1 s2.0 S2667345222000293 Main
1 s2.0 S2667345222000293 Main
1 s2.0 S2667345222000293 Main
A R T I C L E I N F O A B S T R A C T
Keywords: In this study, we review the fundamentals of IoT architecture and we thoroughly present the communication
IoT protocols that have been invented especially for IoT technology. Moreover, we analyze security threats, and
Security general implementation problems, presenting several sectors that can benefit the most from IoT development.
Protocols
Discussion over the findings of this review reveals open issues and challenges and specifies the next steps required
Threats
to expand and support IoT systems in a secure framework.
1. Introduction nor a smartphone is considered IoT devices, regardless of the fact that
both carry sensors and communicate over the Internet. However, wear-
Few decades earlier, the Internet revolutionized our world by con- ables, like smartwatches or fitness trackers could be regarded as ones.
necting users across the globe simultaneously in real-time. Today, the Nevertheless, it is possible for a PC or a smartphone to interact with an
Internet of Things, which is also known as the Internet of Everything or IoT network [2,3].
sometimes referred to as the Industrial Internet, is a paradigm of tech- Connecting all these different objects, which are uniquely identifi-
nology envisaged as a network, connecting machines, and devices glob- able, and attaching sensors, transforms them into digitally intelligent
ally and making them capable of interacting both with each other and the devices, an attribute they would otherwise not possess. As a result, they
physical world autonomously within the existing Internet infrastructure. are capable of communicating data in real-time, subsequently improving
By the term The Internet of Things, abbreviated to IoT, we refer to the their efficiency, and accuracy and making the environment surrounding
innumerable tangible devices around the globe that can be connected to us more clever and quick to respond, accomplishing the fusion of the
the internet. All of these devices collect and share data with each other digital and the physical world [4].
while, simultaneously, eliminating the need for human-to-human or even This notion has multiplied the areas where it could be applied, which
human-to-computer communication. Thanks to the advent of computer in turn, can improve the common welfare by making use of the means
chips at a remarkably low cost, the fact that wireless networks seem to be already available in ways never thought of before and it is considered to
ubiquitous, and in addition, the advance of numerous technologies like be one of the most crucial fields of future technology that is becoming
machine – learning, big data analysis, smart sensors, and especially 5G, it popular with an extensive number of industries [5]. Except for efficiency
has become plausible to convert anything, regardless of its size, to a part and accuracy, the interconnection of IoT devices opens a number of se-
of the IoT, since the technology can be applied to anything, as minuscule curity threats [6] to the users that can be connected to critical systems
as a pill, or even as huge as a tanker ship [1]. [7]. The authors in Ref. [8] have identified the major attacks on
Although plenty of devices can connect to the Internet, we define IoT fog-based Internet of Things (IoT) applications.
devices as those that would not normally be supposed to have Internet The IoT technology forecast of connected devices is expected to in-
access, such as home appliances, health-monitoring devices, or any kind crease by about 300% from 8.7 billion devices in 2020 to more than 25
of equipment and that, at the same time, have the ability to interact with billion IoT devices in 2030. In 2020, China was leading the IoT appli-
each other without human involvement. Subsequently, neither a laptop cations race with more than 3 billion devices in operation. The prevailing
* Corresponding author.
E-mail address: [email protected] (M.A. Ferrag).
https://doi.org/10.1016/j.iotcps.2022.12.003
Received 21 November 2022; Received in revised form 23 December 2022; Accepted 25 December 2022
Available online 4 January 2023
2667-3452/© 2023 The Authors. Published by Elsevier B.V. on behalf of KeAi Communications Co., Ltd. This is an open access article under the CC BY license (http://
creativecommons.org/licenses/by/4.0/).
A. Gerodimos et al. Internet of Things and Cyber-Physical Systems 3 (2023) 1–13
IoT devices are present in each industrial field and retail market. In 2. Related surveys
particular, the retail market comprises around 60% of the total number of
IoT devices in 2020. This allocation is predicted to remain unaltered in Table 1 presents the related studies on security of IoT application
the next ten years [9]. [11]. concentrated on the advanced IoT security vulnerabilities and
Security concerns must be prioritized in order to minimize the attack threats by performing an in-depth review of the existing research in the
surface and prevent security issues, since IoT technology is intended to be field of IoT safety. The research provides a comprehensive overview of
used in numerous critical sectors, particularly the economy and national the current security threats in the communication, architecture, and
security, with varying industry standards and specifications. In addition application contexts. This research also provides a comparison of po-
to cyberattacks, the creation of large-scale heterogeneous networks made tential security challenges in the IoT. In addition, the study provides a
up of constrained nodes working in real-time should be based on an ar- discussion of the current IoT based security environment as well as an
chitecture that can handle factors like reliability [10]; quality of service, overview of the potential threats. The remaining ongoing research
modularity, semantic interoperability, privacy management, and problems and the security deployment challenges in IoT safety are also
compatibility between hardware and software. This article presents a provided [13]. provided a taxonomy review from the view of the three
generic IoT architecture, the communication protocols used in an IoT major layers of importance in the IoT system framework: 1) application
environment and the main threats against availability, integrity and levels; 2) transport; and 3) perception [14]. gives an overview of the
confidentiality. These findings may help developers of Internet of Things architecture of IoT with the help of Smart World. In the second phase of
(IoT) applications create secure IoT applications that protect their users this paper, the authors discuss the security challenges in IoT followed by
and make it easier to deploy IoT applications. the security measures in IoT. Finally, these challenges, which are dis-
The selection of the relevant literature for analysis in this article was cussed in the paper, could be research direction for future work in se-
based on a keyword search, namely, “IoT Architecture”, “IoT Commu- curity for IoT.
nication Protocols”, “IoT Security Issues and Concerns”, and “IoT Ap- A comprehensive study of authentication technologies for IoT appli-
plications”. Through searches of these specific keywords in various cation is presented by Ref. [12]. In particular, more than forty authen-
scientific repositories such as IEEE, Springer, Wiley, ACM, Web of Sci- tication protocols implemented or deployed in the IoT environment are
ence, and Scopus, the first set of potentially relevant research sources identified and reviewed in depth. The protocols are classified according
were identified. The search procedure generated a considerable number to the specific IoT target setting: Internet of Sensors (IoS), Internet of
of findings. In the first step, only the proposed security systems for IoT Energy (IoE), Internet of Vehicles, and Machine to Machine Communi-
were selected for the collection. Then, each source collected was ranked cations (M2M). In addition, this paper presents formal security verifica-
based on the following metrics: 1) Reputation, 2) Suitability, 3) Impor- tion techniques, countermeasures, and threat models used in
tance of the source, 4) Publication date (between 2015 and 2022), and 5) authentication protocols for the IoT. Therefore [15], studied the reli-
Highly impactful articles in the field. The higher the global rating, the ability of the major IoT platforms, a total of 8 platforms are reviewed. In
more the source has been classified in our list. Through the use of this each platform, they provide details on the proposed infrastructure, the
scoring structure, we were able to prioritize the sources. essential elements of third-party smart application development, the
The contributions and novelty of this article are. supported equipment, and the required security functionalities. The
comparison of the safety and security algorithms demonstrates that the
● Examines and describes a generic IoT architecture; identical norms are employed to ensure the security of the connectivity,
● Presents the main communication protocols that are used in the while various specific methods are used to provide other safety and se-
application, transport, network and physical layer; curity characteristics of the IoT frameworks.
● Identifies and describes current security threats in IoT; [16] presented a comprehensive overview of security issues and
● Examines current challenges and discusses possible solutions and threat sources in IoT implementations. Following the discussions of se-
future directions; curity concerns, a variety of existing and newly available strategies that
focus on obtaining a high level of reliability in IoT applications are
The rest of this paper is organized as follows: In section 2, we present reviewed and discussed. There are four various new technologies,
the related surveys on the security of the IoT application In Section 3 we namely, machine learning, edge computing, fog computing, and block-
present the generic architecture of IoT and in Section 4 we give an chain, to enhance the degree of trust in the IoT are described [17].
overview of the communication protocols used. Section 5 discusses se- categorized the threats and IoT-related security issues for the IoT-enabled
curity issues and concerns and gives a thorough understanding of IoT networks by reviewing the current defense mechanisms available. The
security threats. In Section 6 we present the main IoT applications. In study concentrates primarily on surveys of existing network intrusion
Section 7 we discuss open security issues and challenges. Finally, Section detection systems deployment utilities and datasets as well as open and
8 collects and discusses all the conclusions we draw from the presented free software for network detection. In addition, it studies, discusses, and
research work. evaluates state-of-the-art network intrusion detection systems proposi-
tions in the IoT environment in its aspects of architecture, deployment
Table 1
Related studies on security of the internet of things application.
Study IoTArchitecture Communication Protocols Security Issues and Concerns IoT Applications Challenges
2
A. Gerodimos et al. Internet of Things and Cyber-Physical Systems 3 (2023) 1–13
detection methods, verification approaches, threats addressed, and model architectures are described in the literature [24].
deployment of algorithms. For example, in a systematic review of the Internet of Things archi-
[18] introduced the security and privacy research challenges in tecture, examining more than 145 studies and their underlined archi-
IoT-based green agriculture. The study begins by providing a four-level tectures, we noticed that architectures in reference were mainly three-
description of an IoT-based green agriculture architecture and summa- layer, four-layer or five-layer models, while in another survey the layer
rizes available research surveys that address intelligent agriculture. Next, classification was applied in three-, four-, five-, six- or seven-layer models
it proposes a categorization of attack models targeting IoT-based green [25] (See Fig. 1).
agriculture into five types, including attacks against integrity, availabil- To make things more complicated, international organizations and
ity, confidentiality, authentication, and privacy properties. In addition, big tech companies, like the International Telecommunication Union
the study provides a side-by-side comparison and classification of (ITU), the Institute of Electrical and Electronics Engineers (IEEE), Cisco,
state-of-the-art approaches to securing and maintaining privacy for IoT Google, Amazon, and the European Telecommunications Standards
technologies [19]. proposed a review paper that comprehensively in- Institute (ETSI), have presented different IoT frameworks based on
vestigates the current state of the art of blockchain-based IoT security, application requirements, network topology, protocols, business, and
with a particular focus on the security functionalities, challenges, tech- service models, as it encompasses a variety of technologies [26].
niques, applications, and scenarios associated with blockchain-integrated Since there’s still no single standard reference architecture for IoT
IoT. The importance of blockchain and IoT integration and interopera- and not an easy blackprint that can be followed for all possible imple-
bility are presented. mentations, in our approach we chose the 3-layer model that consists of
[20] presented a survey of physical safety and security of IoT devices the Perception, Network/Transmission, and Application Layer, in which
to focus on emerging technology research opportunities in this field. the layers, in any case, cannot be considered as sub-layers and can fully
Then, they provide a discussion of topics such as anti-theft and describe the elementary operations of an IoT implementation [27].
anti-vandalism designs as well as the design of hardware and software
systems, supplemental detection equipment, the use of biometrics and 3.1. Perception layer
behavioral intelligence, and monitoring methods, among other aspects.
In addition, they synthesize the solutions of artificial intelligence for the The Perception or Physical Layer consists of the physical devices,
safety and physical security of IoT devices [21]. provided a very detailed which are the cornerstone of IoT technology, whose purpose is to collect
and complete internet of drones cybersecurity and physical security information, transform them into digital data and pass them to another
survey. Unlike many investigations that provide a classification of layer so that actions can be done based on that information. Acting as a
attacks/threats only, the authors also proposed three taxonomies that are medium between the digital and real world, these physical devices can be
associated with (1) countermeasures, (2) attacks, and (3) drone assets. Sensors (Temperature, Humidity, Light, etc.), Actuators (Electric, Me-
These available studies are either restricted in coverage or only pro- chanical, Hydraulic, etc.), RFID (RFID tags), [28]; Video Trackers (IP
vide partial coverage of the countermeasures for IoT security. To over- camera) or anything that can use data to interact with different devices
come these limitations, in this paper, we review the fundamentals of IoT through a network.
with a general approach, by addressing the problems of standard archi- The difference between the traditional sensors and the smart sensors
tecture, vulnerabilities, and use cases of this promising technology. used in IoT however is that smart sensors include an integrated micro-
processor (DMP), that can process the digitized data captured by the
3. A generic IoT architecture sensor. These data can be normalized, noise filtered, or transformed for
the sake of signal conditioning before being forwarded to other devices
In theory, the term IoT is commonly used to describe the design and throughout the network.
implementation of a network that is successfully handling information
data within the devices included in it. In practice though, since this
3.2. Transmission Layer
network is the Internet, this is something challenging because all of the
devices (Smart Sensors, Data Centers, etc.) that are participating must be
The Transmission Layer which can also be found in the literature as a
able to communicate seamlessly with each other, either directly or
Transportation or Network layer, is located between the perception and
indirectly (i.e. Gateways), in a secure way. As a result, making all the
the application layer. In this layer, the data collected by smart sensors are
devices of the Internet compatible is something that requires specific
transformed and forwarded to the Application Layer using suitable
protocols for communication, standard structure, application compati-
communication channels and protocols for further processing, like
bility, advanced Data Processing capabilities, and many more. Despite
their complexity in certain implementations, their elementary operation
is quite simple [22].
A smart object transmits data collected by its sensors (physical world)
to a data center, (either local or cloud-based), or even another smart
object through an intermediate (gateway). The use of the gateway is not
mandatory as the smart object can potentially work as a gateway too.
Then, the data received “on the other side” are handled and multiple
actions can be initiated. These actions are the ones that add complexity to
the implementation because more interoperability is required to control
or monitor an autonomous car, such as to turn on the heater at certain
degrees.
Although the IoT technology applies to a vastly major number of
fields and is not standardized in any way, we will address a simple
approach by reviewing the basic architecture and the most common
protocols invented for this technology [23].
To define a reference architecture that supports current features and
future extensions scalability, interoperability, data distribution,
computing power, and of course security, some fundamental factors must
be considered regarding the architectural standardization, since several Fig. 1. Elementary IoT structure.
3
A. Gerodimos et al. Internet of Things and Cyber-Physical Systems 3 (2023) 1–13
analysis, data mining, data aggregation, and data encoding, while between both types of connections are power, range, and CPU power
providing network management functionality and not only a basic packet used. IP connections are complex and require increased power and
routing as the network layer of the ISO/OSI model does. memory, but there are no range limitations. Blacktooth connections, on
In IoT implementations, wireless protocols are more commonly used the other hand, are simple and require less power and memory, but the
compared to wired ones, since wireless sensors can be installed even in range is limited.
places that lack the main requisites for wired sensors like power, Single devices like smartphones and personal computers use network
communication cabling, etc. Moreover, in a wireless sensor network, it is protocols for communication, however, general protocols used by these
easier for nodes to be added, removed, or relocated without reconsi- devices might not meet specific requirements like bandwidth, latency,
dering the structure of the entire network. The selection of protocols to and cover distance of IoT-based solutions. Although IoT devices are easy
be used can be based on several factors like hardware heterogeneity, to deploy, their communication protocols are the ones that must bridge
power consumption, transmission speed, and the transmission distance the lack of processing power, range, and reliability with existing internet
needed in each application many others. infrastructure. Since the existing protocols are not meeting the criteria for
In other implementations, however, a wired sensor network is IoT implementation (Wi-Fi 802.11 a/b/g/n/ac, etc.), we will review
preferred since these networks are more reliable, more secure, and offer some new IoT protocols created for IoT application requirements.
higher transmission data speeds. For example, in IoT implementations in Since power consumption is an important factor when designing IoT
a hospital, where reliability and speed are major factors for saving a networks, low-power wireless network technologies are preferable.
patient’s life, wired sensors are preferable and the requisites for their These technologies generally fall into two groups.
installation can be planned during the hospital’s initial design (wiring,
power delivery cables, etc.). ● Low Power Wide Area Networking (LPWAN) that provides an
In general, smart sensors must be able to communicate with each extended range up to several kilometers, but with limited data rates
other through the Internet to handle information and interact with the for most (e.g., 6LoWPAN, LoRaWAN, Sigfox, NB-IoT, Wi-Fi
physical world, while being uniquely identified to prevent data conflicts. HaLowTM);
Depending on the specific applications, smart objects can be directly ● Wireless Personal Area Networking (WPAN) technologies, with a
reachable without the need of an intermediary gateway, implement a UI range of up to 100 m and data rates up to 250 kbps for Zigbee and up
making user interaction possible and many more. to 3 Mbit/s for blacktooth Low Energy.
4
A. Gerodimos et al. Internet of Things and Cyber-Physical Systems 3 (2023) 1–13
networks [30]. ISO and IEC International Standard in 2014 and it comprises of several
Communication in IoT technologies covers both wired and wireless layers. The lowest level is for transporting messages between two pro-
connections. Depending on the connection type, communication pro- cesses, and the messaging layer defines the standard encoding format
tocols, in a 4-layer network, are described per layer in the sequel. every message should have.
Five different protocols are described below for the application layer; A considerable number of protocols are commonly used at the
the MQTT, the CoAP, the REST, the XMPP, and the AMQP. Inherent transport layer, as described in the following paragraphs.
security-related features and problems are also discussed.
4.4.1. TCP
4.3.1. MQTT The Transmission Control Protocol (TCP) is a connection-oriented
The Message Queuing Telemetry Transport (MQTT) protocol is a reliable protocol that operates in three phases. It belongs to the
messaging protocol for publishing and subscribing that works on the very internet protocol suite and it is widely used for connections between
simple client/server model, and runs over TCP/IP or other protocols. It is devices. The great packet overhead generated ranks it in the heavyweight
more suitable for constrained environments, such as in IoT, because it is protocols category, with large power consumption.
open, lightweight, and easily implementable. Security requirements that
should be fulfilled in MQTT implementations are authentication, 4.4.2. UDP
authorization, and secure communication. In critical infrastructures and The User Datagram Protocol (UDP) is a connectionless lightweight
applications with sensitive information, MQTT can work and offer protocol, which can be used when packet loss is acceptable during data
advanced security services with the use of specific recommended transmission. It is preferable for communication in Wireless Sensor
features. Networks, but is not reliable. It is not required to establish a connection
before transferring data.
4.3.2. CoAP
The Constrained Application Protocol (CoAP) is defined as a 4.4.3. DCCP
specialized web transfer protocol in RFC 7252. It is a lightweight pro- The Datagram Congestion Control Protocol (DCCP) is a transport
tocol, with low transmission rate, proposed for use with constrained protocol for bidirectional unicast connections. It is used for applications
nodes and constrained networks, and its name is designated by this. The such as streaming media and VoIP, where TCP is not able to control time
design is appropriate for machine-to-machine (M2M) applications such delays and commit reliable in-order delivery. On the other hand, UDP
as supply chain management and smart meters for tracking energy con- applications are able to control delays, but DCCP has an embedded
sumption. It can interface with HTTP very well, which facilitates inte- congestion control mechanism to avoid them.
gration with the Web. But the CoAP is not a secure protocol, and this is a
serious disadvantage. Security is achieved with the Datagram Transport 4.4.4. SCTP
Layer Security (DTLS), defined in Ref. [31]; which unfortunately has no The Stream Control Transmission Protocol (SCTP) is a reliable
wide use in IoT. transport protocol for PSTN signaling of messages transmitted over IP. It
has been designed to resist masquerade attacks and to avoid flooding
4.3.3. REST attacks.
The Representational State Transfer (REST) is a hybrid architectural
style for distributed hypermedia systems introduced by Fielding in 4.4.5. RSVP
Ref. [32]. It includes a set of rules that describe the software engineering The Resource Reservation Protocol (RSVP) is a protocol for specific
guiding principles to build an application with certain constraints. It is QoS requests applied by hosts and delivered by rooters to nodes in order
used for the construction of web services, also called RESTful. REST in- to ensure and provide the requested service. The result is resource
cludes a) the client-server constraint, b) the stateless constraint, which reservation along the data stream paths.
achieves visibility, reliability, and scalability, c) the cache constraint,
which improves network efficiency, d) a set of four constraints for a 4.4.6. TLS
uniform interface between components, e) layered system constraints, Transport Layer Security (TLS) is a protocol used over the internet to
and f) the code-on-demand optional constraint. provide secure communication between client/server applications. The
use of cryptographic algorithms prevents data interception, forgery and
4.3.4. XMPP message alterations. Version 1.3 is valid since 2018.
The Extensible Messaging and Presence Protocol (XMPP) is an open
XML technology for real-time communication. It is used for instant 4.4.7. DTLS
messaging, presence, and collaboration. Presence specifies that an entity The Datagram Transport Layer Security (DTLS) is based on the TLS
is ready for messaging. Messaging uses an efficient push mechanism that protocol, which cannot be directly used in datagram environments
ensures real-time capability. The open design of XMPP facilitates changes because of packet loss and packet reordering problems. Thus, the DTLS is
and allows its extensible feature, which complies with an IoT imple- the TLS with the required alterations that fix these problems and enhance
mentation. A significant number of CVE codes have been recently added reliability.
in NVD databases maintained by NIST, related to known vulnerabilities
of XMPP that permit a series of attacks to take place. 4.4.8. RPL
The RPL is an IPv6 Routing Protocol designed for Low-Power and
4.3.5. AMQP Lossy Networks (LLNs), a class of networks with memory, processing
The Advanced Message Queuing Protocol (AMQP) is an open stan- power, and energy constraints. It uses the Destination Oriented Directed
dard suitable for business messaging between applications, which oper- Acyclic Graph (DODAG) for data routing, and because it is based on the
ates asynchronously across different organizations and platforms. It is a IPv6 standard it is preferable for IoT applications.
wire-level protocol that allows reliable business messaging. Some of
the main characteristics included in AMQP’s design aim at ensuring se- 4.4.9. CARP
curity, reliability, and interoperability. It was approved for release as an The Channel-Aware Routing Protocol (CARP) is a distributed cross-
5
A. Gerodimos et al. Internet of Things and Cyber-Physical Systems 3 (2023) 1–13
layer protocol developed for underwater Wireless Sensor Networks for 4.5.2. Blacktooth
multi-hop delivery of data to the sink. Blacktooth Low Energy (LE) radio is preferable for IoT implementa-
tion because it is designed to operate at very low power. It is able to
4.4.10. CORPL transmit data over a large number of channels, offering the necessary
The Cognitive RPL (CORPL) is an extension of RPL protocol for openness to be implemented in multiple different communication to-
cognitive networks, which also uses DODAG adapted properly to cogni- pologies, from point-to-point to broadcast and to mesh topologies, and
tive networks. next to large-scale wireless device networks. In addition, it provides
device positioning services with high accuracy. It is widely used because
4.4.11. QUIC it is perfect for the most modern mobile devices, such as wearables and
The Quick UDP Internet Connections (QUIC) is a connection-oriented smartphones, which have been spread worldwide.
protocol between two endpoints that exchange UDP datagrams. It pro-
vides low-latency connections and ensures confidentiality, integrity, and 4.5.3. ZigBee
availability by incorporating security measures. This makes QUIC as ZigBee is a protocol with analogous significant usage as blacktooth in
secure as the TLS protocol. IoT infrastructures. It covers advanced security requirements, with low
power consumption, low data range, and up to 200 m communication
4.4.12. uIP range, which is double long compared to the corresponding blacktooth.
The uIP TCP/IP stack achieves communications using the TCP/IP Suitable for sensors and devices with several constraints, it facilitates the
protocol suite on very small micro-controllers, even 8-bit small. It is a construction of large IoT models with numerous of nodes.
very small implementation of TCP/IP stack, written as simply as possible
in the C programming language. The code requires a few KB and the RAM 4.5.4. Z-wave
is extremely limited. Its design includes a minimal set of features required Z-Wave is a wireless protocol designed for home automation. It
by a complete TCP/IP stack and contains the IP, the ICMP, the UDP, and operates on its own radio frequency range, which mitigates interference
the TCP protocols. The peers of uIP can also run a lightweight stack. problems.
6
A. Gerodimos et al. Internet of Things and Cyber-Physical Systems 3 (2023) 1–13
5.1. Perception layer Table 3 presents the attack types identified at the Perception Layer in
IoT systems as the most significant. The targets of these attacks are the
The most important threats that endanger the Perception Layer have devices, a node, the whole network, or information transferred during an
been selected and described in the sequel. authentication procedure [47]. The weaknesses of the devices, systems,
or protocols that facilitate them are mainly located in the power limita-
● Eavesdropping: IoT Devices are vulnerable to Eavesdropping Attacks tions devices have, in inherent problematic issues in protocols or the IoT
because they lack the processing power for encryption techniques, in infrastructure and construction itself. The last column of the table pro-
contrast to non-IoT network devices. Additionally, if the devices are poses any countermeasures to prevent or detect such attacks, avoid the
operating in a remote location with minimum or no physical consequences and mitigate the damage spread.
7
A. Gerodimos et al. Internet of Things and Cyber-Physical Systems 3 (2023) 1–13
Fig. 3. Attack Types that affect confidentiality, integrity, and availability in a 3-layer IoT architecture.
8
A. Gerodimos et al. Internet of Things and Cyber-Physical Systems 3 (2023) 1–13
Table 4
Attack surface at the network layer in IoT systems.
Attack Target Weakness Countermeasure
DoS Attack Devices or Network Resources Vulnerable Protocols. Detection Mechanisms [54]
IP Fragmentation Attacks Network’s MTU Vulnerable Protocols. Detection Mechanisms [55]
Man in The Middle Attacks Communication Data Vulnerable Protocols. E2E encryption [41]
Storage Attacks Data Stored on Storage Devices No Encryption. Lightweight Encryption Algorithms [56]
Exploit Attacks System and Information Stored Application, System, and Hardware Application and System Upgrade, Hardware Replacement
Vulnerabilities. [57]
weaknesses are now located in the protocols, as well as in applications, or applications and the system. The last column of the table that proposes
even the hardware. The last column of the table proposes some coun- some countermeasures are all towards the detection of these attacks, as
termeasures to prevent or detect these attacks, and advance security. prevention mechanisms have failed to stop them and thus they occur
[63].
5.3. Application layer
5.4. Cross-layer attacks
The Application Layer is more prone to security issues compared to
the other two layers, due to its diversity. The Application Layer consists Except for the aforementioned, cross-layer attacks are also a threat to
of the applications and software built for IoT implementations and since IoT systems. As stated in Ref. [64] a cross-layer attack that combines
these are countless, so are the applications built for them. For example, vulnerabilities across multiple network protocol layers can cause more
when IoT is used for Smart Home applications, the threats and vulnera- damage as compared to a single-layer attack. Several scholars have
bilities may come from every application with access to the hardware investigated cross-layer attacks. Radosavac and Benammar introduced
used either from the inside (control center or even our mobile app) or DoS (Denial of Service) attacks in wireless ad hoc networks that
outside (remote applications). disseminate from MAC to the network layer, causing the interrupt in
Some of the most common security threats of the Application Layer in critical routes [65]. Wang and Yan [66] study coordinated attacks by
IoT are. reporting false sensed data attacks (RFSD) at the PHY layer. Recently
[64] proposed Rank Manipulation and Drop Delay (RMDD) cross-layer
● Cross Site Scripting: In Cross Site Scripting attacks the adversary in- attack in loT, and looked into how a low-intensity attack on the rout-
jects malicious code scripts, such as java scripts, in a trusted domain ing protocol for low power lossy networks (RPL) reduces application
site viewed by many other users. With this action, the adversary can throughput.
alter the contents of an application according to his purposes and use
original information in a malicious way [58].
5.5. Countermeasures
● Malicious Code Attack: Every software is built with by code and so as
malicious software. Either a Trojan, Virus, Worms, or Backdoors are
In the previous section, we presented a plethora of attacks that can be
malicious code intended to cause undesired effects to the system’s
materialized either in one or several layers affecting the proper operation
operations [59]. Usually, these types of attacks cannot be blocked or
of the applications supported by an IoT. These applications cover all
exposed with anti-virus software and can activate themselves either
critical and everyday aspects of the life of citizens in a modern city and
when certain criteria are met or after user interaction (i.e., opening a
demand cybersecurity solutions that can make these applications trustful,
file).
stable, and safe. Security solutions can be divided into three main cate-
● Cinderella Attacks: These attacks can occur when a malicious user,
gories: software, hardware, and organizational/procedural measures.
gains access to a system and changes the internal clock of the
Every architecture that incorporates IoT solutions should start with
network. This action leads to false premature expiration of the secu-
the adoption of internationally accepted security standards within or-
rity software (i.e., antivirus), making it useless thus increasing the
ganizations, particularly those that deal with critical operations like
network’s vulnerabilities [60].
health care or energy. The use of security tools for both prevention and
● Big Data Handling: Large IoT networks with many devices interact-
investigation, such as firewalls, intrusion prevention systems (IPS),
ing, create a massive amount of data. If the hardware used in the
intrusion detection systems (IDS), and anti-virus and malware programs
network cannot process the data according to present or future re-
should also be included where needed. The implementation of measures
quirements, it can lead to network disturbance and data losses [18].
for forensics, patching and upgrading, physical security, access control,
and authentication are also important. Finally, the improvement of
Table 5 presents the attack types identified at the Application Layer in
incident response capabilities should always be a priority for all modern
IoT systems as the most crucial. The targets of these attacks are the ap-
digital systems.
plications and the software in general. The weaknesses are located in
Especially for IoT the solutions should include lightweight encryption
Algorithms, distributed detection mechanisms, federated learning,
Table 5 adversarial learning methods, and advanced authentication of both de-
Attack surface at the application layer in IoT systems. vices and users [67]. As stated in Ref. [68] due to the heterogeneity,
Attack Target Weakness Countermeasure scalability, and dynamic nature of the Internet of Things, conventional
Cross Site Application Application and Detection cybersecurity cryptography such as AES (Advanced Encryption Stan-
Scripting System Mechanisms [61] dard), RSA (Rivest–Shamir–Adleman), DES (Data Encryption Standard),
Vulnerabilities. Blowfish, and RC6 cannot be immediately utilized in these domains.
Malicious Application Application and Detection
Solutions like the ones proposed in Refs. [56,69] are good examples of
Code Attack and System System Mechanisms [62]
Vulnerabilities. such solutions.
Cinderella Security System Detection Regarding detection mechanisms that could be used for reporting
Attacks Software Vulnerabilities. Mechanisms [54] abnormal operation of an IoT system several solutions were recently
Big Data System System Detection introduced [54]. proposed a federated learning-based intrusion detection
Handling Vulnerabilities. Mechanisms [54]
system for the protection of agricultural-IoT infrastructures called FELIDS
9
A. Gerodimos et al. Internet of Things and Cyber-Physical Systems 3 (2023) 1–13
that can both protect the privacy of IoT devices data and achieve high 6.3. Environmental applications
accuracy against several attacks. This model has not tested against
adversarial attacks something that was extensively researched by As ESG (Environmental-Social-Governance) is a common tool
Ref. [70] using various adversarial attack strategies. worldwide for new technology evaluation, environmental IoT applica-
tions can be considered important. Real-time maps with air and water
6. IoT applications pollution, pandemic data, noise levels, temperature, and harmful radia-
tion, can now become a reality with the use of smart sensors. Besides that,
As mentioned above, IoT systems could be deployed to support IoT is capable in collecting and storing environmental records, checking
endless applications. Basically, “anything” can be turned into an IoT the compliance of environmental variables with local policies, triggering
device that can interconnect with other devices on a network boosting alerts, or sending recommendation messages to citizens and authorities.
productivity, safety, and cost reduction. However, we will address some These data can be used by governments and organizations as inputs for
of the areas that IoT would reinvent, providing unimaginable capabilities predictive models to forecast environmental variables and track pollution
never thought of before. sources over time and space, ultimately leading to faster and better de-
cisions to ensure a safe and healthy environment for all citizens [71].
6.1. Agricultural
6.4. Maritime industry
IoT implementations can improve different parts of the agro-
industrial industry, like soil state and environmental conditions evalua- Ships and vessels are lacking many of the technologies that are used
tion (Oxygen, Hydration, temperature, CO2), biomass consistency, and onshore, due to the open sea environment (absence of steady internet
more, but also to adjust variables during the production or transportation coverage, equipment more prone to defections, etc.). Since many on-
phase. Another implementation is to keep track of and predict a product’s board departments need to cooperate, real-time information on board
inventory on shelves or even inside refrigerators while processing valu- is crucial. The maintenance department could monitor shipboard
able analytics. Moreover, it can provide reliable information to the end equipment in real time to deal proactively with maintenance, by moni-
user about the originality and ingredients of the product and promote an toring shipboard equipment and machinery enhanced with IoT technol-
informed, connected, developed, and adaptable rural community. In ogy, to discover issues and prevent potential failures. In addition, since
summary, IoT in Agriculture can literally reinvent the industry in the fuel represent about 55% of total ship operating costs, smart sensors and
years to come affecting farmers, suppliers, technicians, distributors, monitoring equipment on-board can track the ship’s performance and
businessmen, consumers, and government representatives [71]. report back to the headquarters on shore, which in turn can support the
ship master and chief engineer with guidance when planning the most
6.2. Health care fuel-efficient route. Finally, identifying optimal speed, current, and up-
coming weather conditions and engine configuration will potentially
IoT, in conjunction with real-time connected objects, can play a sig- save significant amounts of fuel while minimizing CO2 emissions [77].
nificant role in preventing serious illnesses and reducing healthcare costs
[72]. Moreover, the implementation has a long-term impact on the health 6.5. Military
monitoring, administration, and clinical service to patients’ physiological
information. The basic concept consists of patients connected with sen- The capabilities of an IoT system besides wealth creation, produc-
sors and the data are forwarded to the health-monitoring unit. Sometimes tivity, and security can also be used in the Military. Many Countries
data are stored in the cloud, which helps to manage the amount of data worldwide are already trying to promote Military and Defense Applica-
with safety [73]. tions through IoT implementations in order to overcome various warfare
An IoT implementation coupled with machine learning can be used and battlefield challenges. In this case, we have the “Internet of Military
for the early detection of heart diseases [74] or arthritis. This type of Things” (IoMT) which is a class of IoT applications for Intelligent warfare
implementation consists of wearable devices for collecting sensor data, a and modern combat operations. By creating a miniature ecosystem of
cloud center for storing the data, and a regression-based prediction smart technology capable of distilling sensory information and autono-
model for heart diseases and arthritis. mously governing multiple tasks at once, the IoMT is conceptually
Each year, millions of people over 65 years old fall. An IoT imple- designed to offload much of the physical and mental burden that war-
mentation with a simple detection algorithm can be used to detect people fighters encounter in field combat. Use cases like real-time Health
who fall into specific areas. These areas will contain RFID information monitoring, Augmented reality training, superior Fleet management,
and location identification data that can be used to provide alerts to Target recognition, and Battlefield awareness are only a few of the ca-
hospitals and family members thus preventing a possible life loss [75]. pabilities provided by an IoT implementation.
The IoT-based healthcare system can provide ways to collect data
from cancer patients and monitor them on real-time for long periods 6.6. Smart cities
while using a variety of sensors and communication protocols. The use of
a network of sensors and suitable communication protocols allows us to IoT applications in a city are unimaginable and include everything
have smart devices which can transmit data remotely through different from energy management, smart lighting, and intelligent traffic man-
servers from one end to the other. It can become quite easy for patients agement to water treatment and wastewater management or evacuation
and the specialized medical staff, such as oncologists, to monitor and guidelines in case of an emergency. In a machine-to-human approach,
analyze the health condition of cancer patients, especially beneficial for data from sensors in traffic lights can be used by the central authority to
those with deteriorating health situations. adjust traffic flow. In a machine-to-machine approach, intelligent traffic
During a pandemic, like COVID-19, IoT can be used to monitor systems (i.e., smart traffic lights, traffic cameras, and a cloud data center)
quarantined and high-risk patients by using the internet and a smart can monitor traffic and public transportation to calculate possible up-
sensor or a mobile phone [76]. Moreover, tracking the location of med- coming congestion with the use of A.I. and prevent them by adjusting
ical equipment in real-time can improve treatment process speed while traffic flow. IoT sensors in streetlights could also adjust not only power
providing procedure transparency. states (ON/OFF) but also brightness depending on real light conditions
(i.e., from dusk till dawn). Considering the number of streetlights that
can be found in a city, these few watts from every streetlight add up,
making the savings and environmental impact worthy. Moreover, those
10
A. Gerodimos et al. Internet of Things and Cyber-Physical Systems 3 (2023) 1–13
same sensors can also alert if light needs servicing, reducing repair tickets 7.2. Integration
and saving time to the service department [78].
A Smart Campus is a similar case, because we can assume it is a In communication networks, device integration is highly affected by
miniature of a Smart City with a more demanding framework that en- the lack of effective standards and IoT is no exception. Since “traditional”
ables learning, social interaction, and creativity. Monitoring a smart communication interoperability is challenging due to the wide range of
campus with a robust surveillance system is essential to ensure its available technologies making it hard to communicate seamlessly be-
uninterruptible secure operation. Security-relevant findings for the con- tween multi-vendor devices, IoT communication interoperability is more
struction of such monitoring systems are provided by the survey in difficult to implement due to different programming languages and an
Ref. [79]. enormous number of different components, utilized in the IoT hardware
development. With these types of incompatibilities, the reliability of a
network is dramatically decreased making communication unstable.
6.7. Transportation and logistics These issues have led the market to propose certain solutions like stan-
dardization of protocols, but these solutions leave behind many incom-
Transportation and logistics are industries that already reap the patible hardware devices.
benefits of IO systems from a variety of applications. However, IoT could
inform, in real-time, all kinds of fleets (cars, trucks, ships, trains, etc.) that 7.3. Privacy
carry goods, to reroute based on traffic, upcoming weather conditions,
and vehicle or driver availability, thanks to IoT sensor data. The in- Since connected devices around the world are increasing exponen-
ventory itself could also be equipped with sensors for tracking and tially, adversaries now have many more potential entry points into a
temperature-control monitoring, as many industries like food and network. In simple terms, for every new IoT device connected to a
beverage, flower, and pharmaceutical often carry temperature-sensitive network the attack surface increases because an adversary now has many
products. In this case, alerts can be sent when temperatures change to more devices prone to hacking thus exposing the whole network’s safety.
a level that threatens the product. Furthermore, blockchain technologies Additionally, the ability to collect and distribute data and information to
can be used to ensure that the information about the transportation of another device or network autonomously is also a disadvantage since the
goods has not been altered [45]. data could be sensitive but certainly will be vulnerable. For example,
there are IoT devices that require users to agree to terms and conditions
of service before interacting with them. These types of agreements can
6.8. Smart grid expose users’ data making them vulnerable to attack. Therefore, strate-
gies need to be developed to handle people’s privacy options across a
Always, energy grids were designed to deliver electricity from large broad spectrum of expectations. Since ease of use and security are “en-
power stations powered by coal, nuclear, etc. To a wide network of emies”, the industry must figure out a solution that promotes techno-
homes and businesses. Until now, the electric grid could not accept logical innovation and services while avoiding putting sensitive private
power contributions from houses and businesses that are harvesting data and information in danger.
power via renewable sources (solar panels, windmills, etc.). A smart grid
though, is capable of accepting power from decentralized mini power 7.4. Regulation
stations like a house with solar panels while coupled with wireless smart
meters, can monitor how much energy a net-positive establishment is Due to the diversity in the implementations of IoT technology and the
generating and reimburse them accordingly. Besides smart meters, every legal scope that regulates IoT devices, there have been numerous di-
piece of equipment can connect to the grid as well, enhancing its utili- lemmas with reference to the regulations and laws that apply, compli-
zation. For example, data from weather stations could inform the grid cating its users whether certain actions are prohibited or not in each
that in upcoming cloudy weather the solar panels will stop contributing jurisdiction [82]. Some of the legal questions that have arisen with re-
power, hence the grid should adapt to this parameter [80]. gard to the use of IoT devices include data retention and destruction
policies, legal liability for unintended uses of IoT devices, security
7. Challenges breaches or privacy lapses, to name just a few [83]. Additionally, global
regulation, for instance, rules, processes, protocols, audits, transparency,
Nowadays, numerous IoT devices are interacting through networks to and continuity, is thus far absent in the IoT sphere, as a result of the
provide for the user, with the required information. However, when nonexistent legislation applied in general in the IoT field. Such regula-
addressing IoT implementations it is not that easy, since besides security, tions in the industrial, national, and international spheres could be
many challenges arise, and in the next sessions we will briefly describe remarkably beneficial in assisting organizations to become more efficient
some of the key challenges [81]. and reliable as far as systems are concerned and contribute to the less-
ening of errors in the future [84].
As mentioned above, standardization is necessary because, without IoT devices have to successfully resist a challenge to their own energy
established regulations, precise guidelines, and worldwide standards, the efficiency. Small or tiny ones base their operation and effectiveness
industry will eventually face serious incompatibilities from unregulated usually on a battery’s capacity and well-charging capabilities with the
IoT expansion which are more difficult to track and examine their im- required periodical services. Software is responsible for controlling and
pacts to different sectors. In addition, many IoT devices are handling checking the energy requirements, and for optimizing energy consump-
unstructured data that are stored in various types of databases (NoSQL tion as an ongoing task. But hardware does not make energy consumption
etc.) with different querying approaches, creating incompatibilities be- visible by the software, and thus how software fails to serve certain
tween systems. Since the number of end users keeps rising along with the checks properly. The device then might discontinue its operation due to
extensive use of IoT devices in many sectors, a new attack vector arises. energy exhaustion. Energy transparency between software development
Similar attack methods have led to increased acceptance of the need for and hardware is a promising proposal in Ref. [85]. Transparency is
regulation, legislation, stronger protection measures, and more strict achieved by creating a bridge between hardware and software, which
controls for devices that authenticate on the Internet [3]. will facilitate the interoperability between them and will ensure the
11
A. Gerodimos et al. Internet of Things and Cyber-Physical Systems 3 (2023) 1–13
energy consumption estimation for the continuous functioning of a [9] S. Al-Sarawi, M. Anbar, R. Abdullah, A.B. Al Hawari, Internet of things market
analysis forecasts, 2020–2030, in: 2020 Fourth World Conference on Smart Trends
device.
in Systems, Security and Sustainability (WorldS4), IEEE, 2020, pp. 449–453.
[10] L.A. Maglaras, M.A. Ferrag, H. Janicke, N. Ayres, L. Tassiulas, Reliability, security,
7.6. Hardware and privacy in power grids, Computer 55 (2022b) 85–88.
[11] F.A. Alaba, M. Othman, I.A.T. Hashem, F. Alotaibi, Internet of things security: a
survey, J. Netw. Comput. Appl. 88 (2017) 10–28.
The emerging technology of IoT hardware has many different chal- [12] M.A. Ferrag, L.A. Maglaras, H. Janicke, J. Jiang, L. Shu, Authentication Protocols
lenging perspectives. Several types of sensors for temperature, light, or for Internet of Things: a Comprehensive Survey. Security and Communication
Networks 2017, 2017.
humidity, various smart wearables for head, arm, or feet, and standard [13] M. Frustaci, P. Pace, G. Aloi, G. Fortino, Evaluating critical security issues of the iot
devices, such as tablets and smartphones, each impose a set of re- world: present and future challenges, IEEE Internet Things J. 5 (2017) 2483–2495.
quirements that need to be fulfilled, and all construct and assemble an [14] S. Vashi, J. Ram, J. Modi, S. Verma, C. Prakash, Internet of things (iot): a vision,
architectural elements, and security issues, in: 2017 International Conference on I-
IoT infrastructure. In addition, hardware-level security concerns [86]
SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC), IEEE, 2017,
were raised due to this diversity and the necessity to absorb it under the pp. 492–496.
umbrella of a secure application. [15] M. Ammar, G. Russello, B. Crispo, Internet of things: a survey on the security of iot
frameworks, J. Inf. Secur. Appl. 38 (2018) 8–27.
[16] V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal, B. Sikdar, A survey on iot
7.7. Cost security: application areas, security threats, and solution architectures, IEEE Access
7 (2019) 82721–82743.
[17] N. Chaabouni, M. Mosbah, A. Zemmari, C. Sauvignac, P. Faruki, Network intrusion
It is hard to separate a challenge from the above list from the cost detection for iot security based on learning techniques, IEEE Commun. Surv. Tutor.
factor. Standardization suppresses incompatibilities, lack of device inte- 21 (2019) 2671–2701.
gration reduces network reliability, data privacy requires advanced se- [18] M.A. Ferrag, L. Shu, X. Yang, A. Derhab, L. Maglaras, Security and privacy for green
iot-based agriculture: review, blockchain solutions, and challenges, IEEE Access 8
curity strategies, a global legislation framework will promote the (2020b) 32031–32053.
reliability of IoT systems, energy exhaustion affects the operation, and [19] L. Da Xu, Y. Lu, L. Li, Embedding blockchain technology into iot for security: a
hardware diversification all directly or indirectly influence and deter- survey, IEEE Internet Things J. 8 (2021) 10452–10473.
[20] X. Yang, L. Shu, Y. Liu, G.P. Hancke, M.A. Ferrag, K. Huang, Physical security and
mine cost. Consequently, organizations with IoT infrastructures confront
safety of iot equipment: a survey of recent advances and opportunities, IEEE Trans.
a sequence of challenges, including cost evaluation [87]; to ensure Ind. Inf. 18 (2022) 4319–4330.
beneficial results when taking critical decisions. [21] A. Derhab, O. Cheikhrouhou, A. Allouch, A. Koubaa, B. Qureshi, M.A. Ferrag,
L. Maglaras, F.A. Khan, Internet of drones security: taxonomies, open issues, and
future directions, Veh. Commun. (2022), 100552.
8. Conclusions [22] A. Chaudhary, S.K. Peddoju, K. Kadarla, Study of internet-of-things messaging
protocols used for exchanging data with external sources, in: 2017 IEEE 14th
With the advance of low-cost computing, cloud services, big data International Conference on Mobile Ad Hoc and Sensor Systems (MASS), IEEE,
2017, pp. 666–671.
technologies, analytics, and mobile technologies, small-size physical [23] D. Serpanos, M. Wolf, The iot landscape, in: Internet-of-Things (IoT) Systems,
devices forming a network, can collect and exchange data without human Springer, 2018, pp. 1–6.
intervention. In this hyperconnected environment, every node can re- [24] B.B. Gupta, M. Quamara, An overview of internet of things (iot): architectural
aspects, challenges, and protocols, Concurrency Comput. Pract. Ex. 32 (2020),
cord, monitor, and adjust each interaction between connected things. e4946.
This promising technology threatens users’ privacy and security in the [25] M.G.d. Santos, D. Ameyed, F. Petrillo, F. Jaafar, M. Cheriet, Internet of Things
different environments under which is deployed. For this reason, solu- Architectures: A Comparative Study, 2020 arXiv preprint arXiv:2004.12936.
[26] P. Pierleoni, R. Concetti, A. Belli, L. Palma, Amazon, google and microsoft solutions
tions to threat detection, intrusion, compromise or misuse in the IoT for iot: architectures and a performance comparison, IEEE Access 8 (2019)
domain should be developed and generally agreed-upon standards and 5455–5470.
security regulations are necessary for the industry to thrive. Since the [27] M. Lombardi, F. Pascale, D. Santaniello, Internet of things: a general overview
between architectures, protocols and applications, Information 12 (2021) 87.
advantages of the technology are not questionable, governments and [28] A. Sparavigna, Labels Discover Physics: the Development of New Labelling Methods
engineers must unite their powers and overcome the challenges to make as a Promising Research Field for Applied Physics, 2008 arXiv preprint arXiv:
IoT networks be viewed as traditional networks making the term Internet 0801.2700.
[29] K. Setetemela, K. Keta, M. Nkhabu, S. Winberg, Python-based fpga implementation
of Everything valid.
of aes using migen for internet of things security, in: 2019 IEEE 10th International
Conference on Mechanical and Intelligent Manufacturing Technologies (ICMIMT),
Declaration of competing interest IEEE, 2019, pp. 194–198.
[30] I.B.F. de Almeida, L.L. Mendes, J.J. Rodrigues, M.A. da Cruz, 5g waveforms for iot
applications, IEEE Commun. Surv. Tutor. 21 (2019) 2554–2567.
The authors declare that they have no known competing financial [31] E. Rescorla, N. Modadugu, Rfc 6347: Datagram Transport Layer Security Version
interests or personal relationships that could have appeared to influence 1.2, Internet Engineering Task Force (IETF), 2012, p. 2070, 1721.
[32] R.T. Fielding, Rest: Architectural Styles and the Design of Network-Based Software
the work reported in this paper. Architectures, Doctoral dissertation, University of California, 2000.
[33] J. de Carvalho Silva, J.J. Rodrigues, A.M. Alberti, P. Solic, A.L. Aquino, Lorawan—a
References low power wan protocol for internet of things: a review and opportunities, in: 2017
2nd International Multidisciplinary Conference on Computer and Energy Science
(SpliTech), IEEE, 2017, pp. 1–6.
[1] A. Rayes, S. Salam, Internet of Things from Hype to Reality, Springer, 2017.
[34] K.F. Jasim, R.J. Ismail, A.A.N. Al-Rabeeah, S. Solaimanzadeh, Analysis the
[2] I. Lee, K. Lee, The internet of things (iot): applications, investments, and challenges
Structures of Some Symmetric Cipher Algorithms Suitable for the Security of Iot
for enterprises, Bus. Horiz. 58 (2015) 431–440.
Devices, vol. 5, Cihan University-Erbil Scientific Journal, 2021, pp. 13–19.
[3] M.A. Ferrag, L. Maglaras, A. Derhab, Authentication and Authorization for Mobile
[35] J. Ahamed, A.V. Rajan, Internet of things (iot): application systems and security
Iot Devices Using Biofeatures: Recent Advances and Future Trends, Security and
vulnerabilities, in: 2016 5th International Conference on Electronic Devices,
Communication Networks, 2019, 2019.
Systems and Applications (ICEDSA), IEEE, 2016, pp. 1–5.
[4] S. Khan, K.A. Shakil, M. Alam, Internet of Things (IoT): Concepts and Applications,
[36] K. Aarika, M. Bouhlal, R.A. Abdelouahid, S. Elfilali, E. Benlahmar, Perception layer
Springer, 2020.
security in the internet of things, Procedia Comput. Sci. 175 (2020) 591–596.
[5] J. Wang, M.K. Lim, C. Wang, M.L. Tseng, The evolution of the internet of things (iot)
[37] B.A. Alohali, V.G. Vassilakis, I.D. Moscholios, M.D. Logothetis, A secure scheme for
over the past 20 years, Comput. Ind. Eng. 155 (2021), 107174.
group communication of wireless iot devices, in: 2018 11th International
[6] M.A. Ferrag, L. Maglaras, A. Ahmim, M. Derdour, H. Janicke, Rdtids: rules and
Symposium on Communication Systems, Networks & Digital Signal Processing
decision tree-based intrusion detection system for internet-of-things networks,
(CSNDSP), IEEE, 2018, pp. 1–6.
Future Internet 12 (2020a) 44.
[38] J. Pan, Z. Yang, Cybersecurity challenges and opportunities in the new” edge
[7] L. Maglaras, M.A. Ferrag, A. Derhab, M. Mukherjee, H. Janicke, S. Rallis, Threats,
computingþ iot” world, in: Proceedings of the 2018 ACM International Workshop
Protection and Attribution of Cyber Attacks on Critical Infrastructures, 2019 arXiv
on Security in Software Defined Networks & Network Function Virtualization,
preprint arXiv:1901.03899.
2018, pp. 29–32.
[8] M. Mukherjee, M.A. Ferrag, L. Maglaras, A. Derhab, M. Aazam, Security and privacy
issues and solutions for fog. Fog and fogonomics: challenges and practices of fog
computing, Commun. Netw. Strat. Econ. (2020) 353–374.
12
A. Gerodimos et al. Internet of Things and Cyber-Physical Systems 3 (2023) 1–13
[39] M.S. Wara, Q. Yu, New replay attacks on zigbee devices for internet-of-things (iot) [64] V.K. Asati, E.S. Pilli, S.K. Vipparthi, S. Garg, S. Singhal, S. Pancholi, Rmdd: cross
applications, in: 2020 IEEE International Conference on Embedded Software and layer attack in internet of things, in: 2018 International Conference on Advances in
Systems (ICESS), IEEE, 2020, pp. 1–6. Computing, Communications and Informatics (ICACCI), IEEE, 2018, pp. 172–178.
[40] S. Takarabt, A. Schaub, A. Facon, S. Guilley, L. Sauvage, Y. Souissi, Y. Mathieu, [65] S. Radosavac, N. Benammar, J.S. Baras, Cross-layer attacks in wireless ad hoc
Cache-timing attacks still threaten iot devices, in: International Conference on networks, in: Conference on Information Sciences and Systems, 2004.
Codes, Cryptology, and Information Security, Springer, 2019, pp. 13–30. [66] W. Wang, Y. Sun, H. Li, Z. Han, Cross-layer attack and defense in cognitive radio
[41] L. Maglaras, N. Ayres, S. Moschoyiannis, L. Tassiulas, The end of eavesdropping networks, in: 2010 IEEE Global Telecommunications Conference GLOBECOM 2010,
attacks through the use of advanced end to end encryption mechanisms, in: IEEE IEEE, 2010, pp. 1–6.
INFOCOM 2022-IEEE Conference on Computer Communications Workshops [67] V. Papaspirou, L. Maglaras, M.A. Ferrag, I. Kantzavelou, H. Janicke, C. Douligeris,
(INFOCOM WKSHPS), IEEE, 2022a, pp. 1–2. A novel two-factor honeytoken authentication mechanism, in: 2021 International
[42] A. Guezzaz, S. Benkirane, M. Azrour, A novel anomaly network intrusion detection Conference on Computer Communications and Networks (ICCCN), IEEE, 2021,
system for internet of things security, in: IoT and Smart Devices for Sustainable pp. 1–7.
Environment, Springer, 2022, pp. 129–138. [68] M. Rana, Q. Mamun, R. Islam, Lightweight cryptography in iot networks: a survey,
[43] G. Rathee, C.A. Kerrache, C.T. Calafate, An ambient intelligence approach to Future Generat. Comput. Syst. 129 (2022) 77–89.
provide secure and trusted pub/sub messaging systems in iot environments, [69] R. Hedayati, S. Mostafavi, A lightweight image encryption algorithm for secure
Comput. Network. 218 (2022a), 109401. communications in multimedia internet of things, Wireless Pers. Commun. 123
[44] G. Rathee, C.A. Kerrache, M. Lahby, Trustblksys: a trusted and blockchained (2022) 1121–1143.
cybersecure system for iiot, IEEE Trans. Ind. Inf. 19 (2022c) 1592–1599. [70] N. Martins, J.M. Cruz, T. Cruz, P.H. Abreu, Adversarial machine learning applied to
[45] G. Rathee, C.A. Kerrache, M.A. Ferrag, A blockchain-based intrusion detection intrusion and malware scenarios: a systematic review, IEEE Access 8 (2020)
system using viterbi algorithm and indirect trust for iiot systems, J. Sens. Actuator 35403–35419.
Netw. 11 (2022b) 71. [71] J.M. Talavera, L.E. Tob on, J.A. G
omez, M.A. Culman, J.M. Aranda, D.T. Parra,
[46] S. Singh, S. Rathore, O. Alfarraj, A. Tolba, B. Yoon, A framework for privacy- L.A. Quiroz, A. Hoyos, L.E. Garreta, Review of iot applications in agro-industrial and
preservation of iot healthcare data using federated learning and blockchain environmental fields, Comput. Electron. Agric. 142 (2017) 283–297.
technology, Future Generat. Comput. Syst. 129 (2022) 380–388. [72] O. Rehman, Z. Farrukh, A.M. Al-Busaidi, K. Cha, S.J. Park, I.M. Rahman, Iot
[47] G. Alqarawi, B. Alkhalifah, N. Alharbi, S. El Khediri, Internet-of-things security and Powered Cancer Observation System, 2020.
vulnerabilities: case study, J. Appl. Secur. Res. (2022) 1–17. [73] V. Kelli, P. Sarigiannidis, V. Argyriou, T. Lagkas, V. Vitsas, A cyber resilience
[48] M.M. Salim, S. Rathore, J.H. Park, Distributed denial of service attacks and its framework for ng-iot healthcare using machine learning and blockchain, in: ICC
defenses in iot: a survey, J. Supercomput. 76 (2020) 5320–5363. 2021-IEEE International Conference on Communications, IEEE, 2021, pp. 1–6.
[49] S. Salah, B.M. Amro, Big picture: analysis of ddos attacks map-systems and network, [74] P.M. Kumar, U.D. Gandhi, A novel three-tier internet of things architecture with
cloud computing, scada systems, and iot, Int. J. Internet Technol. Secur. Trans. 12 machine learning algorithm for early detection of heart diseases, Comput. Electr.
(2022) 543–565. Eng. 65 (2018) 222–235.
[50] M. Thankappan, H. Rif a-Pous, C. Garrigues, Multi-channel Man-In-The-Middle [75] S. Selvaraj, S. Sundaravaradhan, Challenges and opportunities in iot healthcare
Attacks against Protected Wi-Fi Networks: A State of the Art Review, 2022 arXiv systems: a systematic review, SN Appl. Sci. 2 (2020) 1–8.
preprint arXiv:2203.00579. [76] M. Umair, M. Cheema, O. Cheema, H. Li, H. Lu, Impact of covid-19 on iot adoption
[51] A. Dorri, S. Mishra, R. Jurdak, Vericom: a verification and communication in healthcare, smart homes, smart buildings, smart cities, transportation and
architecture for iot-based blockchain, Ad Hoc Netw. 133 (2022), 102882. industrial iot, Sensors 21 (2021) 3838.
[52] K.V. English, I. Obaidat, M. Sridhar, Exploiting memory corruption vulnerabilities [77] M. Plaza-Hernandez, A.B. Gil-Gonzalez, S. Rodríguez-Gonzalez, J. Prieto-Tejedor,
in connman for iot devices, in: 2019 49th Annual IEEE/IFIP International J.M. Corchado-Rodríguez, Integration of iot technologies in the maritime industry,
Conference on Dependable Systems and Networks (DSN), IEEE, 2019, pp. 247–255. in: International Symposium on Distributed Computing and Artificial Intelligence,
[53] M. Zubair, D. Unal, A. Al-Ali, A. Shikfa, Exploiting bluetooth vulnerabilities in e- Springer, 2020, pp. 107–115.
health iot devices, in: Proceedings of the 3rd International Conference on Future [78] E. Balandina, S. Balandin, Y. Koucheryavy, D. Mouromtsev, Iot use cases in
Networks and Distributed Systems, 2019, pp. 1–7. healthcare and tourism, in: 2015 IEEE 17th Conference on Business Informatics,
[54] O. Friha, M.A. Ferrag, L. Shu, L. Maglaras, K.K.R. Choo, M. Nafaa, Felids: federated IEEE, 2015, pp. 37–44.
learning-based intrusion detection system for agricultural internet of things, [79] T. Anagnostopoulos, P. Kostakos, A. Zaslavsky, I. Kantzavelou, N. Tsotsolas,
J. Parallel Distr. Comput. 165 (2022) 17–31. I. Salmon, J. Morley, R. Harle, Challenges and solutions of surveillance systems in
[55] P. Illy, G. Kaddoum, K. Kaur, S. Garg, Ml-based Idps Enhancement with iot-enabled smart campus: a survey, IEEE Access 9 (2021) 131926–131954.
Complementary Features for Home Iot Networks, IEEE Transactions on Network [80] R. Hassan, F. Qamar, M.K. Hasan, A.H.M. Aman, A.S. Ahmed, Internet of things and
and Service Management, 2022. its applications: a comprehensive survey, Symmetry 12 (2020) 1674.
[56] M. Abutaha, B. Atawneh, L. Hammouri, G. Kaddoum, Secure lightweight [81] N.M. Karie, N.M. Sahri, P. Haskell-Dowland, Iot threat detection advances,
cryptosystem for iot and pervasive computing, Sci. Rep. 12 (2022) 1–15. challenges and future directions, in: 2020 Workshop on Emerging Technologies for
[57] S. Hashemi, M. Zarei, Internet of things backdoors: resource management issues, Security in IoT (ETSecIoT), IEEE, 2020, pp. 22–29.
security challenges, and detection methods, Trans. Emerg. Telecommun. Technol. [82] J. Ploennigs, J. Cohn, A. Stanford-Clark, The future of iot, IEEE Internet Things
32 (2021) e4142. Mag. 1 (2018) 28–33.
[58] V. Papaspirou, L. Maglaras, M.A. Ferrag, A Tutorial on Cross Site Scripting Attack- [83] A. Derhab, M. Guerroumi, A. Gumaei, L. Maglaras, M.A. Ferrag, M. Mukherjee,
Defense, 2020. F.A. Khan, Blockchain and random subspace learning-based ids for sdn-enabled
[59] B. Vignau, R. Khoury, S. Halle, 10 years of iot malware: a feature-based taxonomy, industrial iot security, Sensors 19 (2019) 3119.
in: 2019 IEEE 19th International Conference on Software Quality, Reliability and [84] D. Hanes, G. Salgueiro, P. Grossetete, R. Barton, J. Henry, IoT Fundamentals:
Security Companion (QRS-C), IEEE, 2019, pp. 458–465. Networking Technologies, Protocols, and Use Cases for the Internet of Things, Cisco
[60] B.R. Nabiyev, Investigation of computer incidents for cyber-physical infrastructures Press, 2017.
in industrial control systems, in: Cybersecurity for Critical Infrastructure Protection [85] K. Georgiou, C. Blackmore, S. Xavier-de Souza, K. Eder, Less is more: exploiting the
via Reflection of Industrial Control Systems, IOS Press, 2022, pp. 125–130. standard compiler optimization levels for better performance and energy
[61] P. Chaudhary, B. Gupta, A. Singh, Adaptive cross-site scripting attack detection consumption, in: Proceedings of the 21st International Workshop on Software and
framework for smart devices security using intelligent filters and attack ontology, Compilers for Embedded Systems, 2018, pp. 35–42.
Soft Comput. (2022) 1–16. [86] N.F. Polychronou, P.H. Thevenon, M. Puys, V. Beroulle, A comprehensive survey of
[62] Z. Cui, Y. Zhao, Y. Cao, X. Cai, W. Zhang, J. Chen, Malicious code detection under attacks without physical access targeting hardware vulnerabilities in iot/iiot
5g hetnets based on a multi-objective rbm model, IEEE Netw. 35 (2021) 82–87. devices, and their detection mechanisms, ACM Trans. Des. Autom. Electron. Syst.
[63] P.K. Sadhu, V.P. Yanambaka, A. Abdelgawad, Internet of things: security and 27 (2021) 1–35.
solutions survey, Sensors 22 (2022) 7433. [87] M. Pincheira, M. Vecchio, R. Giaffreda, S.S. Kanhere, Cost-effective iot devices as
trustworthy data sources for a blockchain-based water management system in
precision agriculture, Comput. Electron. Agric. 180 (2021), 105889.
13