Internet of Things Systematic literature review of security and future research
Muhammad Aqeel
Subject: Information Systems Corresponds to: 30 hp Presented: VT 2020 Supervisor: Franck Tetard Examiner: Mudassir Imran Mustafa Department of Informatics and Media
ii
Abstract The Internet of Things (IoT) is the network of billions of devices, people and services to
Interconnect and exchange information and useful data. The IoT applications are highly
affirming to increase the level of comfort, efficiency and automations for the user. The high
level of security and privacy, authentication and recovery from the attacks is required to
implement IoT automated world. In this thesis I am presenting an overview of IoT layer
architecture and attacks regarding security from the layer’s perspective. In addition, this thesis
will provide an overview to solve the security and privacy threats. Furthermore, this paper
discusses the current state of research on IoT security requirements and future research
directions with respect to IoT security and privacy, a detailed review of the security challenges
and sources of threat in the IoT applications is presented. Finally, this thesis presents the
security issues, various emerging and existing technologies focused on achieving a high degree
of trust in the IoT applications.
Keywords: Internet of Things, characteristics of IoT, IoT security, IoT future
development.
iii
ACKNOWLEDGEMENT
I would like to acknowledge everyone who played a role in my academic accomplishment.
First of all, my family, who supported me with love and understanding. Without you, I could
never have reached current level of success. Secondly, my teachers and particularly my thesis
supervisor Frack Tetard, who guided me throughout the research process. Thank you all for
your support.
iv
Table of Contents 1. Internet of Things (IoT) background ............................................................................... 10
1.1 Introduction ........................................................................................................... 10
1.1.1. IoT devices ...................................................................................................... 13
1.1.2. IoT technologies ............................................................................................. 14
1.2. Information Security .................................................................................................. 15
1.2.1. Security threats of IoT ........................................................................................ 17
1.2.2. IoT security implementation .............................................................................. 17
1.3. Problem definition ..................................................................................................... 17
1.4. Research questions .................................................................................................... 18
1.5. Research methodology .............................................................................................. 18
1.6. Delimitation ................................................................................................................ 18
1.7. Thesis structure .......................................................................................................... 19
2. Background of IoT .......................................................................................................... 20
2.1 IoT definition .......................................................................................................... 20
2.1.1. Characteristics of IoT ...................................................................................... 21
2.2. IoT Architecture ......................................................................................................... 22
2.2.1. Three layers architecure ..................................................................................... 23
2.2.2. Five layers architecture ...................................................................................... 24
3. Methodology .................................................................................................................. 25
3.1. Research methodology .......................................................................................... 25
3.2. Systematic literature review using qualitative approach ....................................... 25
3.2.1. Systematic Literature review .......................................................................... 26
3.3. Research process .................................................................................................... 26
3.3.1. Purpose of the literature review .................................................................... 27
3.3.2. Searching the literature .................................................................................. 28
3.3.3. Data extraction strategy ................................................................................. 31
3.3.4. Quality appraisal ............................................................................................ 33
3.3.5. Synthesis of the literature .............................................................................. 33
3.3.6. Conducting the review ................................................................................... 34
4. Results ............................................................................................................................ 36
4.1. IoT security ................................................................................................................. 36
4.1.1. IoT security vs traditional IT security .................................................................. 36
4.1.2. IoT vulnerabilities ............................................................................................... 37
4.2. IoT Security Issues ...................................................................................................... 39
v
4.2.1. Perception layer/sensing layer threats .............................................................. 39
4.2.2. Network layer/transportation layer ................................................................... 41
4.2.3. Middleware layer ............................................................................................... 42
4.2.4. Application layer ................................................................................................ 43
4.3. Solution of IoT layers threats ..................................................................................... 45
4.3.1. Perception layer ................................................................................................. 45
4.3.2. Network layer ..................................................................................................... 45
4.3.3. Middleware layer ............................................................................................... 46
4.3.4. Application layer ................................................................................................ 46
4.4. IoT future ................................................................................................................... 46
4.4.1. IoT future research ............................................................................................. 47
4.4.2. Hardware devices ............................................................................................... 48
4.4.3. Sensor ................................................................................................................. 49
4.4.4. Communication technology ............................................................................... 50
4.4.5. Network technology ........................................................................................... 50
4.4.6. Software and algorithms .................................................................................... 51
4.4.7. Data and signal processing technology .............................................................. 51
4.4.8. Discovery and search engine technology ........................................................... 51
4.4.9. Security & Privacy technology ............................................................................ 51
5. Conclusion ...................................................................................................................... 53
5.1. Limitations .............................................................................................................. 54
5.2. IoT future work ....................................................................................................... 54
References: ............................................................................................................................ 55
Appendices: ............................................................................................................................ 58
vi
List of Figures
Figure 1-1 Internet of Things
Figure 1-2 Number of connected devices from 2012 to 2020
Figure 1-3 IoT communication components
Figure 1-4 Internet of everything
Figure 1-5 The properties of IoT devices
Figure 2-1 Characteristics of IoT
Figure 2-2 Three layers architecture of IoT
Figure 2-3 Five layers architecture of IoT
Figure 3-1 Systematic literature review
Figure 3-2 Flowchart of inclusion and exclusion criteria
Figure 3-3 Data extraction strategy
Figure 3-4 Synthesize the literature
Figure 3-5 Systematic review flowchart
Figure 4-1 IoT future technology development
vii
List of Tables
Table 1-1 IoT technologies
Table 1-2 Objectives of information security
Table 1-3 Objectives of information security
Table 3-1 Inclusion and exclusion criteria
Table 3-2 Number of selected papers
Table 3-3 Quality appraisal criteria
Table 4-1 IoT security vs Traditional IT security
Table 4-2 Common security vulnerabilities
Table 4-3 Perception layer threats
Table 4-4 Network layer threats
Table 4-5 Middleware layer threats
Table 4-6 Application layer threats
Table 4-7 IoT future development and research
viii
List of acronyms and abbreviations
IoT Internet of Things
RFID Radio Frequency Identification
IP Internet Protocol
ITU-T International Telecommunication Union - Telecommunication
Standardization Bureau
WSNs Wireless Sensor Networks
DoS Denial of service
GSM Global System of Mobile Communication
UMTS Universal Mobile Telecommunication
Wi-Fi Wireless Fidelity
ZB ZettaBytes
QoS Quality of service
IP Internet Protocol
ML Machine Learning
IDS Intrusion Detection Systems
IPS Intrusion Protection Systems
NFC Near Filed Communication
LAN Local Area Network
IoE Internet of Everything
AI Artificial Intelligence
IT Information Technology
10
1. Internet of Things (IoT) background This chapter contains a comprehensive introduction to the IoT, IoT layers, IoT architecture.
After the introduction of IoT, rest of the chapters contain the detail discussion of the IoT
architecture and security.
1.1 Introduction The concept of IoT was first introduced by a member of the Radio Frequency Identification
(RFID) development community in 1999. IoT has become more relevant to the world because
of rapid growth of mobile devices, communication, cloud computing and data analytics (Patel
and Patel, 2016). Now a days, more than seven billion users are using the Internet to perform
different type of tasks like sending and receiving emails, sharing information on social media,
reading books, playing games, browsing, online shopping. This wide scale usage of the Internet
making possible to introduce new trends, this global communication infrastructure enabling
the machines to communicate with each other and take decisions (Cerullo et al., 2018). The
IoT is a world where billions of objects can communicate and share information, all of these
objects are connected over the Internet protocol (IP). These connected objects generate huge
amount of data regularly which is collected, analysed and used to perform actions, provide
intelligence for decision making (Patel and Patel, 2016).
Figure 1-1: Internet of Things (Patel and Patel, 2016)
11
Figure 1-1 shows the implementation of IoT in almost all domains of the world as
transportation, agriculture, healthcare, energy production and distribution. IoT is transforming
the way we live today by making intelligent devices around us to perform daily tasks, smart
homes, smart cities, smart transportation etc. are the few examples which are linked with IoT
(Yousuf, Mahmoud, Aloul and Zualkernan, 2015).
The number of connected devices with the IoT environment is increasing every day. Burhan,
Rehman, Khan and Kim (2018) explains the reason of this rapid increase is; connected devices
provide comfort and produce good results compare to humans. Figure 1-2 shows number of
connected IoT devices from 2012 to 2020. The number of connected devices is increasing with
enormous speed as shown in the figure 1-2.
Figure 1-2: Number of connected devices from 2012 to 2020 ((Burhan, Rehman, Khan and Kim, 2018)
The IoT applications reduce human efforts because they perform tasks automatically
Alongside, the benefits of these devices, they also have to face challenges, one of the biggest
challenges is security and privacy. The communication is the most important part of the IoT
because all the connected devices must be able to communicate with each other.
Figure 1-3: IoT communication components
Device Mobile
Middleware/Cloud
12
The main components of IoT for communication are shown in figure 1-3 (a) Hardware: consists
of physical components sensors, actuators etc. (b) Middleware: This is used for data storage
and contains computation tools which used for data analysis and (c) Presentation: visualization
and interpretation tools which can be widely accessed on different platforms (Gubbi, Buyya,
Marusic and Palaniswami, 2013).
Alaba, Othman, Hashem and Alotaibi (2017) explains that the IoT has established a universal
connection of people, objects, sensors, and services. The main objective of the IoT is to provide
a network infrastructure that allows communication protocols, software and incorporation of
physical/virtual sensors, personal computers, smart devices, automobiles, and different objects
of real life to connect with each other anytime on any network.
The increasing capabilities of different technologies like RFID, Wireless sensor network
(WSNs) and increased storage capacity of these technologies will increase the interconnected
devices. The different objects of our daily life such as people, vehicles, computers, books, TVs,
mobile phones, clothes, food, medicine, passports, luggage, etc. will have at least one unique
identification allowing them to communicate with one another (Abomhara and Koien, 2014).
Figure 1-4: Internet of Everything (adapted from Cisco, 2012)
Internet of everything (IoE) is the combination of people, process, data and things to make
network connections more valuable than ever before, it is helpful to change the information
People
Process
Data Things
Home
Business
Mobile
People to People
Machine to Machine
People to Machine
13
into actions that create new capabilities increase economic opportunity for businesses,
individuals and countries (Cisco, 2012). Figure 1-4 shows the main components of IoE i)
people will be connected in more relevant and valuable ways ii) data will be more intelligent
to make better decisions iii) process deliver the right information to the right person at the right
time and iv) things are physical devices and objects connected to the Internet. IoE is helpful to
improve industry outcomes by increasing the power of the Internet, it is also helpful to increase
IoT progress (Evans, 2012).
1.1.1. IoT devices The IoT as discussed by Radoglou Grammatikis, Sarigiannidis and Moscholios (2019) consists
of many networks in which the devices can interact with each other via the Internet. These
devices are usually called as “things” and are discussed in the figure 1-5, each of these “things”
have its own properties.
Figure 1-5: The properties of IoT devices (Radoglou Grammatikis, Sarigiannidis and Moscholios, 2019)
Identification: This is the first property of connected devices. Each IoT device required to
identify uniquely within the network. Two methods IPV4 and IPV6 are used to assign unique
address to the objects in the network. Firstly, IPV4 was used for addressing but due to increase
of the object IPV6 is being used because it is 128 bit addressing scheme (Burhan, Rehman,
Khan and Kim, 2018).
Sensing: This method is used to obtain the information from the physical environment
(Radoglou Grammatikis, Sarigiannidis and Moscholios, 2019). Different sensing devices are
used to collect the data from the devices such as smart sensors, actuator, RFID tags (Burhan,
Rehman, Khan and Kim, 2018).
Communication: In this process connected devices sends and receive data, messages, files etc.
Different technologies are used to perform communication among objects such as Bluetooth,
Wireless networks, RFID etc.
14
Computation: This method is used to process the information which is obtained from the
devices (Radoglou Grammatikis, Sarigiannidis and Moscholios, 2019). It is used to remove
unnecessary information. Different hardware and software platforms are available to perform
computing (Burhan, Rehman, Khan and Kim, 2018).
Services: It refers the functions provided by the devices to the users according to the
information which they receive (Radoglou Grammatikis, Sarigiannidis and Moscholios, 2019).
Semantics: It is the last property of the connected devices. It refers that the IoT devices have
the ability to obtain correct information from the physical environment and provide information
as services at the right time (Radoglou Grammatikis, Sarigiannidis and Moscholios, 2019).
1.1.2. IoT technologies IoT is used to connect different products with the digital world, this interconnection among the
devices is growing with the advancement of the technologies like sensors, smart phone, cloud
computing, communication capabilities etc. (Abomhara and Koien, 2014). The IoT is a
network of different physical objects like vehicles, machines, home appliances, and more that
use different technologies to exchange data over the Internet. Table 1-1 explains technologies
which support the concept of IoT.
Table 1-1: IoT technologies
IoT technologies Supporting technologies
Identification technologies RFID, WSN
Networks and Communication technologies GSM, UMTS, Wi-Fi, Bluetooth,
ZigBee
Software and Hardware technolgies Smart devices with enhanced inter-
device communication
Identification technologies: The connected devices in IoT environment needs to be defined
uniquely. The Identification technologies such as RFID and WSN are used for unique
identification of connected devices.
15
Network and communication technologies: Technologies like Global system of mobile
communication (GSM), Universal mobile telecommunication (UMTS), Wireless Fidelity (Wi-
Fi), Bluetooth, ZigBee allows the devices to connect with each other. The communication
among the connected devices need to be secure so that the user can use the network with full
confidence and security assurance.
Software and hardware technologies: smart devices with high communication among device
will lead to smart systems providing high degrees of intelligence and autonomy, facilitating
the rapid IoT application deployment (Abomhara and Koien, 2014).
1.2. Information Security Information security is an important aspect of the life for the organizations and individuals
using Information system. These systems store and share important information which require
protections against a range of threats which require a variety of security controls. These
systems and information need to be protected from unauthorized access, disclosure, disruption,
modification. Vashi et al. (2017) discuss that the use of IoT of increasing rapidly which make
it more vulnerabilities and security problems. Burg, Chattopadhyay and Lam (2018) explains
the communication and security of IoT is provided by a huge wireless and wired infrastructure
that provide the connectivity among the devices.
The Internet is the underlying foundation of IoT, both of these technologies are facing same
type of security issues. IoT comprises of three main layers the perception layer, transportation
layer and the application layer. Each of these layers has its own security problems.
Information security comprises of three objectives i.e. Confidentiality, Integrity and
availability (Awad et al., 2018). The explainetion of Information security objectives is
available in the table 1-2.
16
Table 1-2 Objectives of information security
Objectives Description
Confidentiality Confidentiality means, information should not be available or disclosed to unauthorized persons.
Integrity Integrity means, assurance of accuracy and reliability that no one can make changes without authorization.
Availability Availability means, that data or information
should be available when needed.
The main objectives of information security are discussed in the table 1-2. According to Awad
et al. (2018) the objectives explained in the above table are the most commonly available in all
the information security literature but there are few more properties which are equally
important for the information security. Those properties are explained in the table 1-3.
Table 1-3 Objectives of information security
Objectives/properties Description
Authenticity Authenticity means, that data/information is
genuine and being able to be verified and
trusted (Awad et al., 2018).
Accountability Accountability means, non-repudiation,
deterrence, fault isolation, intrusion
detection and prevention and legal action
(Awad et al., 2018).
Non-repudiation Both the sender and receiver provide the
proof of the sending and receiving the data
(Awad et al., 2018).
Reliability Reliability means, the results are consistent
and as they are intended.
17
1.2.1. Security threats of IoT IoT is a layered architecture, it consists of three layers or five layers. Three layers are
perception layer, network layer and application layer and five layers are perception layer,
network layer, application layer, middleware layer and business layer. Each layer is susceptible
to security threats and attacks. These can be active, or passive. These threats can originate from
external sources or internal network (Yousuf, Mahmoud, Aloul and Zualkernan, 2015). Firstly,
attacks on perception layer could be leakage of confidential information, Denial of service
(Dos) attack etc. Secondly, attacks on the network layer could be sybil attack, sinkhole attack,
man in middle attack etc. Finally, attacks on the application layer could be malicious code
injection, sniffing attach etc.
1.2.2. IoT security implementation As discussed in the previous section each of the layer has different type of security attacks. The
different security measures are implemented to protect the data e.g. encryption; authentication,
confidentiality and access control.
1.3. Problem definition The IoT is not only a single technology, rather it is a combination of different hardware and
software technologies. The solutions provided by the IoT is based on the information
technology, which refers the hardware and software which use to store, retrieve and process
data (Patel and Patel, 2016). Furthermore, the communication technologies are also important
part of IoT. The IoT uses all the available technologies for communication like Bluetooth,
RFID, NFC, Wi Fi etc. These communication technologies need to be efficient, reliable and
secure to fill the requirements of the IoT.
The companies and employees in the industry are still unaware of this concept. The lack of
knowledge and awareness most of the companies are hesitant to deploy IoT. They are unaware
of the potential security and privacy issues connected to their deployment of IoT. The
companies need to know more about this concept because of above mentioned problems. They
want to know more about the potential threats and solutions regarding the security of IoT.
Furthermore, they want to know more about the competency required for the information
security and how cost effective these security issues in conjunction with their deployment of
18
IoT. This knowledge and competence should help them to transfer from a non-IoT-business to
an IoT-business.
1.4. Research questions As discussed in the previous sections the IoT is a relatively new technology most of the
companies are hesitant to deploy IoT technology. Hopefully, this thesis provides the
information which is required by the companies to deploy IoT technology. Keeping in view,
this thesis work will focus on following questions.
Q 1. What are IoT security issues in the layered architecture?
Q 2. How the IoT security is being implemented in the layered architecture?
Q 3. How the technology can be improved for the IoT future growth?
1.5. Research methodology The research methodology of this thesis project is literature review using a qualitative
approach. Webster & Watson (2002) explains as a literature review creates a firm foundation
for advancing knowledge, a successful literature review facilitates theory development, closes
areas where a plethora or research exist, and uncovers areas where research is needed. The
purpose of literature review is to build a knowledge base of research. Systematic literature
review is used to find relevant research to answer the research questions.
1.6. Delimitation IoT is a mixture of different hardware and software technology. The IoT technology solutions
based on the information technology (IT), refers to hardware and software which used to store,
retrieve, process data and communications technology which includes electronic systems used
for communication between individuals or groups (Patel and Patel, 2016). IoT is a layered
architecture as discussed before, each of the layers have own security risks while performing
their actions. This thesis work will focus on privacy and security threats of IoT and
countermeasures used to overcome those threats. The different protocols are used for
communication among the connected devices. Unfortunately, these protocols are not the part
of this study because of the time limitations.
19
1.7. Thesis structure Chapter 1 presents the brief introductionIoT and Information Security in conjunction with IoT.
Chapter 2 present the background of the IoT and its layered architecture. Chapter 3 present the
methodology used for the systematic literature review. Chapter 4 present the IoT security issues
and answer the research questions. At the end conclusion based on this research paper will be
discussed.
20
2. Background of IoT
This chapter contains a comprehensive discussion about IoT its characteristic and IoT layered
architecture Definition of IoT
2.1 IoT definition
IoT has many definitions and different authors define this term differently. This variation
depends on which context the term is used and the aim of using the things. (Patel and Patel,
2016) defines IoT as IoT is not only a network of computers rather it has developed a network
of all type of devices like digital cameras, vehicles, smart phones, home appliances, medical
instruments and industrial systems, people, buildings, all of these connected devices can
communicate and share in order to achieve smart reorganizations, positioning, online upgrade,
process control and administration. Dorsemaine et al. (2015) defines IoT is an infrastructure
of connected objects which allows their management, data mining and the access to the data
they generate.”
The more comprehensive and recommended definition of IoT is proposed by International
Telecommunication Union - Telecommunication Standardization Bureau (ITU-T). ITU-T
(2012) defines IoT as “a global infrastructure for the information society, enabling advanced
services by interconnecting (physical and virtual) things based on existing and evolving
interoperable information and communication technologies”. The interconnection of physical
world with the virtual world opens up new possibilities which enables to access anything from
any place. This interconnection can also increase the possibilities of new threats, security risks
and vulnerabilities.
The IoT can be defined in different ways as mentioned in the above definitions. All these
definitions are somehow relevant with each other. The IoT can be defined as follows based on
the definitions mentioned above “IoT is an infrastructure of the geographically connected
devices like smartphones, industrial systems, vehicles etc. which connects using
communication technologies to generate and access the data to provide accurate positioning,
safety and administration.”
21
2.1.1. Characteristics of IoT The Internet of Things is the mixture of different hardware and software technologies. The IoT
solutions based on integration of information technology i.e. hardware and software used to
store, retrieve and process data (Patel and Patel, 2016). The Internet is the main communication
source for connectivity among different devices using wireless technologies such as RFID and
WSNs. These technologies use sensors to sense and monitor environment, these devices have
low resources in terms of computation, memory, storage and energy capacity (Viriyasitavat,
Anuphaptrirong and Hoonsopon, 2019).
Figure 2-1: Characteristics of IoT
The fundamental characteristics of the IoT are shown in figure 2-1. The characteristics of IoT
are Interconnectivity, things-related services, heterogeneity, dynamic changes, enormous scale,
safety and connectivity (Patel and Patel, 2016).
Interconnectivity: The IoT is the connection of different devices these devices can be
interlinked with each other using any network. The connected devices can be located at
geographically distributed locations. The connected devices can produce and share huge
amount of data that is stored and process at a centralized location such as cloud.
IoT
Dynamic changes
Enormous scale
Safety
Connecti_vity
Heteroge_neity
Things-related services
Interconn_ectivity
22
Things-related services: These services are provided within the boundaries of things such as
privacy and consistency between physical things and their associated virtual things (Patel and
Patel, 2016).
Heterogeneity: IoT system consists of different type of connected devices each of these devices
has its own hardware and software and follow different protocol. These devices can interact
with each other through different network (Viriyasitavat, Anuphaptrirong and Hoonsopon,
2019).
Dynamic changes: The IoT environment is very dynamic it continuously adopts the changes.
The connected devices through IoT system can be distributed at geographical locations. The
state of devices change dynamically, e.g. connecting and disconnecting from the network.
Moreover, the number of connected and disconnected devices can change dynamically (Patel
and Patel, 2016).
Enormous scale: The huge amount of data is produced by the interconnected devices. The data
produced by these devices need to manage in a systematic way.
Safety: This is the important aspect of IoT. The personal data and our physical well-being need
to be protected. Similarly, the networks and the data moving across the network needs to be
secure in all means.
Connectivity: It enables a network accessibility and compatibility. Accessibility is getting on
a network while compatibility provides the ability to consume and produce data (Patel and
Patel, 2016).
2.2. IoT Architecture IoT devices consists of multiple devices like sensors, actuators, processors, and transceivers.
IoT consist of multiple technologies that work together. Sensors and actuators are devices,
which are used to interact with the physical environment. The data collected by the sensors has
to be stored and processed intelligently in order to derive useful inferences from it (Sethi and
Sarangi, 2017). The communication between IoT devices is wireless because these devices are
23
located at geographically location. The communication through wireless connection always
have high rate of risk of unreliability and distortion.
2.2.1. Three layers architecure The IoT architecture consists of three or five layers (Sethi and Sarangi, 2017). Three-layer
architecture is considered the most basic architecture.
Figure 2-2: Three layers architecture of IoT
The Figure 2-2 shows the three-layer architecture of IoT. Above mentioned layer architecture
is described as follows:
(i) The perception layer is the physical layer: this layer has sensors for sensing and gathering
information about the environment. This layer identifies all the devices which are connected in
the physical environment.
(ii) The network layer this layer is responsible for connecting to other smart things, network
devices, and servers. This layer also used for transmitting and processing data among
connected devices.
(iii) The application layer this layer is responsible for delivering application specific services
to the user. This layer defines various applications where the IoT can be deployed e.g. smart
homes, smart cities, and smart health.
Application layer
Network layer
Perception layer/ sensing layer
24
2.2.2. Five layers architecture
The five layers architecture is the most detailed description of IoT architecture. Figure 6 shows
the five layers IoT.
Figure 2-3: Five layers architecture of IoT
Five-layer architecture is the provide the detail description of IoT layer whereas the three-layer
architecture defines the main idea. The figure 2-3 explain the five-layer architecture, business
layer, processing layer and transport layer added for the detail description of the IoT
architecture. These layers are explained below:
(i) The transport layer: This layer used to transport data form the from the perception layer to
the processing layer and vice versa through networks such as wireless, 3G, Local area network
(LAN), Bluetooth, RFID, and Near filed communication (NFC).
(ii) The processing layer: this layer is also considered as middleware layer. It stores, analyses,
and processes data that comes from the transport layer. This layer is also responsible to provide
different services to the lower layers. Different technologies such as databases, cloud
computing, and big data processing modules are also deployed in this layer.
(iii) The business layer: this layer manages the entire IoT system it manages all the
applications, business and profit models, and user’s privacy.
Business layer
Application layer
Middleware layer
Network layer
Perception layer
25
3. Methodology This chapter contains a comprehensive discussion about the methodology used to for this
thesis. This thesis follows the process of systematic literature review explained by Okoli and
Schabram (2010) in their paper titles as “A Guide to Conducting a Systematic Literature
Review of Information Systems Research”.
3.1.Research methodology The knowledge of the topic under discussion is essential to answer the research questions (as
proposed in chapter 1). It means, that prior knowledge of the project is important because this
would help to supplement the understanding about the topic. In order to answer the research
questions about IoT and its security I would review the research which already had been done
to get the detail knowledge of the topic and to avoid performing similar research again. This is
good approach as it will help to understand the different researches and get knowledge. This
knowledge will help me to review the literature systematically. It will also help me to answer
all the research questions.
3.2.Systematic literature review using qualitative approach A systematic literature review is used to find and review relevant literature in field of study
through a highly rigorous and systematic process. The process of systematic literature review
covers the content found in the literature alongside the methods used to find the literature, what
search strategies used and how and from where the literature searched. A systematic literature
review also focuses on the criteria used to evaluate the literature found for the review. Like
any literature review, a systematic literature review gives a broad understanding of topic area,
to show what work has already been done in the chosen area and what research methods are
being used. The literature review also helps to find research gap and direct your research.
There are three reasons of systematic literature review: clarity, validity and auditability. Clarity
focused on research questions and explicit search strategies which help to clarify considerations
of scope and terminology, validity focused on a valid research output, there should be a clear
reasoning behind the inclusion of particular papers and theories and auditability is used keep
the accurate results of systematic strategies. Accurate record keeping of search strategies will
allow others to verify results.
26
3.2.1. Systematic Literature review Systematic literature review provides theoretical background for the research; learning the
basics of research on a topic of interest; or answering practical questions by understanding
what existing research has to say on the matter. A systematic literature review must be
systematic by following a methodological approach, it also explain the procedures by which it
was conducted, it is comprehensive and includes all the relevant material, and reproducible by
others who would follow the same approach in reviewing the topic (Okoli and Schabram,
2010). A systematic literature review is a method to identify, evaluate and synthesize the
existing literature and also recorded work produced by researchers, scholars and practitioners
(Fink, 2005).
3.3.Research process A literature review is a discussion of the information relevant to the specified field of research.
The good quality systematic literature review consists of various steps, each of which is
required for a systematic literature review. All the steps are important for any kind of literature
review; however, for a review to be scientifically rigorous, all of the steps are essential (Okoli
and Schabram, 2010). Figure 3-1 describe the steps involved in the systematic literature review.
The literature review according to Rowley and Slack (2004) is a process to i) evaluate
information sources ii) searching and locating information resources iii) developing conceptual
frameworks and mind mapping iv) writing the literature review. A literature review is the study
of the existing literature in a subject field; the objective of the literature review is to summarize
the state of the art in that subject field. The literature review makes it possible to identify areas
in which further research would be beneficial.
27
Figure 3-1 Systematic literature review
This research follows a systematic literature review process described by (Okoli and Schabram,
2010). Figure 3-1 presents all the stages and activities involved in this systematic literature
review research.
3.3.1. Purpose of the literature review This is the first step of the review the researcher should clearly define the purpose and intended
goal of the review (Okoli and Schabram, 2010). Based on the guidelines provided by the Okoli
and Schabram (2010) this systematic literature review divided into into three phases: planning,
conducting, and reporting the review. Based on the guidelines, this section details the research
questions, the performed research steps, and the protocol of the literature review. This
Purpose of the literature review
Searching the literature
Data extraction
Qualitative Quality appraisal
Qualitative
Planning
Selection
Extraction
Conducting review
Systematic literature review
Execution
Synthesis of the literature
28
systematic literature review is based on the research questions i) What are IoT security issues
in the layered architecture? ii) How the IoT security is being implemented in the layered
architecture and iii) How the technology can be improved for the IoT future growth? This thesis
is organized systematically on the basis of guidelines provided by (Okoli and Schabram, 2010)
to answers the research questions.
The literature review guides always begin with an explanation and justification for conducting
literature reviews, most importantly the researcher must be sure and clear about conducting the
systematic literature review. The first step of conducting a literature review is to clearly define
the purpose of the review to (Okoli and Schabram, 2010). This is not a part of the active
procedure rather it is a consideration of the technique to be embarked upon.
3.3.2. Searching the literature The next phase of the systematic literature review is the planning this phase started once the
purpose of the literature review and the research questions have been formulated. This phase
defines a protocol of inclusion and exclusion of the researches within the scope of this thesis
to answer the questions (Okoli and Schabram, 2010). Currently, open access databases such as
Google Scholar and the Directory of Open Access Journals and specific subject databases such
as Scopus, IEEE Xplore and the Uppsala university library offer electronic access to most
published literature.
A lot of articles were reviewed and selected on the basis of the defined keywords i.e. IoT, IoT
security, IoT future aspects etc. These articles were searched from online database such as
Google scholars, IEEE, and Uppsala university online database. Firstly, the initial screening
was performed on the set of articles selected for the literature review. The initial screening was
conducted based on the abstract. Finally, those articles were selected which provide relevant
information to answer the research questions.
For example, Internet of Things-IOT: Definition, Characteristics, Architecture, Enabling
Technologies, Application & Future Challenges, written by (Patel and Patel, 2016) available
at the Research gate. This paper was selected for the research review because it provides the
required information for my thesis work. The keywords of this articles are IoT definition,
Characteristics of IoT, future challenges, architecture and IoT functional view.
29
Another example IoT Elements, Layered Architectures and Security Issues: A Comprehensive
Survey. Sensors, 18(9), p.2796 written by (Burhan, Rehman, Khan and Kim, 2018) available
at the Research gate. These papers were selected on the base of its keywords (Internet of
Things (IoT); layered architectures; security; privacy; security attacks;protection methods;
secure architecture).
Firstly, all the articles used for this literature review were selected on the base of their keywords
(IoT, IoT layer architecture, IoT security, IoT future aspects, years of selections ). Secondly,
articles were selected according to the information required to answer the research questions.
Finally, selected articles were downloaded if the full version of the article is available otherwise
it was excluded. Furthermore, I define an inclusion and exclusion criteria of the articles to be
used for this literature review. The define criteria is defined in the table below.
Table 3-1 Inclusion and exclusion criteria
Type Inclusion criteria
Topic Selected literature must be relevant to the topic and abstract to answer the research questions.
Publication time Selected articles for the review must be published between 2010 to
2020.
Reliability The selected articles must be from reliable sources (conferences, workshops etc.).
Language Language of the selected articles must be English
Journals/Articles The article used in the literature review searched from different online sources i.e. google scholar, IEEE, Uppsala university library online database.
Books Books were used for reference to understand the topic in detail.
The table 3-1 explains the inclusion criteria of the research article for the literature review. All
the steps were considered equally important when selecting the article for the literature review.
If any of the topic which is not relevant to the defined criteria in the table 3-2 was excluded
from the review. i) Topic: search the literature from the online source, article/journals, that is
relevant to the topic, and can also answer the research questions. ii) Publication time: of the
searched articles was between 2010-2020, it was required to search the enough data and select
30
the latest literature available. iii) Reliability: the searched literature was selected from the
reliable source like google scholars, IEEE and www.ub.uu.se etc. iv) Language selection of the
literature was only English; it was impossible for me to understand the literature available in
any other language. v) Journals/Articles: only articles and journals were searched because they
provide most recent information and vi) Books: were used to understand the topic in detail.
Figure 3-2 Flow chart of inclusion and exclusion criteria
Search on the base of keyword Identify relevant sources
Search the article
Relevant to abstract?
Select the article
Excluded
Select the article
No
No
No
Excluded
Download the article
Select the article
Excluded
Excluded
Yes
Yes
Yes
Yes
Excluded
Publication Time
Reliable source
Full article
No
Lang. is Eng.
Select the article
Yes
No
31
The figure 3-2 explain the inclusion criteria in the form of flow chart. If any of the downloaded
article is not relevant to the inclusion criteria explained in the table 3-1 was excluded from the
review.
3.3.3. Data extraction strategy The next step after defining the inclusion and exclusion criteria of the articles is to define data
extraction strategy from the included articles. Most of the available guides for literature review
do not discuss data extraction at all but take it for granted that after a certain screening process,
extraction will happen before synthesis can be completed (Okoli and Schabram,2010). This
strategy was defined carefully because the final results of this literature review are based on
this extracted data. The data was systematically taken from each article to answer the research
questions.
Finally, having gone through all the previous stages and reading the articles in detail several
time, I was able to extract the data required for the review. The extraction process consists of
i) aims and finding ii) methods iii) outcome iv) results and v) publication year, each step
focused on particular kind of data, to provide effective answers to the review of the literature
(Nazrul Islam, 2013).
Figure 3-3 Data extraction strategy
Data Extraction
Results
Aims and finding
Methods
Publication year
Outcome
Relevant to topic
Type of finding
Quality appraisal
Type of the paper
Research claim
32
The data extraction strategy is based on the steps mentioned in the figure 3-3. Each of these
steps is focused on specified type of data. The literature for this thesis work was selected by
following different stages and keywords (IoT, IoT layer architecture, IoT security, IoT future
aspects, years of selections).
Table 3-2 Number of selected papers
Source Paper searched
Papers after stage 1
Papers after stage 2
Papers after stage 3
Google Scholar 17100 630 60 45
IEEExplore.ieee.org 35 25 20 13 https://www.ub.uu.se/ 954 45 25 12 Sum 18089 690 105 70
The table 3-2 discuss the number of papers download for this research work. The total number
of selected papers for this research is also mentioned in the table. The final selection of the
papers based on the inclusion and exclusion criteria and keeping in the view the quality
appraisal of selected papers discussed in the next section.
(i) Aims and findings: that retrieved data related to the abstract of research topic stating the
research aims and its findings, what are the outcome of research. (ii) Method: that retrieved
data related to the research methods employed in this research. The initial focus of this step is
to find the type of the article. The article should be research based so that this review
investigates the methods that was employed to make research claim. (iii) Outcome validation:
that retrieved data related to the validation of research outcome. This step focused on a paper’s
outcome validation, that the paper validated its research outcome or not. If the paper’s outcome
is validated, then it requires to validate its methods used to conduct these outcomes. (iv) Results
obtained: that investigated the reviewed papers to find that the results obtained in the paper are
according to the research topic and specified goals in the abstract. (v) Publication: year that
extracted the data related to the year of publication for the selected papers. Publication year is
important because IoT is a relevant new filed, updates about this are coming overnights. That’s
why, most recent papers were selected for this review.
33
3.3.4. Quality appraisal The quality of selected articles is important to consider. All the selected articles are not of the
same quality it is required to measure the quality of the article based on some standards. The
standard of quality is measured based on the assessments defined in the table 3-3.
Table 3-3 Quality appraisal criteria
Level Methodology
quality
Methodology
relevance
Topic relevance
Excellent Excellent research Research questions
clearly stated
Study is close to the
review questions
Good Research design
clearly stated with
evidence of sensible
decisions taken to
provide valid and
reliable
Research questions
are explicit or can be
deducted from text.
Study is broadly in
line with one of the
key review
questions and
provide useful
evidence
Satisfactory It is implicit and
used to collect useful
data
RQs implicit but
appear to be broadly
matched by research
design and finding
At least some part of
the literature is
relevant to one of
the review
questions.
Inadequate Research design not
stated and contains
flaws
RQs not stated or not
matched by design
Study does not
address key
questions
3.3.5. Synthesis of the literature Once all the articles have been selected according to the criteria specified in the previous
sections, the next step is to combine them in order to make comprehensive sense out of a large
number of studies. Synthesis is the process to aggregate, discuss organize and compare. After
the completion of this stage polished synthesis of information should be available, and the
writing the literature step should be a straightforward process (Okoli and Schabram, 2010).
34
Figure 3-4 Synthesis of literature
Figure 3-4 explains the process to synthesize the selected literature i) Gather literature that
addresses your research questions ii) Review literature and take notes: describe, summarize,
analyze, and identify key concepts iii) Synthesize literature: compare & contrast, critically
evaluate, interpret, so that you can draw conclusion (Research Guides: The Literature Review:
A Research Journey: Synthesize, 2020).
3.3.6. Conducting the review
The final step of literature review is reporting the finding and writing the review. This is the
most complicated step of writing the literature review (Okoli and Schabram, 2010). If all the
previous steps are followed then whole process of literature review will went systematically
(Kitchenham, 2004). The most important step of conducting the review is that all the steps
must be documented with sufficient detail that these results must be reproducible for the future
researchers.
Gather literature
Review literature and take notes
Synthesize literature: critically evaluation
35
Figure 3-5: Systematic review flowchart
After completion of all the previous steps the final step is conduct the review. Figure 3-5
describe the process of selection of article/journals for conducting the review. The multiple
articles/journals were selected from different sources such as Uppsala university library online
database, IEEE, google scholars. All the relevant documents were selected based on the
inclusion criteria as described in the table 3-2. Firstly, all the selected literature was mapped
with the research questions as the final outcome of the literature review is to answer these
questions. Secondly, selected literature passes the quality appraisal as discussed in the section
3.2.4. Finally, the review conducted to answer the research questions.
Scoping the review Inclusion criteria
Searching the literature
Article meets the inclusion criteria?
Relevant to research questions
Mapping to research questions
Quality appraisal
Conducting review
Excluded
Yes
No
36
4. Results This chapter will explains the results according to the research questions defined in the section
1.5.
4.1. IoT security The IoT environment is growing rapidly and it has huge impact on social life and business
environment. The connected devices through this environment generates huge amount of data.
According to Sahinaslan (2019) The data exchanged over the network will be greater than 44
zettabytes (ZB) by 2020. Similarly, by 2025 every connected person in the world (about 75%
of the total population at that time) will have a digital data engagement over 4,900 times per
day, about once every 18 seconds. The IoT devices will generate over 90 ZB of data in 2025.
This rapid growth brings lot of risks and threats.
The various application domains like smart homes, smart industries, smart cars and etc are the
examples of IoT. If a user wants to receive any kind of service from IoT he needs to connect
various kind of networks, which can be serous security and privacy risk. The main causes of
these attacks are hardware and software vulnerabilities. Security is mandatory to overcome
these hardware and software vulnerabilities. Some existing solutions of these vulnerabilities
are very expensive. Hence, lightweight and well scaled protocols are needed with low cost.
4.1.1. IoT security vs traditional IT security Alaba, Othman, Hashem and Alotaibi (2017) explains that there are several differences
between IoT and conventional wireless networks in terms of dealing with security and privacy.
Frustaci, Pace, Aloi and Fortino (2018) explains That the devices in the IoT system has limited
hardware and software resources (i.e., sensor or RFID), whereas traditional IT is mostly based
on resources rich devices. So, IoT devices only use lightweight algorithms to find a right
balance between higher security and lower capabilities. Hassija et al. (2019) explains that
without a trusted IoT ecosystem, IoT applications may lose all their potential along with the
security issues faced generally by the Internet, cellular networks, and WSNs, alongside these
issues IoT has its own security challenges such as privacy issues, authentication issues,
management issues, information storage and so on.
37
Table 4.1 IoT security vs Traditional IT security
Traditional IT security IoT security
Add-on Security Built in Security
Complex algorithms Lightweight algorithms
User control Privacy issues because IoT collect
information automatically
Small technological heterogeneity Large technological heterogeneity
Many security guards Few security guards
IT devices are located in closed
environments
IoT devices are located in open
environments.
The difference between IoT security and traditional IT security are discussed in the table 4.1.
The traditional security architecture is designed based on the user perspective that is not
applicable for communication among devices. The security issues in both networks could be
same but to handle those issues different techniques and approaches are used (Alaba, Othman,
Hashem and Alotaibi, 2017).
4.1.2. IoT vulnerabilities IoT is the network of large number of devices and they are also at the high security risks.
Bertino and Islam (2017) explains that IoT systems are higher security risks for several reasons
i) these systems don’t have well defined perimeters ii) these systems are highly heterogeneous
with respect to communication medium and protocols iii) smart phone applications require
permissions for installations and other user interactions but in IoT devices these permissions
might not possible due to large number of devices etc. Li Tryfonas and Li (2016) explains the
data security and privacy issues are very important, but the risks associated with the IoT will
reach new levels due to this communication and autonomous decision making begin to embed
complexity, security loopholes, and potential vulnerability. Similarly, Radoglou Grammatikis,
Sarigiannidis and Moscholios (2019) explains that the interconnections and the similarity of
devices and technologies in the IoT generate possible cyber-physical security vulnerabilities
38
that can be exploited by various cyber attackers. Table 4.2 explains the common vulnerabilities
of IoT.
Table 4.2: Common Vulnerabilities of IoT
Security Concerns Example
Insecure web interface Inability to change default password and username,
exposed credential, weak passwords, lack of robust
password recovery etc.
Insufficient
authentication/authorization
Privilege escalation (design flaw or configuration error in
an application or operating system)
Insecure network services DoS, buffer overflow, fuzzing attacks etc.
Lack data encryption and
verification
Transmission of unencrypted data and credential
Privacy concerns Collection of unnecessary user data; exposed personal data
and insufficient controls on who has access to user data
Insecure cloud interface Account enumeration, no account lockout, credentials
exposed in network traffic
Insecure mobile interface Insufficient authentication, lack of transport encryption
and account enumeration
Insecure security configuration Weak password policies, no security logging and lack of
data encryption option
Insecure software/firmware Lack of secure update mechanism, update files not verified
before upload
Poor physical security Device easy of disassemble, access to software via USB
ports, removable storage media
In order to achieve trust among the systems, an important part is to secure them. The approach
to securing these systems relies on threat and risk analyses. The solutions of these risks consist
of many different kinds of security architectures. The process of securing IoT environments is
a difficult task since there will be many different scenarios and each scenario consists of
different kind of devices. Each security solution looks different from the other since these
systems may contain entities which are constrained in different ways.
39
Similarly, one of the characteristics of IoT is its expected “enormous scale” as there will be
many interconnected devices. The security analysis or a threat and risk analysis will not only
include software security because if a system is de-parameterised and devices are outside the
perimeter of a secure environment, then physical threats become more relevant. A standardised
level of security has to be found which provides required safety without affecting the
functionality too much.
4.2. IoT Security Issues The IoT is a layer architecture, each of these layers has its own functionalities and use different
technologies to perform their actions. The rapid increase of IoT devices is also increasing the
security risks. This section discusses possible security threats in IoT layers, Confidentiality,
Integrity, Availability, Authentication, Data Freshness and Self- Organization are the key
feature to secure the IoT technologies (Cerullo et al., 2018).
The IoT is a layered architecture and each layer has its own security attacks. A lot of security
challenges and requirements which need to be addressed. The recent research in IoT is mainly
on authentication and access control protocols, but the rapid advancement of technology it is
important to incorporate new networking protocols like IPv6 and 5G to achieve the future IoT
security requirements.
4.2.1. Perception layer/sensing layer threats The information gathering is the main operation of the perception layer. This layer uses sensors,
RFIDs, barcode etc. to gather information. The attacker can attack on its sensor node due to its
wireless nature (Vashi et al., 2017). All type of sensors, such as RFID, NFC, sensor nodes are
the main technologies of perception layer. This layer is classified into two section namely, the
perception node (sensors, controllers etc.) and the perception networks that interconnects the
network layer (Alaba, Othman, Hashem and Alotaibi, 2017).
40
Table 4.3 Perception layer types of attacks
Attack Countermeasure
Node capture Attacks Authentication, encryptions
Malicious code Injection attack Continuously observe the behavior of
running system.
False data injection attack Authentication
Tampering Prevent sensor physical damage
Eavesdropping and interface attacks Encryption techniques, Access controls,
access restriction etc.
Jamming Use of low transmission power, channel
surfing etc.
Node capture attacks: IoT applications are the combination of several low power nodes. These
nodes are vulnerable to a variety of attack. The attacker can capture the node and get all the
information and data (Hassija et al., 2019), (Yousuf, Mahmoud, Aloul and Zualkernan, 2015).
Malicious code Injection attack: In this type of attack the attacker can inject some malicious
code in the memory of the node. By injecting this type of code, the attacker may force the node
to perform some unintended functions (Vashi et al., 2017), (Li, S et al., 2016), (Hassija et al.,
2019).
False Data injection attack: Once the attacker captures the node, he can inject erroneous data
onto the IoT system. This leads the false results and they can use this method to cause a DoS
attack (Hassija et al., 2019).
Tampering: The attacker can get the physical access of the of sensors. By using this method,
the attacker can sensitive information like encryption/decryption keys (Cerullo et al., 2018).
Eavesdropping and interference: IoT application consist of various nodes deployed in the
open environment, this exposed the IoT applications to eavesdropper. The attacker may capture
the date during the different phase (Vashi et al., 2017) (Cerullo et al., 2018).
41
Jamming: This attack disturbs the radio channel, the attacker sends useless information to
corrupt or lost the message (Cerullo et al., 2018). This kind of attack can be divided into four
categories: constant jamming, deceptive jamming, random jamming and reactive jamming
(Radoglou et al., 2019).
4.2.2. Network layer/transportation layer It is also called transportation layer, this layer relay on the information collected by the
perception layer (Vashi et al., 2017). This layer provides network transmission and information
security and spread information in the perception layer, that is data transmission and storage
awareness. The network layer includes mobile devices, cloud computing, and the Internet
(Alaba, Othman, Hashem and Alotaibi, 2017). This layer provides an interaction between
application and service. It is important to design an effective security strategy to protect against
attacks (Li, S et al., 2016).
Table 4.4 Network layer attacks
Attack Countermeasure Phishing site attack Do not open unknow emails
Access Attack/Man-in-the-Middle attack Encryption method between client and server,
identification and authentication techniques.
DoS attack Intrusion Detection Systems (IDS) and an Intrusion
Protection Systems (IPS)
Sybil attack Unique shared key between the node and the base
station
Routing attacks/sinkhole attack Continuous monitoring the nodes.
Hello Flood attack Authentication of neighbor nodes through an identity
verification protocol.
Phishing site attack: In this type of attack the attacker tries to capture the several IoT devices
by putting the minimal efforts. The attacker tries to capture the username and password of one
person which makes the whole IoT system vulnerable to cyberattack (Hassija et al., 2019).
Access attack: In this attack an unauthorized person gets the access of the IoT network. The
attacker can stay in the network for longer period of time undetected. The purpose of this type
42
of attack is to collect the valuable information instead of damaging the network (Hassija et al.,
2019).
DoS attack: In this attach the network is flooded with a useless traffic by an attacker, resulting
in a resource exhaustion of the targeted system and network unavailable to the user (Vashi et
al., 2017) (Li, S et al., 2016). Many IoT devices are not strongly configured, and thus become
and easy target of this attack (Hassija et al., 2019).
Sybil attack: In the sybil attack, the malicious nodes can create multiple identities in order to
mislead other nodes. The purpose of the attacker, in this case, is to take control different areas
of the network, without using any physical node (Radoglou et al., 2019) (Cerullo et al., 2018).
Routing attacks/sinkhole attack: In this kind of attack malicious node try to redirect the
routing path and attract the nodes to route traffic through this node. (Radoglou et al., 2019)
(Cerullo et al., 2018) (Hassija et al., 2019).
Hello flood attacks: A node utilized HELLO message to join a network. Hello Flood attack
consists in forwarding of a large amount of this specific message in order to flood the network
and thus avoid the exchange of other types of message. (Cerullo et al., 2018) (Radoglou et al.,
2019).
4.2.3. Middleware layer The middleware layer in IoT is to create an interface between the network layer and the
application layer. This layer also provides powerful computing and storage capabilities.
Middleware layer includes device discovery and management, Big data analytics, Security etc.
Middleware layer provides a reliable and robust IoT interface, it is also open to various attacks
(Hassija et al., 2019). Moreover, this layer has capability to retrieve, process, compute
information, and then automatically decide based on the computational results middleware
layer has two essential functions i.e. service management and store the lower layer information
into the database (Vashi et al., 2017).
43
Table 4.5 Middleware layer attacks
Attack Countermeasure
Flooding attack in cloud User authentication
De-synchronization Authenticate each forward packet
SQL injection attack Validate user input, encryption, limited
rights
Man-in-the-Middle attack Encryption method between client and
server, identification and authentication
techniques.
Flooding attack in cloud: This attack has a big impact on cloud system by increasing the
load on the cloud services. This attack works same as the DoS in the cloud and affect the
quality of service (QoS). The attacker continuously sends multiple request to a service
(Hassija et al., 2019) (Cerullo et al., 2018).
SQL Injection Attack: In such attacks, attacker can embed malicious SQL statements in a
program. The attacker can obtain private data of any user and can even alter record in the
database (Hassija et al., 2019).
De-Synchronization: An attacker forwards some fake sequence number for de-synchronizing
the endpoints and producing the data retransmission (Cerullo et al., 2018).
Man-in-the-Middle attack: This is the form of eavesdropping attack in which the target of
attack is the communication channel. The unauthorized party can monitor the communication
between two parties without identification (Vashi et al., 2017).
4.2.4. Application layer The Application is the uppermost layer and it is visible to end user. Applications such as, smart
grid, smart city, healthcare system, and intelligent transportation protocols constitute this layer
(Alaba, Othman, Hashem and Alotaibi, 2017). This layer has specific security issues which
are not present in other layers such as data theft and privacy issues. Most IoT applications also
44
consist of sub-layers in between network and application layer, usually termed as an application
support layer or middleware layer. (Hassija et al., 2019).
Table 4.6 Application layer attacks
Attack Countermeasure
Data theft attacks Data encryption, user and network
authentications etc.
Data corruption Anti-virus, firewalls, spy-ware etc.
Sniffing attacks Security protocols
DOS attacks Intrusion Detection Systems (IDS) and an
Intrusion Protection Systems (IPS)
Malicious code injection attacks Continuously observe the behavior of
running system.
Reprogram attacks Protect programming process
Data thefts: IoT applications deals with lot of data which is critical and private. The data in
transit is more vulnerable than the data at rest. The users always reluctant to transmit their
private data on the IoT system (Hassija et al., 2019).
Data corruption: Malicious codes such as viruses, spy-ware, worms etc. are the possible
attacks in this layer. The malicious codes can alter the data collected by the sensors, the receiver
will receive the wrong data and perform wrong actions (Cerullo et al., 2018).
Sniffing attacks: The attackers may use sniffer application to monitor the network traffic in
IoT application. This may allow the attackers to gain access to confidential user data.
Denial-of-Service attack: These type of attacks stops the authenticate users to use the IoT
application by artificially making the servers or networks too busy to respond.
Malicious code injection attacks: Attackers can inject the malicious code in a script because
this is the simplest way to break the security. Due to these attacks the attackers can hijack an
IoT account and paralyze the IoT system.
45
Reprogram Attacks: If the programming process is not protected, then the attackers can try to
reprogram the IoT object remotely. This could lead hijacking the IoT network.
4.3. Solution of IoT layers threats The previous section discusses security vulnerabilities in all the layers of IoT. This section will
discuss the countermeasures against the threats discussed before.
4.3.1. Perception layer The threat at the perception layer, such as node capture, malicious code attacks, tampering,
jamming etc. discussed in the previous section. The threats at the perception layer addressed
the natural disasters, then environmental threats, the human-caused physical threats and the
jamming attacks (Radoglou et al., 2019). Gou, Yan, Liu and Li (2013) explains the sensor
nodes in the perception layer of IoT are usually in unattended occasions, vulnerable and even
some of the equipment will be stolen, we can furnish sensor nodes continuously and replace
damaged nodes in the key position, so that the network can self-heal to protect the physical
security of the IoT.
On the other hand, it is required only authenticated user and devices can assess the system, if
physical threats are due to human beings. Therefore, user authentication systems, physical
access control mechanisms, and a trust framework are required for data security. Encryption is
used to prevent the data from tempering, maintain confidentiality and data integrity. Encryption
can be achieved by two ways i) node to node and ii) end to end encryption (Vashi et al., 2017).
4.3.2. Network layer The threat at the networks layer, such as phishing site attacks, DoS attack, sinkhole attack etc.
discussed in the previous section needs to be addressed to achieve security at this layer. To
protect against unauthorized access in the network layer, authentication mechanisms can be
used. When a large number of sensory data or unsafe intrusion data come from the perception
layer, filtering and detection mechanism can be used to ensure data security (Gou, Yan, Liu
and Li, 2013). In order to make the confidentiality, integrity, availability immune in network
layer by node to node encryption can be used at this layer (Vashi et al., 2017). Different
46
mechanisms like end-to-end authentication, end-to-end key negotiation, key management
mechanisms and intrusion detection mechanisms can be used to defend against the attacks. The
node should need to monitor continuously and also identify the neighbouring nodes with
identification verification protocol.
4.3.3. Middleware layer The threat at the networks layer, such as Man-in-the-Middle, SQL injection, flooding attack in
cloud etc. discussed in the previous section needs to be addressed to achieve security at this
layer. In this layer user authentication and also required to authenticate each packet which is
forwarded. The data from client to server needs to encrypt, encryption methods needs to
implement. Similarly, all the input from the user needs to verify and each user must have
limited right to use the data.
4.3.4. Application layer The threat at the networks layer, such as data theft attacks, data corruption, sniffing attack etc.
discussed in the previous section needs to be addressed to achieve security at this layer.
Data security, access management, security management and modern cryptographic algorithms
can be used to encrypt the database. Access management can be used to prevent unauthorized
users to use and access the database, administrative privileges can be assigned to secure
database (Gou, Yan, Liu and Li, 2013). End to end encryption is performed on the application
layer. Encryption-decryption is performed at sender-receiver end only. What the sender
encrypts is decrypted at the receiving end only. Data encryption is an important mean of
securing data. The role of encryption is to prevent information from being deciphered when it
is intercepted by attackers (Vashi et al., 2017).
4.4. IoT future In the future, IoT network needs new identification, wireless, software and hardware
technologies to solve the recent challenges. It is suggested that to define new standards for
heterogeneous devices, implementation of key management and identify establishment system
and trust management hubs.
47
IoT security revolve around the classification of information. A balance is needed between the
value of information and security capabilities of a device. The security of central system e.g.
server is not challenging because there are defined standards are available. The challenge is to
secure the sub-system e.g. devices, because the limit of subsystems will restrict the security
capabilities. The available standards must become more lightweight in order to adapt to these
new security challenges concerning constrained devices.
4.4.1. IoT future research Patel and Patel (2016) defines that the introduction of new technologies like
communications sensors, smart phones, embedded systems, cloud networking, network
virtualization and software are becoming essential to permit physical devices to work in
changing environments and remain connected all the time. Abomhara and Koien (2014) in
their paper discuss about the safety of the IoT and future research directions as It has been
identified that the protection of user data and privacy is one among the key challenges
within the Internet of Things. It is stated that lack of confidence regarding privacy leads
to decreased adoption among users and is therefore one among the driving factors within
the success of IoT.
48
Table 4.7: IoT Future development and research (adapted from Patel and Patel, 2016)
4.4.2. Hardware devices
A typical IoT application consists of multiple connected devices, technologies, domains, and
geographies. If any of the device, technology or their combination is left weak, then that may
be the cause of a security threat for the entire application. These connected devices are
considered the strongest as the weakest part of IoT network. The most important characteristics
of IoT is the number of devices and means of communication. Different variations such as
processor speed, memory, protocols, and application types are much bigger with IoT than
traditional desktops, laptops or smartphones (Kolias et al., 2016).
According to Hassija et al. (2019) a large number of IoT devices being deployed around the
world which generates a large amount of the data. The generated data could also contain lot of
private information and that can be another cause of threat.
Technology Future Development
Hardware Devices • Nanotechnology devices • Small size of chipsets • Low power circuits
Sensor • Small sensors • Smart sensors • Low power sensors
Communication technology • Wide spectrum and spectrum aware protocols • Unified protocol over wide spectrum • Multifunctional reconfigurable chips
Network technology • Self-learning networks • Self-repairing networks • IPv6- scalability
Software and algorithms • Goal oriented software • Distributed software, Problem solving
Data and signal processing technology • IoT data analysis • data processing • cognitive processing and optimization • intelligent data visualization
Discovery and search engine
technologies • Automatic rote tagging • On demand service
Security and privacy technologies • Privacy and privacy policies • Security and privacy profiles • Privacy aware data processing
49
IoT devices and applications are growing continuously, an approach needs to be designed to
handle the cost and capacity constraints. Hassija et al. (2019) suggest that the devices should
be designed so that they can communicate with each other automatically and securely. (Patel
and Patel, 2016) suggest that to secure the hardware devices it is necessary to use
Nanotechnology, design low power circuits and reduce the size of chipsets.
4.4.3. Sensor The sensors are the essential components of IoT communication, these are used to collect the
data from environment. IoT sensors are small in size, have low cost and consume less power.
Sethi and Sarangi (2017) explains that design of lightweight sensors is the first requirement for
the IoT system, but we don’t have enough choice regarding the sensors. On the other hand, we
have lot of choice regarding the processing and networking capabilities that ae bundled along
with the sensors. (Patel and Patel, 2016) states that the sensors should be smaller and consume
less power and also should be more intelligent.
Figure 4.1 IoT future technology development (Gubbi, Buyya, Marusic and Palaniswami, 2013)
50
4.4.4. Communication technology In IoT nodes, power is the most important issue. The power required to transmit and receive
message. The most important factor to be consider are the distance between the sender and
receiver, the nature of obstacles, signal distortion, government regulations. The choice of the
network is based on these factors (Sethi and Sarangi, 2017).
The recent research describes that the future 5G mobile networks have to serve massive
deployment of IoT with billions of connected objects and sensors that will be a global
representation of the real world. Similarly, to support critical IoT use cases, whichl require
real-time responses and automation across different field of operations including vehicle-to-
infrastructure (V2I), high speed motion, vehicle-to-vehicle (V2V), and as well as process
control system (Akpakwu, Silva, Hancke and Abu-Mahfouz, 2018).
The communication technologies need to use wide spectrum and spectrum aware protocols,
and those protocols needs to be unified over wide spectrum (Patel and Patel, 2016).
4.4.5. Network technology An IoT network is a collection of interconnected devices that communicate with other devices
without the need for human involvement. The development of network technologies is a
continuous process. Lee, Bae and Kim (2017) discuss that the current devices are controlled
by the users. The IoT devices should not be configured manually by the user rather they should
be configured automatically. Furthermore, (Patel and Patel, 2016) and Lee, Bae and Kim
(2017) explains to overcome the problem of assigning IP (Internet Protocol) an effacing
addressing scheme is needed. The solution of this is using the IPv6 addressing scheme.
Likewise, all the network protocols including RFID, Wi-Fi, Bluetooth, ZigBee etc. are working
independently. A unifying architecture is needed that can support heterogeneity of networking
protocols. Most of the IoT application use cloud services for data storage and retrieval, to
overcome the risks of cloud service the data should be stored as ciphertext in the cloud.
51
4.4.6. Software and algorithms The purpose of IoT is to design an autonomous system that needs minimum human
interventions. The use of artificial Intelligence (AI) based techniques or algorithms to secure
IoT network might be very useful (Hassija et al., 2019). Furthermore, the software and
algorithm for the IoT network should have the distributed intelligence (software that have the
ability to solve complex learning, planning and decision making) (Patel and Patel, 2016).
4.4.7. Data and signal processing technology Signal processing is an important component to expand the number of IoT technologies and
applications. Signal processing support new IoT services and make existing applications less
expensive and more practical. Signal processing technology consists of signal interference,
signal separation and signal filtering technology. But the difficulty is how to reduce the data
traffic within the network and the energy consumption during the data transmission, and reduce
network costs by the server (Liu and Zhou, 2012). The future requirements of IoT signal
processing technology is, it should provide complex IoT data analysis, data processing,
cognitive processing and optimization, intelligent data visualization (Patel and Patel, 2016).
4.4.8. Discovery and search engine technology
One of the important features of the IoT is the routing algorithms, which not only include the
routing for the sub-networks to the IoT but also the routing for the affiliated networks (Lee,
Bae and Kim, 2017). These routing algorithms should provide the facility of automatic route
tagging and identification management which will help the device to find the shortest and cost-
effective route to connect with other devices and network.
4.4.9. Security & Privacy technology The rapid increase of IoT devices and communication led to increase in security and privacy
issues. Security issues include malicious code attacks, inability to receive security patches,
hacking into smart meters, eavesdropping, sniffing attacks and DoS attacks etc. (Akpakwu,
Silva, Hancke and Abu-Mahfouz, 2018). The current devices of IoT have limited power and
computational resources. Therefore, a lightweight encryption algorithm and key management
protocols are needed for IoT devices (Lee, Bae and Kim, 2017). Cryptographic techniques can
52
be used to protect, store and process data and keeping information as local as possible using
decentralized computing and key management (Abomhara and Koien, 2014).
The privacy issues are also very critical for the IoT environment. The private information of
any user can be leaked because anyone can connect with his device. The privacy issues can be
addressed in two ways. Firstly, the user’s device ignores the query that need the private data.
Secondly, construct the network architecture in which the use device returns only the requested
data without including protected data attacks (Akpakwu, Silva, Hancke and Abu-Mahfouz,
2018). User authentication devises, decentralized approaches for privacy are needed, privacy
policies, security and privacy profiles etc. (Patel and Patel, 2016).
53
5. Conclusion The conclusions is drawn from literature review according to the research questions. This also
explain the future work that suggest development and implementation of a secured IoT
network.
The conclusion drawn from this is that IoT is a very interesting concept which creates many
new possibilities in form of services and inventions. IoT offers many applications to make our
lives easier like healthcare, transportation, and agriculture etc. IoT allows people, smart objects
to connect anytime, anywhere using any network and services.
The first question of this thesis work is “What are IoT security issues in the layered
architecture?”. The conclusion of the first question is that, IoT network open to various security
and privacy issues which needs to be considered at high priority. The ultimate goal of this thesis
was to introduce the reader about the IoT concept, particularly focus on the security and privacy
challenges involved in the IoT. The IoT faces various security and privacy issues due to rapid
increase of devices, people, vehicles connecting with the IoT network from anywhere and
anytime which causes security and privacy issues.
The second question of this thesis work is “How the IoT security is being implemented in the
layered architecture?”. The conclusion of the second research question is that multiple security
threats and attacks on the IoT layers are discussed in this thesis. The solution of these threats
and attacks like DoS, Man-in-the-middle, Tempering, jamming etc. also discussed to answer
the question.
The third question of this thesis work is “How the technology can be improved for the IoT
future growth?”. The conclusion of the last question is that the future growth of IoT network
depends on the development of the software and hardware technologies to solve the recent
challenges. It is also needed to define new standards for heterogeneous devices,
implementation of key management and identify establishment system and trust management
hubs.
Furthermore, this thesis explains various security threats attacks on all the layers of an IoT
architecture. It covered the security issues related to the perception layer, network layer,
54
middleware layer and application layer. All the IoT security threats including DoS, Man-in-
the-middle, Tempering, jamming etc. are discussed in this thesis work. The IoT security has
also been discussed with some of the future research directions to enhance the security levels
of IoT. This literature review is expected to be a valuable resource to understand the security
issues at each layer of IoT.
Finally, a lot of research available in different areas of IoT but security and privacy is still
considered the weakest part of it. Different researchers have proposed many different kinds of
adaptations to lightweight protocols and authentication methods for IoT which makes it very
difficult to identify the best solution. Therefore, IoT requires structured guidelines in the form
of standardisation in order to interconnect all kinds of devices, protocols, applications, etc.
5.1. Limitations While working on this thesis work, I realized the time limitation was major concern to
understand and explain IoT, that is such an extensive concept. In the beginning, I have to learn
the concepts of information security because it is a new area of study for me which require
additional work in order to understand the concept and apply it to this thesis work.
5.2. IoT future work In this thesis work I tried to introduce IoT and discuss its security issues. However, still a great
deal of research is needed in order to make the IoT become a reality, few of the future research
recommendations are discussed below.
• The gateways between different layers in the IoT system need to be secured. The
attacker considers the gateways the easiest point to attack on an IoT system. End to end
encryption and it should be decrypted only at the intended destination.
• Data analysis in real-time is crucial for the success IoT applications. Various Machine
learning (ML) algorithms can be designed for this.
• Security and privacy issues should be considered very seriously because IoT deals with
huge amount of personal data. IoT environments must be protected from any kind of
malicious attack.
• IoT architecture standards must have well defined data model, interfaces and protocols.
55
References: Abomhara, M. and Koien, G., 2014. Security and privacy in the Internet of Things: Current
status and open issues. 2014 International Conference on Privacy and Security in Mobile Systems (PRISMS).
Akpakwu, G., Silva, B., Hancke, G. and Abu-Mahfouz, A., 2018. A Survey on 5G Networks
for the Internet of Things: Communication Technologies and Challenges. IEEE Access, 6, pp.3619-3647.
Alaba, F., Othman, M., Hashem, I. and Alotaibi, F., 2017. Internet of Things security: A
survey. Journal of Network and Computer Applications, 88, pp.10-28. Awad, Ali Ismail Fairhurst, Michael. (2018). Information Security - Foundations,
Technologies and Applications. (pp. 13-15). Institution of Engineering and Technology. Retrieved from https://app.knovel.com/hotlink/toc/id:kpISFTA00A/information-security/information-security
Bertino, E. and Islam, N., 2017. Botnets and Internet of Things Security. Computer, 50(2),
pp.76-79. Burg, A., Chattopadhyay, A. and Lam, K., 2018. Wireless Communication and Security Issues
for Cyber–Physical Systems and the Internet-of-Things. Proceedings of the IEEE, 106(1), pp.38-60.
Burhan, M., Rehman, R., Khan, B. and Kim, B. (2018). IoT Elements, Layered Architectures
and Security Issues: A Comprehensive Survey. Sensors, 18(9), p.2796. Cerullo, Gianfranco & Mazzeo, Giovanni & Papale, Gaetano & Ragucci, Bruno & Sgaglione,
Luigi. (2018). IoT and Sensor Networks Security. Dorsemaine, B., Gaulier, J., Wary, J., Kheir, N. and Urien, P., 2015. Internet of Things: A
Definition & Taxonomy. 2015 9th International Conference on Next Generation Mobile Applications, Services and Technologies,.
Evans, D., 2012. [online] Cisco.com. Available at:
<https://www.cisco.com/c/dam/global/en_my/assets/ciscoinnovate/pdfs/IoE.pdf> [Accessed 21 May 2020].
Frustaci, M., Pace, P., Aloi, G. and Fortino, G., 2018. Evaluating Critical Security Issues of the
IoT World: Present and Future Challenges. IEEE Internet of Things Journal, 5(4), pp.2483-2495.
Gou, Q., Yan, L., Liu, Y. and Li, Y., 2013. Construction and Strategies in IoT Security
System. 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing,.
56
Gubbi, J., Buyya, R., Marusic, S. and Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems, 29(7), pp.1645-1660.
Hassija, V., Chamola, V., Saxena, V., Jain, D., Goyal, P. and Sikdar, B., 2019. A Survey on
IoT Security: Application Areas, Security Threats, and Solution Architectures. IEEE Access, 7, pp.82721-82743.
i-SCOOP. 2020. What Is Iot? The Internet Of Things - Definitions And Facts. [online] Available at: <https://www.i-scoop.eu/internet-of-things/> [Accessed 12 May 2020].
ITU Telecommunication Standardization sectore “ITU-T Recommendation database," 2012
[online] Available at: <http://handle.itu.int/11.1002/1000/11559 en?locatt=format:pdf&auth.> [Accessed 26 April 2020].
Khan, M. and Salah, K., 2018. IoT security: Review, blockchain solutions, and open
challenges. Future Generation Computer Systems, 82, pp.395-411. Kolias, C., Stavrou, A., Voas, J., Bojanova, I. and Kuhn, R., 2016. Learning Internet-of-
Things Security "Hands-On." IEEE Security & Privacy, 14(1), pp.37-46. Lee, S., Bae, M. and Kim, H., 2017. Future of IoT Networks: A Survey. Applied Sciences,
7(10), p.1072. Li, S., Tryfonas, T. and Li, H., 2016. The Internet of Things: a security point of view. Internet
Research, 26(2), pp.337-359. Liu, Y. and Zhou, G., 2012. Key Technologies and Applications of Internet of Things. 2012
Fifth International Conference on Intelligent Computation Technology and Automation,.
Patel, K. and Patel, S., 2016. Internet of Things-IoT: Definition, Characteristics, Architectur EnablingTechnologies, Application & Future Challenges. Radoglou Grammatikis, P., Sarigiannidis, P. and Moscholios, I., 2019. Securing the Internet of
Things: Challenges, threats and solutions. Internet of Things, 5, pp.41-70. Rani, D., 2019. Lightweight Security Protocols for Internet of Things: A Review. International
Journal of Advanced Trends in Computer Science and Engineering, 8(3), pp.707-719. Rowley, J. and Slack, F., 2004. Conducting a literature review. Management Research News,
27(6), pp.31-39. Sahinaslan, E., 2019. On the internet of things: Security, threat and control. Sethi, P. and Sarangi, S., 2017. Internet of Things: Architectures, Protocols, and
Applications. Journal of Electrical and Computer Engineering, 2017, pp.1-25. Vashi, S., Ram, J., Modi, J., Verma, S. and Prakash, C., 2017. Internet of Things (IoT): A
vision, architectural elements, and security issues. 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC),.
57
Viriyasitavat, W., Anuphaptrirong, T. and Hoonsopon, D., 2019. When blockchain meets
Internet of Things: Characteristics, challenges, and business opportunities. Journal of Industrial Information Integration, 15, pp.21-28.
Yousuf, T., Mahmoud, R., Aloul, F. and Zualkernan, I., 2015. Internet of Things (IoT)
Security: Current Status, Challenges and Countermeasures. International Journal for Information Security Research, 5(4), pp.608-616.
58
Appendices: Papers included in the final review
ID Author Year Title Source 1 Abomhara, M and Geir M.
Køien
2014 Security and privacy in the internet of Things: Current status and open issues
https://ieeexplore.ieee.org/abstract/document/6970594/
2 Akpakwu, G., Silva, B., Hancke, G. and Abu-Mahfouz, A.
2018 A survey on 5G Networks for the IOT:Communication technologies and challenges
https://ieeexplore.ieee.org/abstract/document/8141874
3 Alaba. F., Mazliza Othman, Ibrahim Abaker Targio Hashem and Faiz Alotaibi
2017 Internet of Things Security: A survery Google Scholar
4 Awad, Ali Ismail Fairhurst, Michael
2018 Information Security - Foundations, Technologies and Applications.
Google Scholar
5 E. Bertino and N. Islam.
2017 Botnets and Internet of Things security https://ieeexplore.ieee.org/abstract/document/7842850
6 Andreas Burg, Anupam Chattopadhyay, And Kwok-yan Lam
2018 Wireless Communication and security issues for cyber-Physical systems and IoT
https://ieeexplore.ieee.org/abstract/document/8232533
7 Burhan, M., Rehman, R., Khan, B. and Kim, B.
2018 Internet of Things (IoT); layered architectures; security; privacy; security attacks;protection
methods; secure architecture
Google Scholar
8 Cerullo, Gianfranco & Mazzeo, Giovanni & Papale, Gaetano & Ragucci, Bruno & Sgaglione, Luigi
2018 IoT and Sensor Networks Secuirty Google Scholar
9 Dorsemaine Bruno, Jean-Philippe Gaulier, Jean-Philippe Wary and Nizar Kheir and Pascal Urien
2015 Internet of Things: a definition & taxonomy Google Scholar
10 Evans, D 2012 Internet of Everythin Google Scholar (Cisco.com) 11 Frustaci, M., Pace, P., Aloi,
G. and Fortino, G.
2018 Evaluating Critical Security Issues of the IoT World: Present and Future Challenges.
Google Scholar
12 Gou, Q., Yan, L., Liu, Y. and Li, Y.
2013 Construction and Strategies in IoT Security System Google Scholar
13 Jayavardhana Gubbi, Rajkumar Buyya, Slaven Marusic and Marimuthu Palaniswami
2013 IoT: A vision architectural elements and future directions
Google Scholar
14 Vikas Hassija, Vinay chamola, Vikas saxena, Divyansh Jain, Pranav Goyal, and Biplab sikdar
2019 A survey on IoT security: Application Areas, Security threats and solution Architectures
Google Scholar
15 i-scoop The Internet of Things: Definition and facts Google Scholar 16 ITU-T Overview of IoT Google Scholar
17 Minhaj Ahmad Khan and
Khaled Salah 2017 IoT security: Review, blockchain solutions, and open
challenges
Google Scholar
18 C. Kolias, A. Stavrou, J. Voas, I. Bojanova and R. Kuhn, "Learning Internet-of-Things Security "Hands-On"," in IEEE Security & Privacy, vol. 14
2016 Internet of Things security Hands on https://ieeexplore.ieee.org/abstract/document/7397713
19 Lee. S., Bae,M and Ki, H.
2017 Future of IoT Network a survey Google Scholar
20 Shancang Li, Theo Tryfonas, Honglei Li
2016 The Internet of Things: a security point of view Google Scholar
21 Yuxi Liu and Guohui Zhou
2012 Key technologies and application of Internet of Things
https://ieeexplore.ieee.org/abstract/document/6150221
22 Patel, Keyur & Patel, Sunil & Scholar, P & Salazar, Carlos.
2016 Internet of Things-IOT: Definition, Characteristics, Architecture, Enabling Technologies, Application &
Future Challenges
Google Scholar
23 Radoglou Grammatikis, P., Sarigiannidis, P. and Moscholios, I., 2019
2019 Securing the Internet of Things: Challenges, threats and solutions. Internet of Things
www.ub.uu.se
24 Deepti Rani, Nasib Sing Gill 2019 Lightweight security protocols for Internet of Things: A review
www.ub.uu.se
25 Sahinaslan, E. 2019 On the internet of things: Security, threat and control. www.ub.uu.se
59
26 Sethi, P. and Sarangi, S.
2017 Internet of Things: Architectures, Protocols, and
Applications.
Google Scholar
27 Shivangi Vashi, Jyotsnamayee Ram, Janit Modi, Saurav Verma and Dr. Chetana Prakash
2017 Internet of Things: A vision, Architecural Elements and security Issues
www.ub.uu.se
28 Wattana Viriyasitava, Tharwon Anuphaptrirong, Danupol Hoonsopon
2019 When blockchain meets IoT: Characteristics, challenges and business opportunities
Google Scholar
29 Rwan Mahmoud, Tasneem Yousuf, Fadi Aloul, Imran Zualkernan
2015 Internet of Things (IoT) Security: Current Status, Challenges and Countermeasures
Google Scholar
30 Aaditya Jain, Bhuwnesh Sharma, Pawan Gupta
2016 Internet of Things: Architecture, security goals, and challenges- A survey
Google scholar
31 Aakanksha Tewari, B.B. Gupta
2020 Security, Privacy and trust of different layers in Internet-of-Things (IoTs) framework
Google Scholar (Elsevier)
32 Abeer Assiri, Haya Almagwashi
2018 IOT security and privacy issues https://ieeexplore.ieee.org/document/8442002
33 B V Santhosh Krishna, T Gnanasekaran
2017 A systematic study of security issues in Internet-of-Things (IoT)
https://ieeexplore.ieee.org/abstract/document/8058318
34 B.Di Martino, M. Rak, M. Ficco, A. Esposito, S.A. Maisto, S. Nacchia
2018 Internet of things reference architectures, security and interoperability: A survey
Google scholar (Elsevier)
35 Baoquan Zhang, Zongfeng Zou, Mingzheng Liu
2011 Evaluation on Security System of Internet of Things Based on Fuzzy-AHP Method
https://ieeexplore.ieee.org/abstract/document/5881939
36 Chakib Bekara 2014 Security issues and challenges for the IoT-based smart grid
Google Scholar
37 Diego Mendez, Ioannis Papapanagiotou, Baijian Yang
2017 Internet of Things: Survey on Security and privacy
Google scholar
38 Djamel Eddine Kouicem, Abdelmadjid Bouabdullah, Hicham Lakhlef
2018 Internet of Things security: A top-down survey
Google scholar (Elsevier)
39 Engin Leloglu
2016 A Review of Security Concerns in Internet of Things
Google Scholar
40 Fahad Azam, Rashid Munir, Mehboob Ahmed, M. Ayub, Ahthasham sajid, Zaheer Abbasi
2019 Internet of Things (IoT), Security issues and its solutions
www.ub.uu.se
41 Gurpreet Singh Matharu ; Priyanka Upadhyay ; Lalita Chaudhary
2014 The Internet of Things: Challenges & Security Issues
https://ieeexplore.ieee.org/abstract/document/7021016
42 Hany F. Atlam , Robert J. Walters , Gary B. Wills
2018 Internet of Things: State-of-the-art, Challenges, Applications, and Open Issues
Google scholar
43 Hasan Ali Khattak, Munam Ali shah, Sangeen khan, Ihsan Ali, Muhammad Imran
2019 Perception layer security in Internet of Things www.ub.uu.se
44 Ion Bica, Bogdan-Cosmin Chifor,S, tefan-Ciprian Arseni, Ioana Matei
2019 Multi-Layer IoT Security Framework for Ambient Intelligence Environments
www.ub.uu.se
45 Jayasree Sengupta, Sushmita Ruj, Sipra Das Bit
2020 A Comprehensive Survey on Attacks, Security Issues and Blockchain Solutions for IoT
Google Scholar (Elsevier)
46 Jesus Pacheco, Shalaka Satam, Salim Hariri, Clarisa Grijalva, Helena Berkenbrock
2016 IoT security development framework for building trustworthy smart car services
https://ieeexplore.ieee.org/abstract/document/7745481
47 Jie Lin, Wei Yu, Nan Zhang, Xinyu Yang, Hanlin Zhang, Wei Zhao
2017 A Survey on Internet of Things: Architecture, Enabling Technologies, Security and Privacy,
and Applications
https://ieeexplore.ieee.org/abstract/document/7879243
48 JS Kumar, DR Patels
2014 A Survey on Internet of Things: Security and Privacy Issues
Google Scholar
49 Jyoti Deogirikar ; Amarsinh Vidhate
2017 Security attacks in IoT: A survey https://ieeexplore.ieee.org/abstract/document/8058363
60
50 Kai Zhao, Lina Ge 2013 A Survey on the Internet of Things Security https://ieeexplore.ieee.org/abstract/document/6746513 51 Lo’ai Tawalbeh, Fadi
Muheidat, Mais Tawalbeh, Muhannad Quwaider
2020 IoT Privacy and Security: Challenges and Solutions
www.ub.uu.se
52 Mahmoud Ammar , Giovanni Russello , Bruno Crispo
2018 Internet of Things: A survey on the security of IoT frameworks
www.ub.uu.se
53 Mario Frustaci, Pasquale Pace, Gianluca Aloi
2017 Securing the IoT world: Issues and perspectives
https://ieeexplore.ieee.org/abstract/document/8088629
54 Mayuri A. Bhabad, Sudhir T. Bagade
2015 Internet of Things: Architecture, Security Issues and countermeasures
Google Scholar
55 Mian Muhammad Ahemd ; Munam Ali Shah ; Abdul Wahid
2017 IoT Security: A layered approach for attacks & Defenses
https://ieeexplore.ieee.org/abstract/document/8065757
56 Mohammed Ali Al-Garadi, Amr Mohamed, Abdulla Al-Ali, Xiaojiang Du, Ihsan Ali, Mohsen Guizani
2020 A Survey of Machine and Deep Learning Methods for Internet of Things (IoT) Security
https://ieeexplore.ieee.org/abstract/document/9072101
57 P.P. Ray 2018 A survey on Internet of Things architectures
Google.com (ScienceDirect)
58 Prachin Bhoyar, Parul Sahare, S.B. Dhok, R.B. Deshmukh
2018 Communication technologies and security challenges for internet of things: A
comprehensive review
www.ub.uu.se
59 Qi Jing, Athanasios V. Vasilakos, Jiafu Wan, Jingwei Lu, Dechao Qiu
2014 Security of the Internet of Things: perspectives and challenges
www.ub.uu.se
60 Reem Abdul Rahman, Babar Shah
2016 Security analysis of IoT protocol https://ieeexplore.ieee.org/abstract/document/7460363
61 Ruei-Hau Hsu, Jemin Lee, Tony Q. S. Quek, and Jyh-Cheng Chen
2018 Reconfigurable Security: Edge-Computing-Based Framework for IoT
https://ieeexplore.ieee.org/abstract/document/8473487
62 Sathish Alampalayam Kumar, Tyler Vealey, Harshit Srivastava
2016 Security in Internet of Things: Challenges, Solutions and Future Directions
https://ieeexplore.ieee.org/abstract/document/7427903
63 Shancang Li, Theo Tryfonas, Honglei Li
2016 The Internet of Things: a security point of view
www.ub.uu.se
64 Sowmya Nagasimha Swamy, Dipti Jadhav, Nikita Kulkarni
2017 Security Threats in the Application layer in IOT Applications
Ihttps://ieeexplore.ieee.org/abstract/document/8058395
65 Sudeendra kumar K, Sauvagya sahoo, Abhishek Mahapatra, Ayas Kanta Swain, K.K. Mahapatra
2017 Security Enhancements to system on chip devices for IoT perception layer
https://ieeexplore.ieee.org/abstract/document/8293922
66 Syed Rizvi, Joseph Pfeffer III, Andrew Kurts, Mohammad Rizvi
2018 Securing the Internet of Things (IoT): A security Taxonomy for IoT
https://ieeexplore.ieee.org/abstract/document/8455902
67 Tariq Aziz Rao, Ehsan-ul-Haq
2018 Security challenges facing IoT layers and its protective measures
Google scholar
68 Weizhe Zhang, Baosheng Qu
2013 Security architecture of the Internet of Things oriented to perceptual layer
Google.com
69 Zaied Shouran, Ahmad Ashari, Tri Kuntoro Riyambodo
2019 Internet of Things (IoT) of Smart Home: Privacy and Security
Google scholar (ResearchGate)
70 Zejun Ren, Xiangang Liu, Runguo Ye, Tao Zhang
2017 Security and privacy on Internet of things https://ieeexplore.ieee.org/document/8076530
