Internet of Things Security: A Survey and

Taxonomy
Maria Gulzar, Ghulam Abbas
Faculty of Computer Sciences and Egineering,
GIK Institute of Engineering Sciences and Technology,
Topi 23640, Pakistan.
{u2016212; abbasg}@giki.edu.pk

Abstract—The Internet of Things (IoT) regulates millions of customer facing and strategizes increased productivity both
terabytes of data for everyday commercial, industrial, in terms of economy and the environment [8]. Cisco predicts
technical and personal usage. Considered as the greatest a total of 50 billion connected things and 200 billion
technological revolution, all IoT-based transformations are intermittent subsystems by 2020. Gartner believes IoT has
now occurring to increase productivity and create a the potential to generate a total revenue of EUR 714 billion
coordinated world across business and technologies. However, [4, 5], while Mckinsey predicts IoT’s influence to range up
the exchange, storage, processing and transfer of tremendous to $6.2 trillion by 2025, considering its impact upon
amounts of sensitive information has also given rise to severe enterprise, infrastructure, tech industry and ‘smart’ devices
security and privacy concerns that compromise the efficiency
[5]. IoT’s innovative hyper-operability cycle has pushed
and usability of IoT. It has become a challenge for users to
organizations to shift to its services in order to survive in
depend on such a vulnerable technology, where the IoT
security risks outweigh its benefits. Several defense techniques, today’s competitive market. IoT encompasses the world of
algorithms and solution models have been proposed and information technology and every single entity that is a party
implemented to counter these attacks. However, there are to it.
limitations involved as robust incursions make these solutions However, with a universal use of a pervasive network
obsolete. It is vital to have an overview of the research done like IoT, the risks have grown exponentially with the
and find loopholes to fill in the security gaps to ensure a safe
opportunities. In such intensive, fast-paced and ubiquitous
IoT ecosystem. Realizing the need of enhanced problem-solving
socio-technical environments, there have been many
strategies, this paper provides a systematic review of the
existing strategies for IoT security and privacy, and provides
incidents where security and privacy of IoT and its users
an analytical approach in identifying the concerns and have been compromised, resulting in the leakage of sensitive
solutions. It discusses IoT architecture, classifies the various information and hacker intrusions. Having differently
domains of security and privacy and presents a taxonomy and characterized software and hardware with varying memory
a comparative analysis to outline the security goals, threats and size, bandwidth and processing power [5], it is inefficient to
attacks, and solutions proposed in recent years (2015-2018). have one synchronous system to ensure a secure IoT
Our research methodology comprises of thorough qualitative network. What we need is end-to-end data protection [9]
analyses and a literature review to help evaluate the questions throughout the IoT architecture and application terminals [8].
asked in this survey. We also highlight the limitations of the According to [8], a model’s principal security is not robust
previous studies and the open issues. Our survey results focus until its lowest level of defense is comprehensive. It has
on the problems that require further attention to improve the become vital for IoT to have revised security mechanisms in
IoT progression. order to sustain itself in this fast-moving world and provide
reliable products and service to all its users.
Keywords—Internet of Things, architecture, security, privacy
This paper is a systematic timeline assessment of security
I. INTRODUCTION advancements in IoT. We present a state-of-the-art
classification of the IoT security into various domains like
The Internet of Things (IoT) is a state-of-the-art privacy, authorization, confidentiality, integrity, data
technology that aims to connect people to people (P2P), availability and authentication, followed by brief overview of
people to machine (P2M) and machine to machine (M2M) IoT architecture. A survey and comparative analysis has been
through an all-connected, heterogeneous platform for devices conducted to review the IoT security issues encountered,
and systems [1]. What initiated as a mere futuristic theory by challenges already addressed, existing solution models and
Kevin Ashton in 1999 [2], IoT has now become a finally the limitations aroused. We have also devised and
phenomenon that has raised questions for improvement even proposed a taxonomy of the IoT structure in terms of
in Moore’s and Metcalfe’s laws, and has enabled devices, architecture, technologies, security domains and concerns.
people and technologies to interact with each other and
regulate millions of terabytes of data for everyday The remainder of the paper is organized as follows. IoT
commercial, industrial, technical and personal usage [3]. IoT security classification is presented in Section II, followed by
has transformed every domain of our lives through IoT architecture in Section III. We then present our proposed
healthcare (recording patients and surgical records [6]), taxonomy of the IoT structure in terms of technologies,
transportation (routing optimization, connected roads and security domains and architecture in Section IV. Finally, in
traffic monitoring [7]), personal and social usage (smart Section IV, a thorough comparative analysis of research
home appliances, autonomous vehicles [8]), agriculture from 2015 till 2018 has been conducted to review the
(animal identification [2]), and lastly environment (building security threats, solutions proposed and implemented along
‘smart’, energy efficient cities and infrastructure). IoT has with any limitations highlighted. Section V presents open
been the most influential in the enterprise industry as it issues and future trends and Section VI concludes the paper.
manipulates goods trafficking, maximizes efficiency in

XXX-X-XXXX-XXXX-X/XX/$XX.00 ©20XX IEEE

 TABLE I. IOT SECURITY CLASSIFICATION

Classification Implication Paper

Privacy Data is protected from attacker intrusion and non-integratable at any architectural level for extraction [12]
Authentication Securing accessibility to resources and validating identification of those who are authorized to access it [1]
Confidentiality The network expected to know where to and from the data is being sent [5]
Integrity Accurate, authentic, timely and complete information, reliability on the security of the data [4]
Availability Data is present in its complete, accurate form at the right location and time [12]
Authorization Only those channels that are allowed to access the information are able to receive, process or transmit it [13]

Wherever the IoT ecosystem is addressed, its security is

II. IOT SECURITY CLASSIFICATION the primary concern for the users. However, when we talk
The addressing issue at hand is the lack of immunization about security, there is a need for a deeper understanding of
from security breaches and privacy threats that poses a its different domains. As discussed in Table 1, privacy is an
question on the reliability of IoT technology, where user data important aspect of security, which protects user data from
is retrieved on such a tremendous amount. [10]. Investment any sort of hacker intrusion and enables all architectural
in IoT based transformations is considered a risk as three levels of IoT to be non-integratable for data extraction or
most important tasks-knowing who is collecting data, theft [12]. Authentication in IoT terms refers to ensuring that
monitoring how it is being collected and the time and data is accessible only to those entities or resources that have
location of collection may be unsafe. A survey conducted by been authorized [1]. This emphasizes on the need of
HP reveals almost 70% of all IoT devices to be prone to validating identification of all personnel through streamlined
privacy threats [11]. The test also proves how every IoT automated processes. Confidentiality, integrity and data
device is responsible for at least one piece of personal availability, more commonly known as CIA, expects the IoT
information collection [11]. Hence, the implication that every network to secure and identify the sources and sinks of all
IoT path must be secure and the information to be authentic, data [9]. Integrity and availability specifically determines the
complete and timely ensures the integrity and confidentiality processing of accurate, authentic, timely and complete
of user data and Quality of Service (QoS). The information information [4, 12]. Lastly, authorization allows only the
collected needs authentication together with specific authentic channels to receive, process or transmit data [13].
authorization to a party or person to be able to access that
data only. III. TAXONOMY OF IOT ARCHITECTURE & SECURITY
With real-time, fast-paced and large-scale networking IoT architecture revolves around four ‘supporting’
and data analysis, failure to have a single, prevalent jurisdictions, namely, hardware, software, network and
elementary security system for all heterogeneous IoT devices people. It represents a hierarchical structure, with each
has now resulted in major security challenges to overcome. domain further divided into three layers- information,
In October 2016, a malware Mirai that was able to launch connectivity and application [17]. The information layer,
DoS attacks was detected to have generated tens of millions comprising of a combination of software and hardware, deals
of IP addresses in Dyn, a US-based DNS server [14]. With with data collection, extraction and perception. It is mainly
over a 100,000 corrupted devices, important U.S. sites like functional due to the hardware set-up such as various sensors
Twitter and Netflix faced tremendous traffic blockage [6]. and actuators along with the infrastructure installed for
Similarly, in 2010, the Stuxnet Trojan horse worm was able computational processes. Surveillance cameras (with night
to breach the process control systems installed in nuclear vision) [16], Radio-frequency identification tags (RFID),
power stations and gain access to transactional and personal Near Field Communication (NFC) [8], Wireless Sensor
information, showcasing the perfect example of security and Networks (WSNs) [5] and smart devices such as cellular
privacy vulnerabilities in IoT [2]. To prevent such issues in phones all serve as performance modules. According to [17],
the future, IoT requires enhanced infrastructural protocols, RFID tags use radio waves to perceive and record user data
interface and inter-device operability and interaction to build to be used in remote sensing, patient authorization and
end-to-end encrypted terminals and improved autonomous inventory management for retail corporations like Walmart
services [8]. As per the Truste Internet of Things Privacy [11]. Similarly, WSNs are automated programmed devices
Index conducted in the UK, only 18% of the respondents mainly involved in data processing like identifying location,
were open to the idea of preferring IoT benefits over its recording temperature and tracking maintenance trends.
security issues [15].
The second layer is the ‘connectivity layer’, made of
Security in the digital world needs to gain trust of IoT software and networking platforms, which mainly transmits
users, for which transfer of authentic data, communication data from the information layer from one terminal to the next
between only the concerned parties and privacy of both the after storage, real-time processing and applying intelligent
user and the information must be ensured. As technology and databases like cloud computing (IaaS, Paas or SaaS) and big
time has progressed, focus on having trust management data analytics. Information transmission is done wirelessly
systems and safe infrastructures in the IoT architecture has over WiFi, Bluetooth, infrared or ZigBee etc. [17] The
been emphasized. This paper classifies security into its softwares are responsible for formulating and evaluating
various domains for better grasp of the sections ahead, along location (through GPRS), acceleration, humidity and
with the comparative analysis. temperature levels for documentation to be sent after seeking
assistance from information and management systems.

2
Fig. 1. Proposed taxonomy of IoT security

Lastly, the application layer (combined with the specific resource unavailable to the authorized user through
middleware layer), where almost 75% of all attacks occur [3] unnecessary data traffic [1].
and a mixture of connectivity and people, is the one that
provides all these features as services to the people to fulfill The application layer comprises of authorization and QoS as
their socio-technical and industrial requirements, including its security goals. This structure can be prone to spear-
service management techniques from large-scale enterprises phishing, sniffing and DoS attacks. Spear-Phishing attack
to local businesses in development of better marketing and causes an authentic user to open emails that can allow
connectivity tools and customer-customization abilities. Our sensitive information to be leaked to the intruder [1].
proposed taxonomy is presented in Fig. 1 that outlines the Sniffing can corrupt an entire network by polluting the
complete structure of the IoT architecture from its layers and application through sniffers [1].
levels to its various technologies and security goals, followed
by the security threats at each level. IV. REVIEW OF EXISTING SECURITY APPROACHES
It is important to note that the security classifications This section discusses the eminent existing IoT security
addressed in Table 1 are categorized into a combination of solution models, frameworks and techniques to meet the
the IoT architectural and technological layers. At the security goals discussed in the previous section and provide
information layer, without respecting the need for user and immunization from malicious attacks and enhanced
data privacy and authorization, the IoT network can face networking operability. Our survey comprises of 8 different
security concerns such as jamming, eavesdropping and research papers from 2015-2018 to assess IoT progression
spoofing. All these attacks either block the signal from over the years, along with any limitations that have been
transmitting/receiving, can cause looping and allow found in these solutions.
unauthorized intruders to catch the data or generate false Cirani et al. [19] seeing privacy, trust and (CIA)
error messages that can alter the routing targets [24]. Confidentiality, Integrity and Availability as the main
CIA has been identified as the main security goals of the security goals, proposed an OAuth security framework on
connectivity layer that can protect the IoT ecosystem from top of the transport layer that could provide outsourced
Sybil, Sinkhole and Denial-of-Service (DoS) attacks. Sybil authorization and immunization to Smart Objects from any
attacks can occur by creating multiple nodes through a single externalities. Their model was based upon the REST
identity that can steal information thorugh fake usability. (Representational State Transfer) web architecture and
According to the 2012 statistics, 76 million users on involved the integration of OAS with HTTPS/CoAP based
Facebook and 20 million users on Twitter were identified as API services to make the final product called the IoT-OAS.
masked Sybil identities [24]. Sinkhole, termed as the most This could potentially aid in dynamic configurability and a
disruptive attack, attracts unnecessary traffic to a single sink detailed energy consumption evaluation through PowerTrace
by falsifying the shortest routing information to all other that would enable the Smart devices to focus on their logical
transmitter nodes [25]. Finally, DoS attacks make the functionalities rather than security protocols, especially in

3
resource constrained environments. This model is not solution, SDIoT, where the whole network was divided into
considered as a security solution, rather a way to build an three layers (hardware, middleware/control and application
authorization layer to manage the IoT service providers. or DaaS). The data could be packaged relative to their IP
addresses and sent in an organized form to their operations.
However, the limitations of this framework were ASDSec-C would then coordinate with the Authentication
complications on the client and user end in terms of Database to point out any vulnerabilities through flag
permission access and computational-heavy processing that outputs. Finally routing algorithm were deployed to ensure
resulted in increased energy consumption under the OAuth secure path designation.
implementation in devices. Another problem was the
inability of the Smart Objects to tackle the DoS attacks in Fernandes et al. [21] in 2016 devised a paper that
cases of large traffic where IoT-OAS was configured. addressed the main security issues as not the authorization
protocols, but privacy violation and data leakage through app
Another paper of 2015 [20], authored by Jararweh et al. functionalities after they had been granted access to sensitive
addressed various solutions proposed previously and information. They introduced FlowFence, a system that
concluded how no prior research had been presented to solve enables specified flow patterns between authorized sources
the issue of security in IoT using SDNs (Software Defined and sinks, to make sure data theft in smartphones and devices
Networks). The authors introduced a system architecture
does not occur. The model used was Opacified Computation

with sandboxes, tags and taint labels through which apps more efficiently had block chain been deployed in the US
could only acquire access to data through functions they DNS server. One limitation we found was the one point of
process with an integration of trusted APIs. Three IoT failure that could occur when a clock would be required for
frameworks were tested upon for inclusion of FlowFence: time stamping.
Samsung SmartHome, Google Fit and Android Sensor APIs
using the hub platform instead of Cloud, due to its reliability This paper, authored by Folly [3] focused on introducing
and widespread usability. This architecture measured a semantic analysis using a graph theoretic approach that
security, operability and E2E latency and highlighted a included the usage of data mining and machine learning
thorough mechanism to ensure data safety in app usage. techniques. It discussed the need to eliminate excessive
human interference and non-cooperative methods involved in
However, as addressed by the paper as well, there were a traffic blockage. In their model, they proposed using graph
few limitations in this model like Overtainting and Flow theory in a centralized solution to first deploy 100-1000 IoT
Prompts that could be accessed and manipulated by all users devices to gather data and then launch random threats and
without administrators that would delegate access grants attacks into them. Their graph model would then be able to
instead. analyze and asses threat detection techniques to predict
anomalies in real-time. However, a major limitation in this
In 2016, Rahman et al. [16] introduced a complete model was that there was no candidate to have this
security framework conversion to a secure IoT Cloud experiment testes and thus the credibility of this paper was
ecosystem. Secure web interface, security configuration and somewhat questionable.
physical device protection were added to the already existing
security goals. It focused on providing transmission Stergiou et al. [23] in 2018 authored a paper that also
encryption, physical security of devices in highlighted the possibility of a decentralized public ledger
telecommunication towers and adequate security through Block-chain that could ensure immunization during
configurability to the networks for autonomous online financials, transactions and businesses through
modifications of protocols. cryptographic hashing, digital signatures and permanent
storage of data records. This would eliminate any possibility
Although the paper did not classify security threats, their of data manipulation and ensure data integrity,
model addressed methods like data encapsulation and authentication, privacy and transparency without a
encryption from eavesdropping and secure storage. An active centralized authorization, instead a consensus algorithm
Base Station would also help host coded Sensor nodes for based on proof-of-work and mutual trust. This model could
encrypted communication through private M2M gateways. A have impactful results concerning IoV (Internet of Vehicles),
Secure Software Development Life Cycle (SSDLC) IoMT (Internet of Medical Things) and IoHT (Internet of
inclusion for efficient and protected cloud computing would Health Things). However, this trending technology still has
ensure a successful conversion to IoT Cloud ecosystem as a wide array of unknown applications that may exceed the
well. However, frequent assessment checks of big data and scope of user operability and cause inappropriate resource
networks were necessary to ensure safety from new threats allocation. Hence, further research and exploration into this
and quality security. model is required.
By 2017, the paper by Kshetri [15] identifies the By the end of 2018, a common increase in the shift from
dependency on Cloud platforms as a huge vulnerability due Cloud platforms has been seen by Sarker et al. [22].
to its centralized data transmission and processing. It Addressing the problems of extensive reliance of IoT on
introduces the use of Block chain as an effective technology Cloud Computing networks, huge amounts of GHGs
using decentralization and Access Management Systems for (Greenhouse gases) like CO2 emissions from Cloud Data
the protection of digital rights as data would be accessed Centers, this paper proposed a Fog Computing prototype,
only by the parties involved in the transaction. Private block based on Edge Computing, that can act as a substitute of the
chains with stored cryptographic hashes would also allow Cloud in low-latency and real-time applications. This would
permanent records of device configurations that would only
ensure QoS, tenant privacy, fault-tolerance and prevention of
allow data transfer after authorization from the message’s data blockage due to high traffic. They introduce the
originator. This paper claims to have handled the Dyn crisis

4
deployment of computational processing and data storage V. OPEN ISSUES AND DESIGN GUIDELINES
capabilities through TNs (terminal nodes) forming (VCs) Although the past decade has proven to be the focus on
Virtual Clusters to create (EPVN) Egde Private Virtual IoT progression, as of 2018, each IoT device on average still
Networks at all architectural levels to avoid core Cloud has 25 loopholes that can cause data leakage and other
frameworks dependency. With FIs (Fog Instances), decisions vulnerabilities. As these devices increase in number, all
to redirect data requests to the Cloud can be processed. DCNs encounter a heavy network traffic that can disrupt
However a few limitations were observed and also talked QoS and cause service latency in all real-time applications.
about in this paper. Firstly, for heavy processing and large Attacks such as Denial-of-Service, malicious, Sybil and
amounts of semi- or permanent data storage, FC would be Sinkhole are only some of the many threats that still need
inefficient and thus a redirection to the core Clod platform better detection and handling techniques to create a secure
will be required as this model does not serve as the Cloud heterogeneous IoT ecosystem. Our analysis shows that the
replacement. Also, where data analytics is required, a preference of using Blockchain methods instead of
collection from distributed DCs to the core DC is required centralized cloud solutions might be commonly agreed upon
through GIS techniques which can be time consuming. in the future due to a safer approach towards data security
threats.
A methodological approach of highlighting the security
goals, attacks, security models and limitations has been
adopted, as summarized in Table II.

TABLE II. IOT SECUIRTY SURVEY SUMMARIZED

Paper/Year Security goals Security intrusion Security model Limitation

Privacy, trust, CIA, DoS attacks in traffic
Authorization, handling,
Cirani et al. dynamic IoT-OAS: OAuth based REST web Computational heavy
Third party
[19]/2015 configurability, architecture to provide authorization processing,
intervention
Out-sourced facilities Human interaction on both
authorization Service Provider and user
functionalities end required
SDIoT: An SDN system
Accelerated 1.physical layer: SN clustering message More efficiency and
Jararweh et facilitation of transmissionwith zero data handling management oriented,
Authentication,
al. operations and interference Needs an experimental
secure data storage
[20]/2015 security 2.middleware: SDN controllers for setup to test IoT
management consistency through APIs technologies
3.DaaS: application layer

1.Info: OSS, Sensor nodes incorporation Only theoretical ‘Secure

CIA,Efficient, Insecure network
Rahman et 2.Connectivity: data encapsulation, IoT sensor to cloud
undependable devices, physical
al. encryption, SSDLC network’ without any
heterogeneous security, safety
[16]/2016 3.App.: Big Data management, Predictive model implementation
networking, configurability
Analysis procedure

Fernandes E2E latency and Over-tainting,

operability and Privacy violation, FlowFence: Opacified Computation for data
et al. Flow Prompts accessibility
confidentiality from data leakage safety in app usage
[21]/2016 by all users
apps

High-speed traffic Graph-theoretic approach: centralization No available applicant for

Folly Threat detection,
and attacks on model for anomaly detection and data experiment, approach not
[3]/2017 data classification
application layer collection tested

Privacy, Data manipulation

authorization, data due to centralization Block-chain: Access Management Systems
Kshetri Single point of failure in
decentralization, of IoT data including cryptographic hashes in
[15]/2017 clock during time stamping
permanent data processing through transactions
storage Cloud platforms

Inefficient in heavy
QoS, tenant Data blockage due computational processing,
Sarkar et al. Fog-computing: edge-computing to
privacy, fault to high traffic, core time consuming in
[22]/2018 substitute for Cloud dependency
tolerance Cloud dependency redirection to the DC core
during data analytics
Extensive research required
Stergiou et Integrity, privacy, Data manipulation, Block-chain: Decentralized public ledger to analyze cope of this
al. transparency, inappropriate with cryptography hashing, digital signatures technology and efficient
[23]/2018 authentication resource allocation and consensus algorithms usability

5
 A control set-up for physical devices configuration with [4] K. Karimi and G. Atkinson, “What the Internet of Things (IoT) Needs
trace-back methods can track any traffic or attacks while to Become a Reality,” p. 16.
respecting both anonymity and authorization access. After [5] H. Wang, Z. Zhang, and T. Taleb, “Editorial: Special Issue on
Security and Privacy of IoT,” World Wide Web, vol. 21, no. 1, pp. 1–
thorough research, it is imperative to devise a technique that 6, Jan. 2018.
not only has an E2E security checks at all architectural levels [6] C. Hu, J. Zhang, and Q. Wen, “An identity-based personal location
but also autonomous, tamper-proof environments that system with protected privacy in IOT,” pp. 192–195, Oct. 2011.
include fault-tolerant networks to detect and handle new [7] S. Kraijak and P. Tuwanut, “A survey on IoT architectures, protocols,
attacks as well. A call to action is necessary on part of larger applications, security, privacy, real-world implementation and future
organizations that deal with these kinds of issues on a daily trends”, In Proc. IEEE WiCoM 2015, 21-5 Sep., Shanghai, China
basis; Apple and Microsoft have launched initiatives to [8] A. Riahi Sfar, E. Natalizio, Y. Challal, and Z. Chtourou, “A roadmap
introduce cryptography and emailing privacy for its users, for security challenges in the Internet of Things,” Digital
which will gain trust of the people and aid in IoT Communications and Networks, vol. 4, no. 2, pp. 118–137, Apr.
2018.
advancements. In this section, some future points for
[9] M. U. Farooq, M. Waseem, A. Khairi, and S. Mazhar, “A Critical
consideration are: Analysis on the Security Concerns of Internet of Things (IoT),”
International Journal of Computer Applications, vol. 111, no. 7, pp.
• The development of zero-human interference 1–6, Feb. 2015.
methods that can streamline the security processes of
[10] D. Prince, “Cybersecurity: The Security and Protection Challenges of
authorization and authentication. Our Digital World,” Computer, vol. 51, no. 4, pp. 16–19, Apr. 2018.
• Supporting technologies and solutions that aid the [11] E. Bertino and N. Islam, “Botnets and internet of things security,”
Computer, no. 2, pp. 76–79, 2017.
IoT vision through user-friendly, more secure and
[12] T. Xu, J. B. Wendt, and M. Potkonjak, “Security of IoT Systems:
economical services provided for the users. Design Challenges and Opportunities,” in Proceedings of the 2014
IEEE/ACM International Conference on Computer-Aided Design,
• Tackling not just the issue of security, but also Piscataway, NJ, USA, 2014, pp. 417–423.
keeping in mind the environmental threats, costs per
[13] M. Abomhara and G. M. Koien, “Security and privacy in the Internet
user, ease of scalability and service latency in IoT of Things: Current status and open issues,”, in Proc. IEEE PRISMS
networks. 2014, 11-14 May, Aalborg, Denmark, pp. 1–8.
[14] S. A. Kumar, T. Vealey, and H. Srivastava, “Security in Internet of
VI. CONCLUSION Things: Challenges, Solutions and Future Directions,” in Proc. IEEE
HICSS 2016, 5-6 Jan., HI, USA, pp. 5772–5781.
In this paper, we have discussed IoT architecture, [15] N. Kshetri, “Can Blockchain Strengthen the Internet of Things?,” IT
security and its extended classifications along with a survey Professional, vol. 19, no. 4, pp. 68–72, 2017.
that highlights research conducted from 2015-2018 on the [16] A. F. A. Rahman, M. Daud, and M. Z. Mohamad, “Securing Sensor to
security goals, issues and solution models proposed and Cloud Ecosystem Using Internet of Things (IoT) Security
implemented. Finally, any limitations found were also Framework,” in Proc. International Conference on Internet of Things
and Cloud Computing, NY, USA, pp. 1-5.
analyzed along with open issues and future trends. It is true
[17] O. Said and M. Masud, “Towards Internet of Things: Survey and
that sound security solutions are not attained easily but a Future Vision,” International Journal of Computer Networks, vol. 5,
thorough analysis of security threats from design level to no. 1, pp. 1-17, 2013.
implementation to create a safe IoT architecture in [18] I. Lee and K. Lee, “The Internet of Things (IoT): Applications,
accordance with the pre-existing security framework can investments, and challenges for enterprises,” Business Horizons, vol.
help make IoT the most trusted technology yet. 58, no. 4, pp. 431–440, Jul. 2015.
[19] S. Cirani, M. Picone, P. Gonizzi, L. Veltri, and G. Ferrari, “IOT-
Future models should not only tackle the issues of data OAS: An oauth-based authorization service architecture for secure
security and privacy in IoT frameworks but also high power- services in IoT scenarios,” IEEE Sensors Journal, vol. 15, no. 2, pp.
consumption, service latency, data decentralization and huge 1224–1234, 2015.
financial expenditures. Many have now targeted increased [20] Y. Jararweh, M. Al-Ayyoub, E. Benkhelifa, M. Vouk, and A. Rindos,
emission of greenhouse gases (GHGs) through DCs and “SDIoT: a software defined based internet of things framework,”
Journal of Ambient Intelligence and Humanized Computing, vol. 6,
pressed the need to plan smarter solutions covering all these no. 4, pp. 453–461, 2015.
areas for a progressive IoT future. Deployment of secure,
[21] E. Fernandes, J. Paupore, A. Rahmati, D. Simionato, M. Conti, and A.
cost-effective and energy aware embedded systems from Prakash, “FlowFence: Practical Data Protection for Emerging IoT
home appliances to businesses and organizations have Application Frameworks.,” in USENIX Security Symposium, 2016,
become not just a technical issue but a social need in this day pp. 531–548.
and age. [22] S. Sarkar, S. Chatterjee, and S. Misra, “Assessment of the Suitability
of Fog Computing in the Context of Internet of Things,” IEEE
Transactions on Cloud Computing, vol. 6, no. 1, pp. 46–59, 2018.
REFERENCES [23] D. Puthal, N. Malik, S. P. Mohanty, E. Kougianos, and C. Yang, “The
[1] R. Mahmoud, T. Yousuf, F. Aloul, and I. Zualkernan, “Internet of blockchain as a decentralized security framework,” IEEE Consum.
things (IoT) security: Current status, challenges and prospective Electron. Mag., vol. 7, no. 2, pp. 18–21, 2018.
measures,” in 2015 10th International Conference for Internet [24] M. Nawir, A. Amir, N. Yaakob, and O. B. Lynn, “Internet of Things
Technology and Secured Transactions (ICITST), 2015, pp. 336–341. (IoT): Taxonomy of security attacks,” in Electronic Design (ICED),
[2] P. Corcoran, “The Internet of Things: why now, and what’s next?.”, 2016 3rd International Conference on, 2016, pp. 321–326.
IEEE Consumer Electronics Magazine, vol. 5, no.1, pp. 63-68, Jan. [25] C. Cervantes, D. Poplade, M. Nogueira, and A. Santos, “Detection of
2016. sinkhole attacks for supporting secure routing on 6LoWPAN for
[3] F. Folly, “Graph-theoretic approach for security of Internet of Internet of Things,” in 2015 IFIP/IEEE International Symposium on
Things,” in 2017 International Rural and Elderly Health Informatics Integrated Network Management (IM), Ottawa, ON, Canada, 2015,
Conference (IREHI), Lome, 2017, pp. 1–11. pp. 606–611.