

Henry C. H. Chen and Patrick P. C. Lee. 2013. Enabling data integrity protection in regenerating-coding-based cloud storage: Theory and implementation. IEEE Trans. Parallel Distrib. Syst. 25, 2 (2013), 407--416.

Digital Library

[25]

Yuxuan Chen, Xuejing Yuan, Jiangshan Zhang, Yue Zhao, Shengzhi Zhang, Kai Chen, and XiaoFeng Wang. 2020. Devil’s whisper: A general approach for physical adversarial attacks against commercial black-box speech recognition devices. In Proceedings of the 29th USENIX Security Symposium.

[26]

Gordon Chu, Noah Apthorpe, and Nick Feamster. 2018. Security and privacy analyses of Internet of Things children’s toys. IEEE Internet Things J. 6, 1 (2018), 978--985.

[27]

S. Cleemput, M. A. Mustafa, and B. Preneel. 2016. High assurance smart metering. In Proceedings of the IEEE 17th International Symposium on High Assurance Systems Engineering (HASE’16). 294--297.

[28]

B. Copos, K. Levitt, M. Bishop, and J. Rowe. 2016. Is anybody home? Inferring activity from smart home network traffic. In Proceedings of the IEEE Security and Privacy Workshops (SPW’16). 245--251.

[29]

Brittany D. Davis, Janelle C. Mason, and Mohd Anwar. 2020. Vulnerability studies and security postures of IoT devices: A smart home case study. IEEE Internet Things J. (2020).

[30]

Tamara Denning, Tadayoshi Kohno, and Henry M. Levy. 2013. Computer security and the modern home. Commun. ACM 56, 1 (Jan. 2013), 94--103.

Digital Library

[31]

N. Dhanjani. 2013. Hacking lightbulbs: Security evaluation of the Philips hue personal wireless lighting system. Retrieved from https://www.dhanjani.com/docs/Hacking Lighbulbs Hue Dhanjani 2013.pdf.

[32]

Wenrui Diao, Xiangyu Liu, Zhe Zhou, and Kehuan Zhang. 2014. Your voice assistant is mine: How to abuse speakers to steal information and control your phone. In Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices. Association for Computing Machinery, New York, NY, USA, 63--74.

Digital Library

[33]

Wenbo Ding and Hongxin Hu. 2018. On the safety of IoT device physical interaction control. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’18). ACM, New York, NY, 832--846.

Digital Library

[34]

Jasenka Dizdarevic, Francisco Carpio, Admela Jukan, and Xavier Masipbruin. 2019. A survey of communication protocols for Internet of Things and related challenges of fog and cloud computing integration. ACM Comput. Surv. 51, 6 (2019), 116.

Digital Library

[35]

Quang Do, Ben Martini, and Kim-Kwang Raymond Choo. 2018. Cyber-physical systems information gathering: A smart home case study. Comput. Netw. 138 (2018), 1--12.

[36]

Josep Domingo-Ferrer, Oriol Farras, Jordi Ribes-Gonzalez, and David Sanchez. 2019. Privacy-preserving cloud computing on sensitive data: A survey of methods, products and challenges. Comput. Commun. 140-141 (2019), 38--60.

[37]

Morris J. Dworkin. 2015. SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. Federal Information Processing Standards (NIST FIPS) -- 202.

[38]

Pardis Emami-Naeini, Sruti Bhagavatula, Hana Habib, Martin Degeling, Lujo Bauer, Lorrie Faith Cranor, and Norman Sadeh. 2017. Privacy expectations and preferences in an IoT world. In Proceedings of the 13th USENIX Conference on Usable Privacy and Security (SOUPS’17). USENIX Association, Berkeley, CA, 399--412.

[39]

Bahar Farahani, Farshad Firouzi, Victor Chang, Mustafa Badaroglu, Nicholas Constant, and Kunal Mankodiya. 2018. Towards fog-driven IoT eHealth: Promises and challenges of IoT in medicine and healthcare. Fut. Gen. Comput. Syst. 78 (2018), 659--676.

[40]

Margherita Favaretto, Tu Tran Anh, Juxhino Kavaja, Michele De Donno, and Nicola Dragoni. 2020. When the price is your privacy: A security analysis of two cheap IoT devices. In Proceedings of 6th International Conference in Software Engineering for Defence Applications, Paolo Ciancarini, Manuel Mazzara, Angelo Messina, Alberto Sillitti, and Giancarlo Succi (Eds.). Springer International Publishing, Cham, 55--75.

[41]

Earlence Fernandes, Jaeyeon Jung, and Atul Prakash. 2016. Security analysis of emerging smart home applications. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 636--654.

[42]

E. Fernandes, A. Rahmati, J. Jung, and A. Prakash. 2017. Security implications of permission models in smart-home application frameworks. IEEE Secur. Priv. 15, 2 (Mar. 2017), 24--30.

Digital Library

[43]

Giancarlo Fortino, Claudio Savaglio, Carlos E. Palau, Jara Suarez de Puga, Maria Ganzha, Marcin Paprzycki, Miguel Montesinos, Antonio Liotta, and Miguel Llop. 2018. Towards multi-layer interoperability of heterogeneous IoT platforms: The INTER-IoT approach. In Integration, Interconnection, and Interoperability of IoT Systems. Springer, 199--232.

[44]

M. Ganzha, M. Paprzycki, W. Pawłowski, P. Szmeja, and K. Wasielewska. 2017. Semantic interoperability in the Internet of Things: An overview from the INTER-IoT perspective. J. Netw. Comput. Applic. 81 (2017), 111--124. https://doi.org/10.1016/j.jnca.2016.08.007

[45]

C. Gao, Z. Ling, B. Chen, X. Fu, and W. Zhao. 2018. SecT: A lightweight secure thing-centered IoT communication system. In Proceedings of the IEEE 15th International Conference on Mobile Ad Hoc and Sensor Systems (MASS’18). 46--54.

[46]

Christine Geeng and Franziska Roesner. 2019. Who’s in control? Interactions in multi-user smart homes. In Proceedings of the CHI Conference on Human Factors in Computing Systems (CHI’19). Association for Computing Machinery, New York, NY.

[47]

N. K. Giang, M. Blackstock, R. Lea, and V. C. M. Leung. 2015. Developing IoT applications in the Fog: A distributed dataflow approach. In Proceedings of the 5th International Conference on the Internet of Things (IOT’15). 155--162.

[48]

Assaf Glazer. 2016. Systems and methods for configuring baby monitor cameras to provide uniform data sets for analysis and to provide an advantageous view point of babies. US Patent 9,530,080.

[49]

Prosanta Gope, Jemin Lee, and Tony Q. S. Quek. 2018. Lightweight and practical anonymous authentication protocol for RFID systems using physically unclonable functions. IEEE Trans. Inf. Forens. Secur. 13, 11 (2018), 2831--2843.

[50]

Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. 2006. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM Conference on Computer and Communications Security. 89--98.

Digital Library

[51]

J. Granjal, E. Monteiro, and J. Sá Silva. 2015. Security for the Internet of Things: A survey of existing protocols and open research issues. IEEE Commun. Surv. Tutor. 17, 3 (2015), 1294--1312.

Digital Library

[52]

Daniel Hahn, Noah Apthorpe, and Nick Feamster. 2018. Detecting compressed cleartext traffic from consumer Internet of Things devices. arXiv preprint arXiv:1805.02722 (2018).

[53]

Yasmine Harbi, Zibouda Aliouat, Saad Harous, Abdelhak Bentaleb, and Allaoua Refoufi. 2019. A review of security in Internet of Things. Wirel. Person. Commun. 108 (2019), 1--20.

[54]

George Hatzivasilis, Othonas Soultatos, Sotiris Ioannidis, Christos Verikoukis, Giorgos Demetriou, and Christos Tsatsoulis. 2019. Review of security and privacy for the Internet of Medical Things (IoMT). In Proceedings of the 15th International Conference on Distributed Computing in Sensor Systems. IEEE, 457--464.

[55]

Debiao He, Sherali Zeadally, Neeraj Kumar, and Wei Wu. 2016. Efficient and anonymous mobile user authentication protocol using self-certified public key cryptography for multi-server architectures. IEEE Trans. Inf. Forens. Secur. 11, 9 (2016), 2052--2064.

Digital Library

[56]

Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, and Blase Ur. 2018. Rethinking access control and authentication for the home Internet of Things (IoT). In Proceedings of the 27th USENIX Conference on Security Symposium (SEC’18). USENIX Association, Berkeley, CA, 255--272.

Digital Library

[57]

Kashmir Hill. 2014. Baby Monitor Hacker Still Terrorizing Babies And Their Parents. Retrieved from https://www.reshareworthy.com/hacked-baby-monitor/.

[58]

Grant Ho, Derek Leung, Pratyush Mishra, Ashkan Hosseini, Dawn Song, and David Wagner. 2016. Smart locks: Lessons for securing commodity Internet of Things devices. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (ASIA CCS’16). ACM, New York, NY, 461--472.

Digital Library

[59]

Donell Holloway and Lelia Green. 2016. The Internet of Toys. Commun. Res. Pract. 2, 4 (2016), 506--519.

[60]

Hang Hu, Limin Yang, Shihan Lin, and Gang Wang. 2020. Security vetting process of smart-home assistant applications: A first look and case studies. arXiv preprint arXiv:2001.04520 (2020).

[61]

Patrick C. K. Hung, Farkhund Iqbal, Shih-Chia Huang, Mohammed Melaisi, and Kevin Pang. 2016. A glance of child’s play privacy in smart toys. In Proceedings of the International Conference on Cloud Computing and Security, Xingming Sun, Alex Liu, Han-Chieh Chao, and Elisa Bertino (Eds.). Springer International Publishing, Cham, 217--231.

[62]

Muzammil Hussain, A. A. Zaidan, B. B. Zidan, S. Iqbal, M. M. Ahmed, O. S. Albahri, and A. S. Albahri. 2018. Conceptual framework for the security of mobile health applications on Android platform. Telemat. Inform. 35, 5 (2018), 1335--1354.

[63]

Catherine Jackson and Angela Orebaugh. 2018. A study of security and privacy issues associated with the Amazon Echo. Int. J. Internet Things Cyber-assur. 1, 1 (2018), 91--100.

[64]

William Jang, Adil Chhabra, and Aarathi Prasad. 2017. Enabling multi-user controls in smart home devices. In Proceedings of the Workshop on Internet of Things Security and Privacy. Association for Computing Machinery, New York, NY, 49--54.

Digital Library

[65]

Don Johnson, Alfred Menezes, and Scott Vanstone. 2001. The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1, 1 (2001), 36--63.

Digital Library

[66]

Ari Juels and Alina Oprea. 2013. New approaches to security and availability for cloud data. Commun. ACM 56, 2 (2013), 64--73.

Digital Library

[67]

Kaushal Kafle, Kevin Moran, Sunil Manandhar, Adwait Nadkarni, and Denys Poshyvanyk. 2019. A study of data store-based home automation. In Proceedings of the 9th ACM Conference on Data and Application Security and Privacy (CODASPY’19). ACM, New York, NY, 73--84.

Digital Library

[68]

Sylwia Kechiche. 2018. IoT: The next wave of connectivity and services. Retrieved from https://data.gsmaintelligence.com/research/research/research-2018/iot-the-next-wave-of-connectivity-and-services.

[69]

Issa M. Khalil, Abdallah Khreishah, and Muhammad Azeem. 2014. Cloud computing security: A survey. Computers 3, 1 (2014), 1--35.

[70]

Minhaj Ahmad Khan and Khaled Salah. 2018. IoT security: Review, blockchain solutions, and open challenges. Fut. Gen. Comput. Syst. 82 (2018), 395--411.

[71]

Hokeun Kim, Eunsuk Kang, David Broman, and Edward A. Lee. 2020. Resilient authentication and authorization for the Internet of Things (IoT) using edge computing. ACM Trans. Internet Things 1, 1 (Mar. 2020).

Digital Library

[72]

Raj Kumar, Pramod Kumar, and Vivek Singhal. 2019. A survey: Review of cloud IoT security techniques, issues and challenges. In Proceedings of 2nd International Conference on Advanced Computing and Software Engineering (ICACSE’19).

[73]

Z. Ling, K. Liu, Y. Xu, Y. Jin, and X. Fu. 2017. An end-to-end view of IoT security and privacy. In Proceedings of the IEEE Global Communications Conference (GLOBECOM’17). 1--7.

[74]

Zhen Ling, Junzhou Luo, Yiling Xu, Chao Gao, Kui Wu, and Xinwen Fu. 2017. Security vulnerabilities of internet of things: A case study of the smart plug system. IEEE Internet Things J. 4, 6 (2017), 1899--1909.

[75]

Cullen Linn and Saumya Debray. 2003. Obfuscation of executable code to improve resistance to static disassembly. In Proceedings of the 10th ACM Conference on Computer and Communications Security. 290--299.

Digital Library

[76]

Anindya Maiti and Murtuza Jadliwala. 2019. Light ears: Information leakage via smart lights. Proc. ACM Interact. Mob., Wear. Ubiq. Technol. 3, 3 (Sept. 2019).

[77]

Vincentius Martin, Qiang Cao, and Theophilus Benson. 2017. Fending off IoT-hunting attacks at home networks. In Proceedings of the 2nd Workshop on Cloud-assisted Networking (CAN’17). ACM, New York, NY, 67--72.

Digital Library

[78]

Ioannis Agrafiotis, Mary K. Bispham, and Michael Goldsmith. 2019. Nonsense attacks on Google assistant and missense attacks on Amazon Alexa. In Proceedings of the 5th International Conference on Information Systems Security and Privacy. SciTePress.

[79]

J. Max. 2016. Backdooring the Frontdoor Hacking a “perfectly secure” smart lock. Retrieved from https://media.defcon.org/DEFCON24/DEFCON24presentations/DEFCON-24-Jmaxxz-Backdooring-the-Frontdoor.pdf.

[80]

T. D. McAllister, S. El-Tawab, and M. H. Heydari. 2017. Localization of health center assets through an IoT environment (LoCATE). In Proceedings of the Systems and Information Engineering Design Symposium. 132--137.

[81]

Jack McBride, Julio Hernandez-Castro, and Budi Arief. 2017. Earworms make bad passwords: An analysis of the Nokē smart lock manual override. In Proceedings of the International Workshop on Secure Internet of Things. IEEE, 30--39.

[82]

Vittorio Miori, Dario Russo, and Luca Ferrucci. 2019. Interoperability of home automation systems as a critical challenge for IoT. In Proceedings of the 4th International Conference on Computing, Communications and Security (ICCCS’19). IEEE, 1--7.

[83]

Richard Mitev, Markus Miettinen, and Ahmad-Reza Sadeghi. 2019. Alexa lied to me: Skill-based man-in-the-middle attacks on virtual assistants. In Proceedings of the ACM Asia Conference on Computer and Communications Security (Asia CCS’19). ACM, New York, NY, 465--478.

Digital Library

[84]

Dang Tu Nguyen, Chengyu Song, Zhiyun Qian, Srikanth V. Krishnamurthy, Edward J. M. Colbert, and Patrick McDaniel. 2018. IotSan: Fortifying the safety of IoT systems. In Proceedings of the 14th International Conference on Emerging Networking EXperiments and Technologies (CoNEXT’18). ACM, New York, NY, 191--203.

Digital Library

[85]

Sukhvir Notra, Muhammad Siddiqi, Hassan Habibi Gharakheili, Vijay Sivaraman, and Roksana Boreli. 2014. An experimental study of security and privacy risks with emerging household appliances. In Proceedings of the IEEE Conference on Communications and Network Security. IEEE, 79--84.

[86]

Johannes Obermaier and Martin Hutle. 2016. Analyzing the security and privacy of cloud-based video surveillance systems. In Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security. ACM, 22--28.

Digital Library

[87]

Yin Minn Pa Pa, Shogo Suzuki, Katsunari Yoshioka, Tsutomu Matsumoto, Takahiro Kasama, and Christian Rossow. 2015. IoTPOT: Analysing the rise of IoT compromises. In Proceedings of the 9th USENIX Conference on Offensive Technologies (WOOT’15). USENIX Association, Berkeley, CA.

[88]

T. Pflanzner and A. Kertesz. 2018. A taxonomy and survey of IoT cloud applications. EAI Endor. Trans. Internet Things 3, 12 (4 2018).

[89]

Deepak Puthal, Rajiv Ranjan, Surya Nepal, and Jinjun Chen. 2018. IoT and big data: An architecture with data flow and security issues. In Cloud Infrastructures, Services, and IoT Systems for Smart Cities, Antonella Longo, Marco Zappatore, Massimo Villari, Omer Rana, Dario Bruneo, Rajiv Ranjan, Maria Fazio, and Philippe Massonet (Eds.). Springer International Publishing, Cham, 243--252.

[90]

Alex Ramos, Marcella Lazar, Raimir Holanda Filho, and Joel J. P. C. Rodrigues. 2017. Model-based quantitative network security metrics: A survey. IEEE Commun. Surv. Tutor. 19, 4 (2017), 2704--2734.

[91]

Bradley Reaves, Logan Blue, and Patrick Traynor. 2016. Authloop: End-to-end cryptographic authentication for telephony over voice channels. In Proceedings of the 25th USENIX Security Symposium. 963--978.

[92]

M. Dworkin, E. Barker, J. Nechvatal, J. Foti, L. Bassham, E. Roback, and J. Dray. 2001. Advanced encryption standard (AES). Federal Inf. Process. Stds. (NIST FIPS). National Institute of Standards and Technology, Gaithersburg, MD, [online]. https://doi.org/10.6028/NIST.FIPS.197 (Accessed April 13, 2021).

[93]

E. Ronen and A. Shamir. 2016. Extended functionality attacks on IoT devices: The case of smart lights. In Proceedings of the IEEE European Symposium on Security and Privacy. 3--12.

[94]

Eyal Ronen and Adi Shamir. 2016. Extended functionality attacks on IoT devices: The case of smart lights. In Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P’’16). IEEE, 3--12.

[95]

Amirfardad Salami and Alireza Yari. 2018. A framework for comparing quantitative and qualitative criteria of IoT platforms. In Proceedings of the 4th International Conference on Web Research (ICWR’18). IEEE, 34--39.

[96]

Florian Schmeidl, Bara’ Nazzal, and Manar H. Alalfi. 2019. Security analysis for SmartThings IoT applications. In Proceedings of the 6th International Conference on Mobile Software Engineering and Systems (MOBILESoft’19). IEEE Press, Piscataway, NJ, 25--29.

[97]

Sebastian Schrittwieser, Stefan Katzenbeisser, Johannes Kinder, Georg Merzdovnik, and Edgar Weippl. 2016. Protecting software through obfuscation: Can it keep pace with progress in code analysis?Comput. Surv. 49, 1 (2016), 1--37.

Digital Library

[98]

J. Schuette and G. S. Brost. 2018. LUCON: Data flow control for message-based IoT systems. In Proceedings of the 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE’18). 289--299.

[99]

Yogeesh Seralathan, Tae Tom Oh, Suyash Jadhav, Jonathan Myers, Jaehoon Paul Jeong, Young Ho Kim, and Jeong Neyo Kim. 2018. IoT security vulnerability: A case study of a Web camera. In Proceedings of the 20th International Conference on Advanced Communication Technology. IEEE, 172--177.

[100]

Jian Shen, Ziyuan Gui, Sai Ji, Jun Shen, Haowen Tan, and Yi Tang. 2018. Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks. J. Netw. Comput. Applic. 106 (2018), 117--123.

[101]

S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini. 2015. Security, privacy and trust in Internet of Things: The road ahead. Comput. Netw. 76 (2015), 146--164.

Digital Library

[102]

Ashish Singh and Kakali Chatterjee. 2017. Cloud security issues and challenges: A survey. J. Netw. Comput. Applic. 79 (2017), 88--115.

Digital Library

[103]

Jatinder Singh, Thomas Pasquier, Jean Bacon, Hajoon Ko, and David Eyers. 2015. Twenty security considerations for cloud-supported Internet of Things. IEEE Internet Things J. 3, 3 (2015), 269--284.

[104]

Vijay Sivaraman, Dominic Chan, Dylan Earl, and Roksana Boreli. 2016. Smart-phones attacking smart-homes. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec’16). ACM, New York, NY, 195--200.

Digital Library

[105]

Vijay Sivaraman, Hassan Habibi Gharakheili, Arun Vishwanath, Roksana Boreli, and Olivier Mehani. 2015. Network-level security and privacy control for smart-home IoT devices. In Proceedings of the IEEE 11th International Conference on Wireless and Mobile Computing, Networking and Communications. IEEE, 163--167.

[106]

Inc. Somerset Recon. 2016. Hello Barbie Initial Security Analysis. Retrieved from https://static1.squarespace.com/static/543effd8e4b095fba39dfe59/t/56a66d424bf1187ad34383b2/1453747529070/HelloBarbieSecurityAnalysis.pdf.

[107]

Sergios Soursos, Ivana Podnar Žarko, Patrick Zwickl, Ivan Gojmerac, Giuseppe Bianchi, and Gino Carrozzo. 2016. Towards the cross-domain interoperability of IoT platforms. In Proceedings of the European Conference on Networks and Communications. 398--402.

[108]

Mark Stanislav and Tod Beardsley. 2015. Hacking IoT: A Case Study on Baby Monitor Exposures and Vulnerabilities. Technical Report. Rapid 7. Retrieved from https://media.kasperskycontenthub.com/wp-content/uploads/sites/63/2015/11/21031739/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf.

[109]

Maria Stoyanova, Yannis Nikoloudakis, Spyridon Panagiotakis, Evangelos Pallis, and Evangelos K. Markakis. 2020. A survey on the Internet of Things (IoT) forensics: Challenges, approaches, and open issues. IEEE Commun. Surv. Tutor. 22, 2 (2020), 1191--1221.

[110]

Hamed Tabrizchi and Marjan Kuchaki Rafsanjani. 2020. A survey on security challenges in cloud computing: Issues, threats, and solutions. J Supercomput 76, 12 (2020), 9493--9532.

[111]

Ali Tekeoglu and Ali Saman Tosun. 2015. Investigating security and privacy of a cloud-based wireless IP camera: NetCam. In Proceedings of the International Conference on Computer Communication and Networks. 1--6.

[112]

Abhijeet Thakare, Euijong Lee, Ajay Kumar, Valmik B. Nikam, and Young-Gab Kim. 2020. PARBAC: Priority-attribute based RBAC model for Azure IoT cloud. IEEE Internet Things J. (2020).

[113]

Hong-Linh Truong and Schahram Dustdar. 2015. Principles for engineering IoT cloud systems. IEEE Cloud Comput. 2, 2 (2015), 68--76.

[114]

Yazhou Tu, Sara Rampazzi, Bin Hao, Angel Rodriguez, Kevin Fu, and Xiali Hei. 2019. Trick or heat? Manipulating critical temperature-based control systems using rectification attacks. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’19). Association for Computing Machinery, New York, NY, 2301--2315.

[115]

Junia Valente and Alvaro A. Cardenas. 2017. Security & privacy in smart toys. In Proceedings of the Workshop on Internet of Things Security and Privacy (IoTS&P’’17). Association for Computing Machinery, New York, NY, 19--24.

[116]

Pal Varga, Sandor Plosz, Gabor Soos, and Csaba Hegedus. 2017. Security threats and issues in automation IoT. In Proceedings of the IEEE 13th International Workshop on Factory Communication Systems. 1--6.

[117]

Qi Wang, Pubali Datta, Wei Yang, Si Liu, Adam Bates, and Carl A. Gunter. 2019. Charting the attack surface of trigger-action IoT platforms. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’19). Association for Computing Machinery, New York, NY, 1439--1453.

[118]

Wikipedia. 2020. Amazon Alexa. Retrieved from https://en.wikipedia.org/wiki/Amazon_Alexa.

[119]

Daniel Wood, Noah Apthorpe, and Nick Feamster. 2017. Cleartext data transmissions in consumer IoT medical devices. In Proceedings of the Workshop on Internet of Things Security and Privacy. ACM, 7--12.

Digital Library

[120]

Jacob Wurm, Khoa Hoang, Orlando Arias, Ahmad-Reza Sadeghi, and Yier Jin. 2016. Security analysis on consumer and industrial IoT devices. In Proceedings of the 21st Asia and South Pacific Design Automation Conference. IEEE, 519--524.

Digital Library

[121]

Haitao Xu, Fengyuan Xu, and Bo Chen. 2018. Internet protocol cameras with no password protection: An empirical investigation. In Proceedings of the International Conference on Passive and Active Network Measurement. Springer, 47--59.

[122]

Haitao Xu, Fengyuan Xu, and Bo Chen. 2018. Internet protocol cameras with no password protection: An empirical investigation. In Passive and Active Measurement, Robert Beverly, Georgios Smaragdakis, and Anja Feldmann (Eds.). Springer International Publishing, Cham, 47--59.

[123]

Moosa Yahyazadeh, Proyash Podder, Endadul Hoque, and Omar Chowdhury. 2019. Expat: Expectation-based policy analysis and enforcement for appified smart-home platforms. In Proceedings of the 24th ACM Symposium on Access Control Models and Technologies (SACMAT’19). ACM, New York, NY, 61--72.

Digital Library

[124]

Tianlong Yu, Vyas Sekar, Srinivasan Seshan, Yuvraj Agarwal, and Chenren Xu. 2015. Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-Things. In Proceedings of the 14th ACM Workshop on Hot Topics in Networks (HotNets’15). ACM, New York, NY.

Digital Library

[125]

Ivana Podnar Žarko, Szymon Mueller, Marcin Płociennik, Tomasz Rajtar, Michael Jacoby, Matteo Pardi, Gianluca Insolvibile, Vasileios Glykantzis, Aleksandar Antonić, Mario Kušek et al. 2019. The symbIoTe solution for semantic and syntactic interoperability of cloud-based IoT platforms. In Proceedings of the Global IoT Summit. IEEE, 1--6.

[126]

Eric Zeng, Shrirang Mare, and Franziska Roesner. 2017. End user security & privacy concerns with smart homes. In Proceedings of the 13th USENIX Conference on Usable Privacy and Security (SOUPS’17). USENIX Association, Berkeley, CA, 65--80.

[127]

Eric Zeng and Franziska Roesner. 2019. Understanding and improving security and privacy in multi-user smart homes: A design exploration and in-home user study. In Proceedings of the USENIX Security Symposium. 159--176.

[128]

Nan Zhang, Xianghang Mi, Xuan Feng, XiaoFeng Wang, Yuan Tian, and Feng Qian. 2019. Dangerous skills: Understanding and mitigating security risks of voice-controlled third-party functions on virtual personal assistant systems. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE.

[129]

Wei Zhang, Yan Meng, Yugeng Liu, Xiaokuan Zhang, Yinqian Zhang, and Haojin Zhu. 2018. HoMonit: Monitoring smart home apps from encrypted traffic. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’18). Association for Computing Machinery, New York, NY, 1074--1088.

Digital Library

[130]

Yangyong Zhang, Lei Xu, Abner Mendoza, Guangliang Yang, Phakpoom Chinprutthiwong, and Guofei Gu. 2019. Life after speech recognition: Fuzzing semantic misinterpretation for voice assistant applications. In Proceedings of the Network and Distributed System Security Symposium.

[131]

Serena Zheng, Noah Apthorpe, Marshini Chetty, and Nick Feamster. 2018. User perceptions of smart home IoT privacy. Proc. ACM Hum.-comput. Interact. 2 (Nov. 2018).

Digital Library

[132]

Wei Zhou, Yan Jia, Yao Yao, Lipeng Zhu, Le Guan, Yuhang Mao, Peng Liu, and Yuqing Zhang. 2019. Discovering and understanding the security hazards in the interactions between IoT devices, mobile apps, and clouds on smart home platforms. In Proceedings of the 28th USENIX Conference on Security Symposium (SEC’19). USENIX Association, Berkeley, CA, 1133--1150.

Digital Library

Cited By

Singh NBuyya RKim H(2024)Securing Cloud-Based Internet of Things: Challenges and MitigationsSensors10.3390/s2501007925:1(79)Online publication date: 26-Dec-2024
https://doi.org/10.3390/s25010079
Xiao YChen JHu YHuang J(2024)FIRMRES: Exposing Broken Device-Cloud Access Control in IoT Through Static Firmware Analysis2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00054(495-506)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00054
Rosa LFoschini LCorradi A(2024)Empowering Cloud Computing With Network Acceleration: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2024.337753126:4(2729-2768)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1109/COMST.2024.3377531
Show More Cited By

Index Terms

IoT Cloud Security Review: A Case Study Approach Using Emerging Consumer-oriented Applications
1. Computer systems organization
  1. Embedded and cyber-physical systems
    1. Sensor networks
2. Security and privacy
  1. Software and application security
    1. Domain-specific security and privacy architectures
  2. Systems security
    1. Distributed systems security

Recommendations

SecureSense

Constrained Application Protocol (CoAP) has become the de-facto web standard for the IoT. Unlike traditional wireless sensor networks, Internet-connected smart thing deployments require security. CoAP mandates the use of the Datagram TLS (DTLS) protocol ...
Inter-cloud Data Transfer Security
CSNT '14: Proceedings of the 2014 Fourth International Conference on Communication Systems and Network Technologies

The use of cloud computing has increased rapidly in many organizations. Cloud computing provides many benefits in terms of low cost and accessibility of data. Cloud computing has generated a lot of interest and competition in the industry and it is ...
A Security Scheme for Fog Computing Environment of IoT
IoT S&P'19: Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things

As an extension of cloud computing, fog computing environment as well as fog node plays an increasingly important role in internet of things (IoT). This technology provides IoT with more distributed and efficient applications and services. However, IoT ...

Comments

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 54, Issue 4

May 2022

782 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3464463

Editor:
Albert Zomaya
University of Sydney, Australia

Issue’s Table of Contents

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 May 2021

Accepted: 01 January 2021

Revised: 01 January 2021

Received: 01 October 2019

Published in CSUR Volume 54, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

National Natural Science Foundation of China

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
1,596
Total Downloads

Downloads (Last 12 months)171
Downloads (Last 6 weeks)20

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Singh NBuyya RKim H(2024)Securing Cloud-Based Internet of Things: Challenges and MitigationsSensors10.3390/s2501007925:1(79)Online publication date: 26-Dec-2024
https://doi.org/10.3390/s25010079
Xiao YChen JHu YHuang J(2024)FIRMRES: Exposing Broken Device-Cloud Access Control in IoT Through Static Firmware Analysis2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00054(495-506)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00054
Rosa LFoschini LCorradi A(2024)Empowering Cloud Computing With Network Acceleration: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2024.337753126:4(2729-2768)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1109/COMST.2024.3377531
Xiao JChang CWu PMa Y(2023)Attribute identification based IoT fog data security control and forwardingPeerJ Computer Science10.7717/peerj-cs.17479(e1747)Online publication date: 20-Dec-2023
https://doi.org/10.7717/peerj-cs.1747
Surianarayanan CChelliah P(2023)Integration of the Internet of Things and CloudInternational Journal of Cloud Applications and Computing10.4018/IJCAC.32562413:1(1-30)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.4018/IJCAC.325624
Chen FLuo DLi JLeung VLi SFan J(2023)Arm PSA-Certified IoT Chip Security: A Case StudyTsinghua Science and Technology10.26599/TST.2021.901009428:2(244-257)Online publication date: Apr-2023
https://doi.org/10.26599/TST.2021.9010094
Wang TLiang YShen XZheng XMahmood ASheng Q(2023)Edge Computing and Sensor-Cloud: Overview, Solutions, and DirectionsACM Computing Surveys10.1145/358227055:13s(1-37)Online publication date: 13-Jul-2023
https://dl.acm.org/doi/10.1145/3582270
Katta SAlrawashdeh KAdebayo JTulasi MDokka M(2023)Blockchain-Based Distributed Hybrid Cloud Identity Management for Securing IoT Devices in the CloudNAECON 2023 - IEEE National Aerospace and Electronics Conference10.1109/NAECON58068.2023.10365929(67-72)Online publication date: 28-Aug-2023
https://doi.org/10.1109/NAECON58068.2023.10365929
Gupta BGaurav AChui KArya V(2023)Optimized Edge-cCCN Based Model for the Detection of DDoS Attack in IoT EnvironmentEdge Computing – EDGE 2023 10.1007/978-3-031-51826-3_2(14-23)Online publication date: 17-Dec-2023
https://dl.acm.org/doi/10.1007/978-3-031-51826-3_2
Hussein NNhlabatsi A(2022)Living in the Dark: MQTT-Based Exploitation of IoT Security Vulnerabilities in ZigBee Networks for Smart Lighting ControlIoT10.3390/iot30400243:4(450-472)Online publication date: 23-Nov-2022
https://doi.org/10.3390/iot3040024
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Issue’s Table of Contents