1. Introduction
There has been tremendous growth in the use of the Internet of Things (IoT) [
1] in our daily lives. The IoT enhances Web-enabled applications, where ‘everyone’ (e.g., people) and ‘everything’ (e.g., systems, machines, equipment, devices, etc.) in a physical or virtual world can be connected over the Internet [
2]. The rapid growth in the number of smart devices (e.g., smart phones, tablets, intelligent circuits, sensors, actuators, etc.) makes it more convenient to use IoT applications and services than ever before [
3]. It is predicted that the number of devices connected to Internet will be 28.5 billion in 2022, up from 18 billion in 2017 [
4]. On an individual basis this will mean 3.6 networked connected devices per capita by 2022, compared to 2.3 in 2016. The average number of devices and connections per household and per Internet user is predicted to increase by 51% by 2022. This trend will also increase the annual global Internet traffic, which is predicted to reach 4.8 ZB (zetta-bit) per year by 2022 [
4]. This signifies the potential scale of the IoT where billions of
things will be connected via the network. With an increase in scale comes an increase in the value of the data stored, processed and transferred and the attacks upon them. In other words, these forecasts indicate that the number and sophistication of attacks and threats against these embedded devices will continue to rise and therefore greater security measures are needed [
5,
6,
7]. In such, how to protect the sensitive information from unauthorized users and services by considering the core security requirements when designing an IoT architecture is a significant issue. Note, for our purposes, a
thing is one or a set of users, devices, services and applications, and similar entities.
1.1. Problem Statement
The term ‘IoT’ was popularized by the innovative work of the Massachusetts Institute of Technology (MIT) Auto-ID Centre. The first documented evidence of the use of the term ‘The Internet of Things’ was by Kevin Ashton, the co-founder of the MIT Auto-ID Centre, in the year 1999 [
8]. The IoT connects all the devices in a physical domain with the Internet to communicate with each other for faster and easier service. The IoT represents a view in which the traditional Internet extends into real-world objects (e.g., food, clothing, furniture, paper, landmarks, refrigerator, etc.) and enables each object with the ability to gather, process and act on information in a
smarter way. These objects, acting as sensors or actuators, are able to interact with each other in order to reach a common goal (e.g., quality and service) by connecting all smart
things to the current Internet [
9]. Therefore, the prospect for the IoT is to deploy a ubiquitous environment where the subjects (i.e., people) and the objects (i.e., resources), that are addressable and communicable, will be connected over a network platform to leverage the benefits for both society and technology on a large-scale, so that human users are unobtrusively assisted by technology in performing everyday activities [
10].
Major issues for a wider deployment of IoT systems include: limited storage and processing capacity of the
things, concerns regarding reliability in performance, availability in communication mediums, accessibility any-time and any-where, interoperability in a heterogeneous environment, data management performance and security and privacy [
11,
12,
13,
14,
15,
16]. Due to the resource-constrained nature of the IoT devices, it is hard to enforce traditional heavy-weight security mechanisms within these devices. Moreover, due to the inadequate physical security of the
things, they can be easily attacked [
17]. For example, unauthorized access to the resources (both service and network) can be carried out over unsecured wireless connections [
18]. Examples of such attacks include targeting the control of IoT-enabled automobile systems (for example, remotely attacking an automatic car) [
19] and hacking critical IoT-enabled medical devices (for example, altering the dosage of drugs administered to a patient after remotely controlling the drug infusion pumps) [
20]. In 2016, an attack called ‘Mirai Botnet’ [
21] infected numerous IoT devices (in particular older routers and IP cameras) then flooded dynamic DNS service provider with network traffic via a DDoS (Distributed Denial-of-Service) attack. This particular attack illustrates that IoT devices have been lagging behind in terms of security. In fact, the hacker’s main entrypoints into these devices were by using default hardcoded factory username and passwords. In Finland, in 2016, attackers gained unauthorized access to the systems controlling facilities in an apartment and shut down the central heating and hot-water systems [
22].
This summary indicates the need to protect IoT systems and resources from potential threats and attacks not only in internal networks but also originating from networks that span multiple jurisdictions. With the sensitive nature of the IoT and its dynamic characteristics, many of these issues cannot be addressed with a simple software patch or commonly used security measures [
23,
24,
25]. Security solutions for the IoT need to be designed for their intended context, the IoT. Enforcing security policies and developing appropriate security requirements for the IoT has not only become an essential issue but also an obligation. In this paper, our intention is to investigate the security requirements that need to be met by any proposed solution for a secure IoT system. Note, a comprehensive security analysis for an IoT system (e.g., vulnerabilities, attacks mechanisms and their countermeasures) is omitted in this paper, we direct interested readers to the specific security analysis papers cited in various sections.
1.2. Contributions
The IoT enables the connection of a very large-scale quantity of devices, users and their associated services and applications, enabling them to interact with one another. While this improves the users’ experience, it also poses multiple security issues [
26,
27,
28]. Numerous proposals to address the security issues of the IoT have been advanced and address areas such as access control, privacy, trust, identity, etc. [
29,
30,
31]. Most of these focus on solutions to individual issues. A few surveys, e.g., [
32,
33,
34], address the security issues of an IoT system in terms of a layer-based approach (i.e., security specific requirements in each architectural layer) and discuss the requirements of each layer individually. These approaches explore the security requirements against commonly known metrics e.g., resource limitation, fault tolerance, heterogeneity, authentication, confidentiality, access control and do not provide a detailed requirement for a large-scale dynamic system such as the IoT.
Several works discuss IoT applications and different frameworks based on technology, issues and applications [
35,
36,
37,
38,
39]. Others list the system challenges when integrating cloud and IoT-based applications [
40]. While a few of them (e.g., [
41]) briefly outline some security requirements, most of them lack a justification for the security requirements presented, particularly in the context of the integrated services, applications and domains of the IoT.
In [
42] the authors discussed various security challenges for the IoT and state of the art efforts to resolve these challenges. The security challenges discussed include privacy, light-weight cryptographic framework, secure routing, robustness and resilience management, and insider attack detection. However, how these challenges help to constitute appropriate security requirements for the IoT systems is not discussed in this proposal. With a similar view to [
42,
43] presented a comprehensive study listing security issues and corresponding defence mechanisms for the IoT. Through an empirical study, it attempted to deliver an insight into the security requirements of IoT systems. However, the contributions are limited to the IoT security issues and without a detailed discussion on the actual security requirements needed for an IoT system.
To the best of our knowledge, as of today, there is no complete set of requirements for an IoT security architecture that fully addresses all the needs of an IoT system [
30,
44]. This creates significant challenges for the secure, robust, and scalable deployment of IoT applications and services. We note, the present security architectures do not adequately identify and integrate the characteristics and security-specific requirements of an IoT system. The wider scale of the IoT systems and the vast range of applications will require a security architecture whose design must take full account of different characteristics of such sysytems [
45]. In this paper, we try to bridge the gap by synthesizing the existing proposals of the state of the art security requirements for the IoT in a single manuscript. In particular, we aim to address the following key research question:
what are the requirements for the design and provision of security for the IoT?Most of the aforementioned proposals do not differentiate between various security challenges and security requirements for the IoT. In other words, they do not discuss the technical issues and characteristics required to derive the list of security requirements for an IoT system. While a few of them address the requirements on an individual level, they do not focus on a comprehensive survey. Some surveys also ignore important IoT issues e.g., self-healing and openness. We intend to examine the critical security requirements for the IoT mainly by surveying the existing state of the art in this field, and compare and contrast the available proposals with one another. In this paper, our approach is three-fold: (1) we outline the potential threats and attacks in an IoT system, (2) we examine the available security requirements for the IoT, and (3) we study and analyse how those requirements can be employed to design a secure IoT architecture. While the list of works discussed above provides a basic foundation for understanding security requirements of the IoT, our survey differs from previous proposals in many ways. To the best of our knowledge, this survey provides the most comprehensive and the detailed discussion on the security requirements of an IoT system. In particular, the major contributions of this paper are:
We examine and map the various threats and attacks to an IoT system into five distinct areas, namely communications, device/services, users, mobility and integration of resources. This helps to guide the derivation of unique security requirements for the IoT.
Compared to the existing proposals in the field of the IoT security, we provide a comprehensive discussion of the IoT security requirements in a systematic way, and present a critical discussion of the employments of such requirements to design an IoT security architecture.
Based on the investigation, we indicate the employment of specific security requirements for the each layer of an IoT security architecture. Our approach considers both the technological and architectural point of views of an IoT system.
1.3. Organization and Roadmap
The rest of the paper is organized as follows. In
Section 2, we present a brief introduction of IoT. This covers various definition of IoT. In
Section 3, we discuss a generic IoT security architecture and provide an outline of different architectural layers. We briefly discuss some example application areas for the IoT in
Section 4. In
Section 5, we list various threats and attacks exist in an IoT system in a systematic way. This strategically covers the various potential threats and attacks in an IoT system into five distinct areas. We present related works in the state of the art IoT security requirements in
Section 6. We present our approach to IoT security requirements in
Section 7. In
Section 8, we summary the lessons learned and discuss the various security requirements for different layers in an IoT architecture. Finally, we conclude the paper in
Section 9.
3. IoT Security Architecture
The goal of this section is to discuss an IoT security architecture. There are several IoT architectures proposed in the literature, for example [
54,
55,
56,
57,
58]. Many of them proposed a three-layer architecture (e.g., [
59,
60,
61]) composed of application, network and perception layers. A few of them (e.g., [
44]) propose a four-layer architecture consists of sensing layer, network layer, service layer and application-interface layer. However, there is no generic architecture for the IoT that has converged to a commonly used reference model. In contrast to the three and four layers architectures, Ref. [
56] argues for the support for a five-layer architecture for IoT applications and services. The layers used there are, from bottom to top, objects, object abstractions, service management, application and business. While we agree that multiple layers are necessary to capture the complexity of the IoT, we consider that this particular model glosses over the details of the physical structure of such systems.
Previous work on security (e.g., [
44]) has followed the layered architecture approach for the IoT. However, the approach taken has typically been fairly simplistic, dividing security functionality between the layers. This ignores both the complexity of the IoT and the need to provide similar security functionality in different places and in different forms. For example, authentication will be needed both for individual devices and for applications. However, whether the same mechanism, or even the same credentials, could be used in both cases is unclear in a general sense. Note, this is dependent on the specific architecture of each system, and therefore, it is not explicitly stated. Therefore, we propose a model which is layered in both the horizontal and vertical planes. The horizontal planes cover the architectural components of the IoT, from devices, through the connecting network to service composition up through applications to the end-user. The vertical planes cover security services, e.g., authentication, authorization, identity management, trust management, key management, etc. As noted above, these may be required at various system architecture levels. Even if the mechanisms at each level are not the same, they will need to inter-operate.
We argue that the functional components of an IoT architecture should encapsulate the diverse security requirements and various security issues of this context [
62]. The architecture should enable the achievement of security for devices, networks, data repository, services, applications and users. Therefore, based on analysis of the previous works, we suggest a five-layer, three-dimensional IoT security architecture (cf.
Figure 1). However, unlike the other architectures (e.g., [
44]), where users and applications reside in the same layer, we separate the users from the application layer and situate them on the top of it. This will better help to scale the vast amount of users in a large-scale IoT system and address user-specific security issues. Note, our architecture is superficially similar to [
44] (which has four layers, namely sensing, network, service and interface) and supports the arguments discussed in [
56]. To the layers of the architecture, we add another dimension to explicitly include the need for core security functionality at each layer of the architecture. Essentially the architecture employed here is that of [
44], with the final layer divided into users and application to better represent their individual needs and security issues and, more importantly, the addition of the extra dimension of security.
The five layers (bottom-up) are: device sensing layer, network management layer, service composition layer, application layer and user interface layer. Each layer contains the architectural elements that are necessary to collect, store, compute, process and communicate information between the architectural elements and between the layers. To the plane these layers constitute we add another, consisting of some basic security requirements e.g., authentication, authorization, identity management, trust management and key management. Please note that this list of basic security requirements is not exclusive and will likely need extending. The results is a horizontal plane delivering the security required at each level and a vertical plane consisting of system functionality. We now present a brief outline of each layer in the vertical plane. This includes the core components, major functionalities and common security issues for each layer.
3.1. Device Sensing Layer
The first layer is composed of smart IoT sensing devices e.g., smart phones, RFID tags, sensors and actuators, etc. These components are able to automatically sense, collect and measure the various physical parameters e.g., temperature, humidity, location etc. Devices can store collected information inside themselves and sensors can store information into predefined sensor hubs (e.g., a microcontroller unit) to process them.
The major functionalities of this layer are data sensing and data acquisition. Standardized plug-and-play mechanisms can be used with the various sensing devices. Furthermore, considering the scale of the number of
things in an IoT system, sensing devices may be deployed simultaneously or over time according to the environmental context and practical requirements [
63]. Regardless, security is an important issue in their deployment and use. Common security issues in this layer include authentication of the
things (i.e., sensing devices in general), authorization and access control as well as the availability of infrastructure and networks for a seamless integration of
things for data access.
3.2. Network Management Layer
The second layer is the network management layer. This layer is composed of different wired and wireless networks, cloud computing services and big data repositories. Major functionalities of this layer include data aggregation, Quality of Service (QoS), scheduling, etc. It is also responsible for transmitting data to the next IoT architectural layer. The networks in this layer potentially combine heterogenous equipment and help to transmit data among different components within this layer (and to the next architectural layer) using technology including 3G, 4G, GSM (Global System for Mobile Communication), UMTS (Universal Mobile Telecommunications System), WiFi, Bluetooth, etc. The presence of cloud computing services and big data repositories enable a variety of different technologies to perform seamlessly by deploying, managing and scheduling of various network services [
64]. Other commonly used technologies in this layer are IPv6, 6LoWPAN (IPv6 over Low-Power Wireless Personal Area Networks), and RPL (IPv6 Routing Protocol for Low-Power and Lossy Networks). With the recent advancement, 6LoWPAN is a dedicated communication protocol in this layer that can fit well with the resource-constrained IoT devices. 6LowPAN is designed for IPv6 over IEEE 802.15.4. Similarly to 6LoWPAN, RPL facilitates communication in a resource-contained environment and specifically within constrained networks, e.g., wireless sensor networks [
65,
66]. Some common security issues in this layer include unauthorized access to sensitive information, modification of routing paths or even an attempt to make the IoT resource unavailable to the users by congestion of communication channels by Denial of Service (DoS) attacks.
3.3. Service Composition Layer
The third layer is the service composition layer. The major functions of this layer are analysis and processing of data that is collected from the network management layer. The service composition layer is built based on middle-ware technology that assists with information exchange for IoT applications among heterogeneous objects without any specific hardware and software requirements. It is intended to meet the needs of applications, application programming interfaces (APIs) and various service protocols [
67]. The major functional component of this layer is the service composition unit, which is responsible for event processing, creating service divisions, service monitoring, service configuration and performing various decision analytics according to the specific policy requirements and contextual information. Common security issues in this layer include service (or group) authentication, data confidentiality (includes leakage of private information from various data sources) and integrity.
3.4. Application Layer
The fourth layer is the application layer which provides smart IoT services to users. The major functional components of this layer are various applications which could be classified as, for example, smart home, smart city, smart transport, smart commerce and smart health, etc. [
67,
68,
69] (cf.
Section 4). The application layer is responsible for providing various services and at the same time determines a set of massage passing protocols at the application level [
70]. This layer is also responsible for data presentation, application maintenance, application access control and updating software and security patches for those applications. Standard interfaces using HTTP and HTTPS are widely deployed for this layer. However, more dedicated resource constrained application level protocols e.g., CoAP (Constrained Application Protocol), Message Queue Telemetry Transport (MQTT), Advanced Message Queuing Protocol (AMQP), eXtensible Messaging and Presence Protocol (XMPP), etc. are also used in this layer [
71,
72]. Common security issues in this layer include unauthorized use of access services, privacy leakage, resource unavailability, etc.
3.5. User Interface Layer
The fifth and final layer is the user interface layer. The interface provided to users and the
users themselves are the major functional components in this layer. This layer exports the system’s functionalities from the application layer to the end-users. It may use standard Web services (both for service protocol and service composition) to distribute the activities and services received from the application layer [
32]. Common security issues in this layer include authentication and authorization of users, unauthorized data access, data confidentiality, availability of services, etc.
Please note that the different layers have distinct security requirements based on the core security functionalities. For instance, key management in the device sensing layer deals with confidentiality, whereas it may also deal with integrity in the service composition layer. Similarly, identity management in the device sensing layer protects service privacy; however, it safeguards users’ privacy in the user interface layer. In
Table 1, we illustrate the core components, major functionalities and common security issues for each layer discussed above.
6. IoT Security Requirements: State of the Art
In this section, we provide some related work in the state of the art security requirements in the IoT. We take an analytical approach to the literature in order to examine and explain different security requirements, specifically why or how it is a requirement. The articles examined address a variety of concerns, for instance, the IoT and its general security issues, IoT security requirements, specific security problems and approaches within the IoT and IoT security architectures and their assessment. We observe that there have been a limited amount of previous work that specifically addressed security requirements for IoT as a central issue, with other work providing analysis of IoT security needs and architectures and security requirements treated as secondary issue. As noted by Alqassem [
140], providing specific security requirements for the IoT is both necessary and difficult.
Yang and Fang [
141] presented a security architecture for the IoT based on communication, control and computation aspects and discuss the basic IoT security issues e.g., authentication, access control and identity. However, how this architecture would address the characteristics of devices in the context of an IoT system (and the security of IoT services and applications) and exactly what requirements are being addressed, is unclear. The answers to questions about users’ interactions and systems scale are also missing.
Alfaqih and Al-Muhtadi [
142], and Sain et al. [
143] discussed IoT security requirements based on the different architectural layers (e.g., physical, network, application layers etc.) and examine communications between them. The critical issues e.g., fault tolerance, authentication, access control, privacy, and confidentially are discussed. However, how to combine these requirements for creating a secure IoT system is not addressed in this literature.
In [
144], Isa et al. presented a security architecture for the IoT. The architecture considers the issues of secure protocol for transferring a high volume of data between embedded devices. The proposed architecture is composed of four layers, namely hardware, firmware, operating system, and application. However, the proposal is limited to discuss the proposed protocol and no attempt is made to relate this architecture to examine wider IoT security requirements.
Heer et al. [
145] presented an IoT architecture and discuss the security needs of such an architecture considering the viewpoint of device life-cycle. The proposal considered an in-depth analysis, regarding the issues e.g., scale, heterogeneity, end-to-end security, and issues of centralized versus distributed architectures. However, the discussion is limited to the existing Internet protocols.
Several authors presented general security analyses of the IoT. For instance, Li et al. [
44] gave an IoT security analysis based on a four-layer model of the IoT. These layers are sensing, network, service and application-interface layers. While the authors address the issues of security, privacy and usability within the IoT, they do not directly address the issue of scalability in the number of
things within the system and do not propose any actual design. A similarly layered, but very different, architecture for the IoT was presented by Misra et al. [
146]. This architecture consists of four layers. (i.e.,
things, network, management and analytics). The architecture addresses the interaction between different physical and virtual
things, sensors and network services, data integration and management, and analytics of the collected data.
Roman et al. [
45] presented a view of IoT security, that includes edge intelligence, resource-constrained service provisions (at the edge of the network) and collaborations. Several approaches to IoT system design are discussed, including centralized, collaborative and distributed IoT. Features and security issues of distributed IoT are analysed in depth, but the paper does not provide any systematic analysis of security requirements for the IoT.
Abomhara et al. [
147] further considered the issues discussed in [
45], and explore the requirements of an IoT security architecture from the point of three core issues i.e., privacy for humans, confidentiality of business process and third-party dependability. While the paper recommends employing cryptographic techniques and light-weight security mechanisms into the
things located at the edge of the network and takes a useful application-based perspective, its final recommendations go little beyond traditional security issues of authorization, authentication, identity management, trust and key management mechanisms.
Sicari et al. [
30] proposed the construction of a scalable and structured IoT security architecture and propose security requirements e.g., integrity, confidentiality, authentication, privacy, trust and mobility. Apart from the conventional security requirements, this paper also examines the requirements for an end-to-end security integration and verification in IoT architectures. Unlike [
44], this paper focuses on the IoT security requirements from the logical (e.g.,
things interactions) and technological (e.g.,
things collaborations) points of view.
Unlike [
30], Kim et al. [
148] discussed IoT security requirements based on the IoT gateway systems considering the scale of the IoT in an open wireless network environment. The major issue they mention is the application of efficient light-weight cryptosystem for information security. However, they do not discuss the critical issues e.g., interoperability, cross-domain network management and communication security over multiple jurisdictions.
Singh et al. [
149] went beyond the requirements proposed in [
148], which focuses on a particular security domain, and explore security requirements for cloud-supported IoT systems. They mainly focused on the security provisions from the perspective of cloud-tenants, end-users and cloud providers while integrating them in the IoT. The significant issues of wide-scale, cross domain platform and the case of multiple jurisdictions have been taken into consideration. The paper also presents a detailed discussion on the scalability, access control, identity encryption, trust, location privacy both for the users and the
things, composite service management supporting a decentralized network architecture. Likewise [
148], this paper emphasizes the importance of the light-weight key management systems for IoT devices, given their limited battery and processing capability.
Similar to [
149], Zhou et al. [
150] discuss security and privacy issues for the cloud-assisted IoT systems. However, unlink [
149], this paper is limited to the security issues in the context of secure packet forwarding.
Babar et al. [
151] discussed a threat taxonomy for the IoT and propose high-level of security requirements. Apart from mobility, scalability and access control, they explored diversity in the computational abilities of the IoT devices. The authors argued that IoT systems should be resilient to attacks, i.e., the system should avoid single points of failure. They also mentioned the need for data authentication, client’s privacy, secure storage and communication and tamper resistance (i.e., maintain the device security even if the device is accessed by the malicious users).
Al-Fuqaha et al. [
56] presented an overview of IoT security in regards to enabling technologies, protocols, services and applications. The paper outlines the security challenges including availability, reliability, performance, mobility, scalability, interoperability and trust. It also provides an overview of security requirements for the IoT based on different architectural layers e.g., physical, network, application, etc. In a similar way of [
56], Gluhak et al. [
152] discussed the security requirements for the IoT based on scalability, heterogeneity, reputability, federation (i.e., one security domain can access resources on another security domain), concurrency and mobility. However, unlike [
56], this paper focuses the security requirements in the context of experimental IoT research (i.e., evaluation based on the realistic conditions in real-world experimental deployments).
Similar to [
152], Huang et al. [
153] discussed security issues for the IoT and outline the security requirements based on real-world experiments that investigate three different IoT scenarios, namely body IoT (e.g., wearable IoT-enabled healthcare devices), home IoT (e.g., intelligent sensor for tuning on and off lights) and hotel IoT (e.g., IoT enabled smart hotspots). However, their approach to security requirements is very low level and context dependent, for example including issues e.g., ‘door access control system’ and ‘hotel payment’. This makes their approach difficult to generalize to analyse IoT security requirements.
Yaqoob et al. [
154] presented a taxonomy for the IoT, including architectures, topologies and enabling technologies. They also present a four layer architecture, with security located in one of the four layers (management and security services). They discuss several requirements for an IoT architecture e.g., resource control, energy awareness, interoperability, QoS, interference management and security. They also list some of these as open challenges and also include the other issues e.g., scalability, flexibility and mobility. While they do not give precise security requirements, their more general approach can contribute to the discussion. They further emphasise that the security requirements must support remote resource management and proper resource use.
Alam et al. [
155] discussed interoperability issues between different administrative domains for the IoT. They list standard security requirements: confidentiality, integrity, availability, authentication, authorization, access control, trustworthiness, and auditing. While they presented a practical reference architecture and a real-world experimental test-bed, they do not present IoT specific security requirements. In particular, their discussion gives very little emphasis to scalability.
Cirani et al. [
156] examined security needs for the IoT within the context of the IP (Internet Protocol). They analysed existing Internet protocols used in the IoT to arrive at security challenges and requirements. Their main conclusion was around the need for light-weight protocols to deal with the scale of the IoT and the nature of IoT
things. While we agree with this conclusion, [
156] does not offer any more in the way of IoT specific security requirements, instead relying on basic security properties of confidentiality, availability, integrity and authentication.
Several other proposals also outline the importance of IoT security and discuss various security requirements. For instance, Hossain et al. [
157], and Park and Shin [
158] listed IoT security requirements that include data integrity, information protection, anonymity, non-repudiation and data freshness (i.e., real-time data). Alqassem [
140] discusses IoT security requirements from a heterogeneous network’s perspective, here the author focuses on secure and private connections and transactions.
Other contributions discuss IoT security requirements based on large-scale applications, specific to technological consequences of the IoT. For instance, Schaumont [
159], and Jaiswal and Gupta [
160] discuss security issues aligned to IoT-enabled healthcare systems, and outline the challenges and security requirements. Along with the traditional security requirements of access control, authentication, authorization, the authors argue the need for self-healing, trust, fault tolerance and light-weight key management protocols.
Many other existing approaches (e.g., [
161,
162,
163,
164]) pose authorization, authentication, confidentiality, access control, trust and identity management as the core security requirements for an IoT system. In addition to these requirements, a few studies (e.g., [
165,
166,
167,
168,
169,
170]) discuss other general security requirements e.g., network security, application security, layer security, bootstrapping security, configuration, data integrity, firewalls, anti-virus and encryption functionality and secure routing. We consider these generic as such requirements are necessary for most, if not all, application areas.
In
Table 4, we summarize the potential security requirements for an IoT system that are discussed in the aforementioned proposals. The requirements highlighted in ‘red colour’ can be regarded as ‘standard’ security requirements.
8. Discussion and Lessons Learned
In this section, we summarize the lessons learned from the aforementioned analysis of requirements for IoT security. Most of the work discussed in
Section 6 identified the necessity for IoT security requirements by addressing generic or standard security needs. These are the common requirements for providing security for any computing system, and obviously need to be addressed within the specific context of the IoT. In addition, there are other requirements specific to the IoT, as discussed in
Section 7. Please note that not all requirements will apply in the same way in all aspects of an IoT system. We have also observed that threats and attacks can occur at multiple points within an IoT system both in terms of components (the physical
things that make up the system) and logically (at the various points of the system architecture).
We noted that the previous proposals identified various requirements for the provision of an IoT security architecture. For example, Isa et al. [
144] and Babar et al. [
151] mention physical attacks on devices. The issues of heterogeneity and scale of IoT systems are mentioned by several proposals (including [
44,
45,
146,
148,
149]). Proposals, for instance, Abomhara et al. [
147] and Gluhak et al. [
152] identify the need for light-weight security solutions for the resource-constrained IoT devices, an issue also noted by Heer et al. [
145]. The issues of centralized versus distributed approaches, are considered by several authors (e.g., [
30,
45,
145,
146,
147,
171]). It can be seen that there are trade-offs involved in the question of centralized versus distributed approaches. On the one hand, too much decentralization risks a loss of control and vulnerabilities occurring in the independent components. On the other hand, too much centralization risks the creation of unscalable solutions. Several proposals discuss the scalability issue of the IoT in terms of the devices and users. However, a few of them examine the scalability issue in terms of the differing needs that is composed of services and applications. While Li et al. [
44] propose a layered security model for the IoT, the distribution of functions to layers resembles inconsistent, for instance, user authentication is retailed only at the service layer and not the application layer.
Based on the forgoing analysis, we have introduced a set of security requirements for an IoT security architecture. We observed that some of these requirements can be employed as an individual requirement and some others can relate to each other to be grouped together to present a more manageable set of requirements. For instance, identity management, end-to-end security and decentralized management can be seen as an individual requirement, whereas, robustness/self-healing/reliability/real-time/data-freshness can be grouped together to present a manageable set of requirements. Once again, it is worth mentioning that the generic or standard security functionality will need to be provided throughout the architecture potentially at difference levels of granularity.
Recall, in
Section 3, we have illustrated different layers of an IoT security architecture (shown in
Figure 1) and outlined some common security issues for each layer. Here, at first we briefly recall some notable security issues in each layer of the IoT security architecture in the light of our discussion presented in
Section 5. Then we consider each layer of the architecture and show how our proposed requirements apply.
8.1. Security Requirements for the Device Sensing Layer
The common security issues in the device sensing layer are authentication, authorization, access control and identity management for the devices. Among others, physical attacks, device subversion attack, device degradation and devices’ data access are major threats and attacks for this layer. Important security requirements in this layer are light-weight security solutions, support for composition/heterogeneity/interoperability and robustness/self healing/reliability/real time/data freshness. Recall, the security design must be light-weight in order to make their compatibility within the constrained IoT devices. Furthermore, given the constrained nature of the IoT devices, the security provision could be arranged in a decentralized way, placing them as close as to the devices themselves. Additionally, the design must support efficient identity management for allowing access against legitimate devices for an authorized service, partially rely on underlying infrastructures. The support for mobility/dynamic in this layer is crucial, as the devices can move from one location to another frequently within their life-cycle. The security proposals must also support the scalability/incremental deployment, as the devices can be dynamically added to the system at scale.
8.2. Security Requirements for the Network Management Layer
Among others, issues e.g., routing attack, active data attack, passive data attack, flooding, dynamic topology/infrastructure, cross domain administration and multiple jurisdictions are major pitfalls in this layer. Major security requirements for the network management layer are the support for composition/heterogeneity/interoperability, light-weight security solutions for communications, scalability/incremental deployment in technologies and networks, the federation of administration domains and support for mobility/dynamic. The employed security mechanisms could be placed in heterogeneous network infrastructures e.g., cloud or physical servers. These mechanisms must be scalable and ensure communication security and privacy leakage by fortifying data integrity during the life-span of the network. The federation of administration domains must be considered for managing networks in different authorities and multiple domains. The design, in addition, need to support the mobility/dynamic in communications and routings within a certain network or between multiple networks.
8.3. Security Requirements for the Service Composition Layer
Notably, flooding, devices’ data access, data confidentiality, cascading resources and interoperability are significant security issues in this layer. Major security requirements in this layer are robustness/self healing/reliability/real time/data freshness, scalability/incremental deployment in the number of services, composition/heterogeneity/interoperability in service management. These requirements would help to satisfy the common need of trustworthy data management that must capable of doing event processing, service division/integration, service decision, service monitoring, service configuration and performing various decision analytics according to the policy requirements and contextual information. Other essential requirements for this layer are the support for decentralized service management. Supporting decentralized management, security provisioning could be placed locally (i.e., within the IoT devices) or these could be placed in a decentralized data repository based on the system’s requirement. In addition, the design must support transiency/ephemeral to support interactions among the services without an unnecessary overhead.
8.4. Security Requirements for the Application Layer
Threats and attacks e.g., cascading resources, interoperability and multiple jurisdictions are major concerns in this layer. Significant security requirements for the application layer are robustness/self healing/reliability/real time/data freshness in data presentation, composition/heterogeneity/interoperability in application maintenance, light-weight security solutions of access control and end-to-end security provisioning for the applications. Most of the existing applications come with the distinct apps that contain service-specific functionality to provide essential smart services and communication interfaces directly to the end-users. However, these applications are more likely to be vulnerable to possible attacks. In addition, the design should scale the number of applications which shows the ability to support an increasing number of applications without any degradation in the QoS. The security design needs to support privacy (both data and location) when dealing with various applications that evolve and transform in response to threats.
8.5. Security Requirements for the User Interface Layer
Common security issues, among others, in the user interface layer include authorization, authentication, access control and identity management for the users. Importantly, trust, data confidentiality, behavioural threats and tracking and location privacy are some major concerns in this layer. Major security requirements for the user interface layer are end-to-end security, support for mobility/dynamic, scalability/incremental deployment, composition/heterogeneity/interoperability and decentralized management. The employed security design in this layer must follow the adaptation of encryption protocols for ensuring end-to-end secure communication between the users. These security provisioning could be placed inside a user’s device or within some local operators controlling the devices through authorized remote maintenance supporting the decentralized service management. The security design also need to support the scale in the number of users within the system to offer efficient services. Nevertheless, it is also necessary to employ flexible identity management mechanisms to protect user’s privacy.
In
Table 7, we outline some notable security requirements in different layers of the IoT security architecture that we illustrated in
Figure 1.