The current vision of the Internet of Things (IoT) is to ensure that everything from everywhere is connected to the Internet at all times using Internet Protocol (IP). This idea has the potential of making homes, cities, electric grids, among others, safer, more efficient, and easier to manage. Nevertheless, a number of obstacles still remain to fully realize the IoT vision, with security and privacy among the most critical. Ensuring security and privacy in the IoT is particularly complicated, especially for the resource‐constrained devices due to finite energy supply and low computing power. These factors are typically at odds with most of the existing security protocols and schemes proposed for the IoT because of the intensive computational nature of the cryptographic algorithms involved. This paper performs an extensive comparison of previous surveys on the subject, and shows its novelty with respect to the previous work. It describes 9 application domains and presents, in detail, security requirements, system models, threat models along with protocols and technologies for those 9 application areas. The survey also performs an exhaustive examination of some existing mechanisms and approaches proposed in the literature for ensuring security and privacy of IoT devices. Finally, it outlines some open research issues associated with IoT security.
The past couple of years have marked continued growth in the applications and services of the Internet of Things (IoT). This has attracted the attention of new operators as well as institutional, corporate, and private investors in every sector of the economy, and as a result, new businesses are springing up rapidly. These include many start-up companies that are producing various kinds of useful IoT devices and Smart Applications (smart apps). While this can be seen as a boost for innovation in the IoT, some of these companies produce IoT devices and smart apps with security vulnerabilities. In this paper, we propose the IoT Hardware Platform Security Advisor (IoT-HarPSecA), a security framework intended to provide support to such IoT producers. IoT-HarPSecA offers three functionality features, namely security requirement elicitation, security best practice guidelines for secure development, and above all, a feature that recommends specific LightWeight Cryptographic Algorithms (LWCAs) for both software and hardware implementations. Accordingly, IoT-HarPSecA is composed of three main components, namely Security Requirements Elicitation (SRE) component, Security Best Practice Guidelines (SBPG) component, and LightWeight Cryptographic Algorithms Recommendation (LWCAR) component, each of them servicing one of the aforementioned features. We implement a command-line tool in C++ to serve as an interface between users and the proposed framework. IoT-HarPSecA can be employed during the early stages of IoT systems design, and it can also be used to facilitate the implementation of security in existing IoT systems. This paper presents a detailed description, design, and implementation of the SRE, SBPG, and LWCAR components of the proposed framework. Using real-world practical scenarios, we show how IoT-HarPSecA can be used to elicit security requirements and recommend appropriate LWCAs based on user inputs. While a full performance evaluation of the SRE and SBPG components is beyond the scope of this paper, we present a detailed performance evaluation of the LWCAR component, which shows that IoT-HarPSecA can serve as a roadmap for secure IoT development.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.