Security Issues and Challenges in IoT

Dr. Kahkashan Tabassum Dr Ahmed Ibrahim Dr Sahar A. El_Rahman

Dept. of Computer Sciences, CCIS, Dept. of Computer Sciences, CCIS, Faculty of Engineering, Shoubra Benha
Princess Nourah Bint Abdulrahman Princess Nourah Bint Abdulrahman University, Cairo, Egypt
University, Riyadh, KSA. University, Riyadh, KSA. Princess Nourah Bint Abdulrahman
[email protected] [email protected] University, Riyadh, KSA.
0000-0001-7150-9830 [email protected]

Abstract—The Internet of Things (IoT) supports a wide range of considered to have a fantastic prospective that can fill the gap
applications including smart cities, traffic congestion, waste or barriers which existed within various technologies until
management, structural health, security, emergency services, recently.
logistics, retails, industrial control, and health care. IoT is mega-
technology that can establish connection with anything, anyone, II. BACKGROUND AND RELATED WORK
at any time, place, service on a platform and any network. It has
a great impact on the whole block chain of businesses, smart This section discusses the security issues and challenges
objects and devices, systems and services that are enabled by in IoT in various fields and the survey is organized as
heterogeneous network connectivity and is developed as a smart follows: First part of this section discusses general IoT
pervasive framework of smart devices. IoT devices are in use in security[1], which is followed by a survey[2] based on deeper
many fields, they connect to complex devices, interface with insight on the IoT data transfer in the form of Big data. The
hostile environments and are deployed on various uncontrolled next part is organized from [3][4][5] and deals with the
platforms, therefore faces many security issues and challenges. description about the challenges that are faced by IoT and Big
Since the IoT offers a potential platform for integrating any type
Data security, the final section presents the secure applications
of network and complex system it could encounter vulnerabilities
inherent to the individual systems which are available within the
of IoT business analytics and Health informatics. The survey
integrated network. This research paper is a study of the security in paper [6] expresses the IoT business collaboration, safety,
issues of the individual systems responsible for IoT and confidentiality, the researchers in [7] discuss about IoT
interconnection and their impact towards the integrated IoT business collaboration with financial perspective and
system. highlights its benefits. In [8] the researchers have illustrated a
real-life example about a specific industry and how the IoT
Keywords— Big Data Analytics, Network security, Device security, steps can be applied to a real-life scenario to secure it. In the
Internet of Things. modern age, it is of the utmost importance for any business to
incorporate some features for optimal operation. One of which
I. INTRODUCTION
is security, this links back to the huge size of data that is being
IoT devices are currently used in almost every area may it exchanged between devices. The current technology is striving
be industrial, educational, medical or business. IoT connects to advance towards development of deep learning analysis of
complex devices together, it can interface with a the security architecture and features of IoT. The research
heterogeneous set of environments deployed on various status of key technologies including encryption mechanism,
platforms. Since the IoT provide integration of many types of security layers, cryptographic algorithms are reviewed and
networks and complex systems, it is exposed to security discussed amongst these survey papers . All that was
challenges and issues that are already a part of the individual discussed in [1] has an effect on business in the modern age.
systems involved in its framework or available within its [2] explores the potential impact of large data challenges,
integrated network. This paper targets the real challenges for research efforts directed towards the analysis of IoT data, and
the clients from both the hardware (embedded server) and various tools associated with its analysis. It discusses some
software perspectives. Most of the connected devices that problems and challenges presented by big data, one of which
seem to be functional are at a risk due to reasons that they being the acquisition of knowledge from IoT data. The authors
may be hacked by hackers and the whole business may suffer discussed the relationship between Business Data
drawbacks. These issues explain how critical are the privacy Analytics(BDA) and IoT, examined various research topics,
and security to a system. The solution to these issues could be various opportunities generated by data analysis in the IoT
providing the customer with personalized devices that offer paradigm, challenges and tools used for BDA, and they
the system a high level of security through setting discussed the information security dimension of BDA. In the
personalized IDs, using MAC address security. public/private article, numerous types of analysis techniques were used. The
keys, digital signatures and certificates within the system. authors suggested the use of platforms to explore big data in
Unfortunately, there is no added cost for the system that numerous stages because Big Data platform has its own
chooses to offer security but instead the cost exists only for the individual approach. All types of devices communicate
system. IoT is the only technology in todays’ world which is together in numerous ways. They have to transfer enormous

978-1-5386-8125-1/19/$31.00 ©2019 IEEE

amounts of data between each other. This article [3] has to do and tested methods in the oil and gas industry with a
with Big Data delivery over the IoT. The purpose of this technological aspect. Which helps simplify most tasks and
article is to develop suitable algorithms for efficient increases efficiency, cutting costs and increasing output. IoT is
transmission of big data. The authors represented an a big way of facilitating tasks in these industries, in the sense
architecture system that will be an entire automated system of that IoT can be integrated into the infrastructure of these
sensor and body area networks that will be built into the industries. The article discusses IoT deployments and
appropriate topologies. protocols, which relates to IoT business analytics security. The
As mentioned previously there are many challenges in current article deals with a huge range of industries and cases
IoT security regarding business. This paper [4] debates some by implementing an equally huge number of devices and
of these challenges and talks about IoT business analytics network communication protocols. E.g. HTTPS, Access
security. The author’s research shows that almost all physical control, etc.
devices will be connected by an IoT by the year 2020. All
major businesses are vying for the IoT market. Amongst this III. PROPOSED APPROACH TO SECURE IOT
market is the IoT security market which will be one of the At first it may appear quite challenging to secure IoT but
most imperative markets in the IoT driven digital marketplace it can be achieved through planning at the beginning, since if
that the author’s research predicts. This article [5] aims to the security is considered in the initial stage it can solve
present mature research or work-in-progress results in all areas substantial IoT security issues. Generally, security is
focused on security in IoT architecture based on business implemented at organizational level after understanding and
processes and Business Analytics. It also discusses physical evaluating the overall risk related to the functionality of the
linkage in IoT between devices. The authors speak about how secure policies and standards. By evaluating the data security
IoT device linkage can have real life application, such as risks and the controls required to manage data with respect to
improving user experience. The article debates some problems the devices they operate on, as well as device security, any
organization can resolve IoT security issues maximum
that businesses might face from a security perspective when
possible extent. This strategy will simplify the implementation
dealing with IoT, for example, hacker interception. It shows
of any IoT framework and also provides the additional benefit
the way to avoid this by saying that IoT’s for collaborative to apply and integrate the existing proven security principles
business technologies must have a viable, efficient, and into the current technological environment. Thus this strategy
resilient security solution. Which help businesses believe in involves thorough understanding of deployed components,
the IoT as a solution of collaborative technologies. Businesses their restrictions and their implementation abilities. Therefore,
are aware of the financial and marketplace gain that IoT may every IoT device is based on a network stack mostly
incur, but they’re unsure of how to approach its consisting of wireless networking design and technology since
implementation. Article [6] proposes a method that businesses these IoT have their own operating systems(OS). The OS
might be able to use for implementing IoT into themselves. within the IoT devices could be locked down to secure them
The article hinges on partner collaboration and it shows how from any vulnerability due to attacks and threats which require
they might benefit from it. It also demonstrates how this regular monitoring of OS services or maintain proper
method has integrated the IoT framework strategy category, infrastructure security based on possible remedies. The
and its tactics. vulnerabilities due to insecurity leaves OS in a compromising
All businesses must care for the financial side of things, situation but protection can be achieved by constant vigilance
and this also applies to the IoT marketplace. This article [7] and organized maintenance programs or using a firewall.
argues about financial technology (FinTech) which employs However, to enable security using this strategy will be limited
technological advancements and sharing economy models to to a system with few devices otherwise it is required to
improve financing services. The article shows a proactive automate and synchronize in case of many devices which may
assist the system in avoiding human errors.
FinTech model that speaks of actual costs and potential
benefits in real time which they believe will offer attractive Since IoT devices rely on wireless technology based on
service value. FinTech is a fast-growing technology that has wireless Ethernet or Bluetooth for communications, these
been implemented by many businesses and IoT has the technologies can use critical updates and revisions of software
potential to be combined with it, which will mix these two to address prior vulnerabilities or use newer versions of
business powerhouses into a useful financial business tool. framework to quickly address the security threats. 1) The
The article acknowledges how this type of IoT implementation framework is dependent on the encryption techniques applied
might be an invasion into people’s privacy, it tries to outweigh between the communicating points to ensure end to end
this con by arguing that some people might be willing to forgo communication among the peers by using unique keys. 2)
the potential invasion into their privacy by stating that most Another layer of security includes any device attempting to
people will find that monetary benefit is more appealing than connect to the network depends on the enterprise preferences
for successful authentication process implementation. 3) The
maximum privacy. It specifically states that implementation of
third important layer consists of controlling and dividing
IoT will naturally invade people’s privacy, but there will be communication paths which is accomplished by grouping
benefits that will render the decrease in privacy acceptable. devices based on network types and functionality ( using
One example of businesses are the oil and gas industries. This Routers and Switches). Bluetooth firewalls and IP-based
article [8] discusses IoT business analytics security in this firewalls could be effective counter methods to implement
specific field. This same knowledge can be transferred over to cyber threats apart from controlling other devices on the
other fields of industry, which ultimately means the network. The next section IV discusses a suitable IoT
information can be applied to most businesses. The article framework based on three layers which could serve as a secure
expresses the economical trend of implementing already tried reference framework for IoT elements.
 IV. A SECURE IOT ARCHITECTURE
The IoT has a great potential, where its main aim is to
transform the way of performing different activities and
reform the living pattern of people in the recent world. Due to
this reason the IoT architecture differs based on type of
solution we intend to develop. IoT technology framework
mainly consists of four basic components( Sensors, Devices,
Gateways and Clouds). But there are several kinds of
challenges associated with IoT framework of devices and also
management of these devices. The focus of this paper is the
security issues and challenges from the IoT perspective which
in turn is based on internet security issues and security among
layers. A detailed discussion is provided below section. The
composition of IoT framework with respect to the three layers:
application layer, network layer and perception layer has to be
studied to understand the underlying issues and possible near
solutions to make the systems secure from the attacks (refer Fig. 2. IoT Security Challenges
Fig. 1) [11][12]. The major concerns in IoT development are
security and privacy issues as illustrated in [13]14]. The such as encryption where the most of this data is personal
security and privacy satisfaction requirements represent a [24][25],
primary role where the requirements implicate access control
through IoT networks, data confidentiality and authentication,
privacy[15][18] and trust between things and users, and the
reinforcement of privacy and security regulations (refer Fig.
2). The main requirements to secure IoT is to ensure that the
data is available for the authorized users at all times [19][20].
IoT has different applications with different economic impact
ranging from home to industry (Fig. 3) and it is remarkably
growing to allow the daily tasks to be a part of the global
network. As IoT grows, security challenges increase and the
approaches to secure the devices and the networks move
towards a greater autonomy in reacting to attacks and
perceiving threats, based on a systemic cognitive technique
[21]. Fig. 4 indicates the evolution of security requirements
[22]. Consequently, efficient security techniques are required
for embedded computing that are based on scarce resources,
applications and secure network protocols, such as Fig. 3. Impact of IoT in Industries
authentication techniques, credential and key management
[18][23]. Security plays an important role in IoT application whereas, the collection and usage of personal data is a privacy
development. Also, IoT applications gather enormous amount IoT challenge on its own. [26].
of data from a number of sensors (Fig. 5).

Fig. 1. IoT Architecture

So, this data needs to be protected by information security Fig. 4. Evolution of security requirements
algorithms
 Data collection a lot of devices that have a huge amount of data, it is
easy to retrieve the information from the nodes utilizing
Security and Privacy certain information retrieval mechanisms.
C. Application Layer Security issues
Services Semantics
This layer requires different security levels according to
the application requirements that make the securing
Resources IoT Objects application tasks complicated and hard. At this layer, the
security and privacy issues[12].
Fig. 5. Integration Requirements of IoT data
 Privacy: Personal privacy should be guaranteed for
A. Perception Layer Security issues each connection, where at times the methods that are
utilized to process and analyze the data may be weak
The main enabling technologies utilized in this layer are
Radio Frequency Identification (RFID), Wireless Sensor that can cause data loss and do huge damages to the
Network (WSN) and other types of identification and sensing system over a long period.
techniques. The most popular threat types privileged by this
layer are [11]:  Data Management: As the data collected in the system
is huge, its complexity grows that leads to a lot of
 Malicious Node: In this type of security threat, the resources being exhausted and complicated
malicious node is added to the existing system by the mechanisms for the data management and may also
antagonists over which they can disseminate malicious produce data loss.
data over the network, so as to infect the whole system.
 Node identification and Mutual authentication: For
 Node Capture: The nodes that exist in the network identifying the node to perform authentication different
gateway have a greater potential to be exposed that may degrees of access privileges are required in each
result in the important information leakage that risks the application and it is dependent on the number of users
entire network’s security. allowed by a specific application. This creates a serious
requirement for an effective Authentication scheme to
 Replay Attack: In the replay attack, the antagonist be implemented and utilized to prohibit any illegal
replays the previous messages to the destination node in access.
order to compromise the authentication scheme and
network trust.  Specific Vulnerabilities of Application: There exists
threats or vulnerabilities that can be used by the
 Distributed Denial of Service (DDoS) Attack: Denial of antagonists resulting in development of application
Service (DoS) DDoS attacks are the most popular and modules anonymous to the user.
easiest to conduct attacks through the networks. Where
they produce the unavailability of services and the V. CONCLUSION
exhaustion of network resources. Today it is estimated that over 23 billion IoT connected
devices exist worldwide and it is anticipated to rise and reach
B. Network and Transformation Layer Security issues 30 billion in near future within a year or two(by 2020)
The main threats in this layer are Network Intrusion, and more than 60 billion by 2025. This gigantic wave of new
Man-in-the-middle, eavesdropping, and DoS/DDoS. These IoT gadgets are cost affective. As the IoT connected devices
threats relate to integrity, confidentiality, and availability continues to escalate in the upcoming years, so will the
[15][25]. security threats for Data privacy and security associated with
these will rise. So, there is a tremendous need for
implementing security throughout the platforms being used to
 Issues of Scalability: IoT includes a huge number of
integrate IoT devices.
devices and sometimes large in size and these may
To summarize it is required to be thoughtful and make a
leave or enter the network many times, thus increasing
choice of IoT device based on the ability of security that can
the challenges such as network congestion, lack of
be provided by the device. To design a secure IoT framework,
authentication and authorization, a sharing
it is important to identify the limitation of IoT device, consider
environment, etc. It also consumes more resources.
the network infrastructure, the categories of vulnerabilities and
possibilities of organizational risks. It is required to build up a
 Heterogeneity: This makes the system vulnerable. The
strong network foundation to support IoT elements even
main reason the system suffers heterogeneity is the
though they grow fast in the environments (network), still the
involvement (and utilization) of various technologies
threats could be managed effectively and conveniently.
[27], network coordination and protocols security are
As a future work, our aim is to develop a real
difficult to preserve.
implementation of a secure IoT Framework and illustrate
 Data Revelation: The antagonist may be able to get how to address the IoT Security threats using wireless network
sensitive data from the network by utilizing social simulation and present the potential importance for
engineering mechanisms. Although the IoT network has supporting authenticated access to critical information.
 ACKNOWLEDGEMENTS 13. Ying-Cong Zhang, Jing Yu, “A study on the fire IOT development
strategy”, Procedia Engineering, Vol. 52, 2013, pp. 314-319.
We are thankful to the Head of Department of Computer
Sciences and the Research Unit of College of Computer and 14. Rishika Mehtaa , Jyoti Sahnib, Kavita Khannac, “Internet of Things:
Information Sciences, Princess Nourah Bint Abdulrahman Vision, Applications and Challenges”, International Conference on
Computational Intelligence and Data Science (ICCIDS 2018), Procedia
University for all the encouragement and support they have Computer Science, Vol. 132, 2018, pp. 1263-1269.
extended to carry out the research activities at the department
and college level. We would like to extend our sincere thanks 15. S. Sicari, A. Rizzardi, L.A. Grieco, A. Coen-Porisini, “Security, privacy
for the research awareness and motivation they have and trust in Internet of Things: The road ahead”, Computer Networks
Journal, Vol. 76, 2015, pp. 146–164.
developed for women empowerment. I also extend my sincere
gratitude towards their constant cooperation and guidance to 16. Mardiana binti, Mohamad Noor, Wan Haslina Hassan, “ Current
get the required resources and information for the research. research on Internet of Things (IoT) security: A survey”, Computer
Networks Journal, in press, Dec 2018.
REFERENCES https://doi.org/10.1016/j.comnet.2018.11.025
1. Hui Suo , Jiafu Wan , Caifeng Zou , Jianqi Liu, “Security in the Internet
17. Kazi Masum Sadique, Rahim Rahmani, Paul Johannesson, “Towards
of Things: A Review”, International Conference on Computer Science
Security on Internet of Things: Applications and Challenges in
and Electronics Engineering, IEEE Xplore Digital Library, 2012. Technology”, The 9th International Conference on Emerging Ubiquitous
Systems and Pervasive Networks (EUSPN 2018), Procedia Computer
2. Fabián Constante Nicolalde, Fernando Silva, Boris Herrera, Science, Vol. 141, 2018, pp. 199–206.
António Pereira, “Big Data Analytics in IOT: Challenges, Open
Research Issues and Tools”, World Conference on Information Systems 18. Mahmoud Ammar, Giovanni Russello, Bruno Crispo, “Internet of
and Technologies, Trends and Advances in Information Systems and Things: A survey on the security of IoT frameworks”, Journal of
Technologies, 2018, Part of book pp 775-788. Information Security and Applications, Vol. 38, 2018, pp. 8–27.

3. Andreas P. Plageras , Kostas E. Psannis, “Algorithms for Big Data 19. Kevin Ashton, “Internet of Things”, RFiD Journal, 2009.
Delivery over the Internet of Things”, IEEE 19th Conference on
Business Informatics (CBI), IEEE Xplore Digital Library, 2017. 20. Huansheng Ning ; Ziou Wang, “Future Internet of Things Architecture:
Like Mankind Neural System or Social Organization Framework?”,
4. Sachchidanand Singh , Nirmala Singh, “Internet of Things (IoT): IEEE Communications Letters, Vol. 15 , No. 4 , 2011, pp. 461–463.
Security challenges, business opportunities & reference architecture for
E-commerce”, International Conference on Green Computing and 21. Hugh Boyes, Bil Hallaq, Joe Cunningham, Tim Watson, “The industrial
Internet of Things (ICGCIoT), IEEE Xplore Digital Library, 2015. internet of things (IIoT): An analysis framework”, Computers in
Industry Jornal, Vol. 101, 2018, pp. 1–12.
5. Layth Sliman , Hachemi Nabil Dellys, “Security, Safety and 22. Arbia Riahi Sfar, Enrico Natalizio, Yacine Challal, Zied Chtourou, “A
Confidentiality in IoT for Collaborative Business Technologies (SSCIoT roadmap for security challenges in the Internet of Things “, Digital
Track of WETICE 2018)”, IEEE 27th International Conference on Communications and Networks, Vol. 4, 2018, pp. 118–137.
Enabling Technologies: Infrastructure for Collaborative Enterprises
(WETICE), IEEE Xplore Digital Library, 2018. 23. Luigi Atzori, Antonio Iera, Giacomo Morabitoc, “The Internet of
Things: A survey”, Computer Networks Journal, Vol. 54, No. 15, 2010,
6. Hwaiyu Geng, “IoT Business Models”, Internet of Things and Data pp. 2787-2805.
Analytics Handbook, IEEE Xplore Digital Library, 2017.
24. Ira S. Rubinstein, “Big Data: The End of Privacy or a New Beginning?”
7. Zahraa Marafie , Kwei-Jay Lin , Yanlong Zhai , Jing Li, “ProActive International Data Privacy Law, Vol. 3, No. 2, 2013, pp. 74–87.
Fintech: Using Intelligent IoT to Deliver Positive InsurTech Feedback”,
25. Christos Stergioua, Kostas E. Psannisa, Brij B. Guptab, Yutaka
IEEE 20th Conference on Business Informatics (CBI), IEEE Xplore
Ishibashic, “Security, privacy & efficiency of sustainable Cloud
Digital Library, 2018.
Computing for Big Data and IoT”, Sustainable Computing: Informatics
and Systems, Vol. 19, 2018, pp. 174–184.
8. Cristian TOMA, Marius POPA, “IoT Security Approaches in Oil & Gas
Solution Industry 4.0”, Informatica Economica Academic Journal, vol. 26. Xavier Caron, Rachelle Bosua, Sean B. Maynard, Atif Ahmad, “The
22, no. 3/2018. Internet of Things (IoT) and its impact on individual privacy: An
Australian perspective”, Computer Law & Security Review Journal,
Vol. 32, 2016, pp. 4–15.
9. Aakanksha Tewari, B.B. Gupta, “Security, privacy and trust of different
layers in Internet of Things (IoTs) framework”, Future Generation 27. Dr. Kahkashan Tabassum, Dr. A. Damodaram and S.V.S. Rama
Computer Systems, May 2018. Available [Online] Krishnam Raju, “An Energy-Efficient New Hierarchical Stable Election
https://doi.org/10.1016/j.future.2018.04.027 Protocol for Wireless Sensor Networks”, Proceedings of 2nd
International Conference on Recent Advances in Design, Development
10. Jianwei Hou, Leilei Qu, Wenchang Shi, “A survey on internet of things and Control of Micro-Air-Vehicles IC-RA-MAV-2013.
security from data perspectives”, Computer Networks Journal, in press,
Dec 2018. https://doi.org/10.1016/j.comnet.2018.11.026

11. Miao Wu, Ting-Jie Lu, Fei-Yang Ling, Jing Sun, Hui-Ying Du,
“Research on the architecture of Internet of Things”, in: Proceeding of
2010 3rd International Conference on Advanced Computer Theory and
Engineering(ICACTE), 2010, pp. 484-487.

12. Zhihong Yang, Yingzhao Yue, Yu Yang, Yufeng Peng, Xiaobo Wang,
Wenji Liu, “Study and application on the architecture and key
technologies for IoT”, in Proceeding of 2011 International Conference
on Multimedia Technology ( ICMT), 2011, pp. 747-751.