A Comprehensive and Systematic Survey on the Internet of Things: Security and Privacy Challenges, Security Frameworks, Enabling Technologies, Threats, Vulnerabilities and Countermeasures

Obaidat, Muath; Obeidat, Suhaib; Holst, Jennifer; Hayajneh, Abdullah Al; Brown, Joseph

doi:10.3390/computers9020044

Cited by 58 publications

(35 citation statements)

References 179 publications

(511 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Mendez Mena et al [28] focused on IoT architectures but did not consider applications. Obaidat et al [32] aimed to comprehensively cover IoT security but omitted related applications. In contrast, Hassija et al [29] did not cover IoT as a whole, focusing only on applications.…”

Section: Comparison With Related Reviewsmentioning

confidence: 99%

Current Research Trends in IoT Security: A Systematic Mapping Study

Lee

2021

Mobile Information Systems

View full text Add to dashboard Cite

The smart mobile Internet-of-things (IoT) network lays the foundation of the fourth industrial revolution, the era of hyperconnectivity, hyperintelligence, and hyperconvergence. As this revolution gains momentum, the security of smart mobile IoT networks becomes an essential research topic. This study aimed to provide comprehensive insights on IoT security. To this end, we conducted a systematic mapping study of the literature to identify evolving trends in IoT security and determine research subjects. We reviewed the literature from January 2009 to August 2020 to identify influential researchers and trends of keywords. We additionally performed structural topic modeling to identify current research topics and the most promising ones via topic trend estimation. We synthesized and interpreted the results of the systematic mapping study to devise future research directions. The results obtained from this study are useful to understand current trends in IoT security and provide insights into research and development of IoT security.

show abstract

Section: Comparison With Related Reviewsmentioning

confidence: 99%

Current Research Trends in IoT Security: A Systematic Mapping Study

Lee

2021

Mobile Information Systems

View full text Add to dashboard Cite

show abstract

“…Due to security reasons, a new layer was introduced to IoT architecture and this layer is the Middleware layer. Figure 5 shows the four-layer architecture with characteristics [17], [34,35].…”

Section: Over Of Iot Scope and Iot Architecturementioning

confidence: 99%

“…Attackers can use sensors to inject malicious code and activate it to capture sensitive data exchanged between different IoT devices. If sensors are located in open locations so that attackers can do side-channel attacks which are based on electromagnetic field monetization, power consumption monetization or timing monetization to attack different encryption mechanisms or they can inject noise to the signals [22] [35]. An attacker can also data manipulate at sensors, can do boot attacks, can capture a Node [18].…”

Section: Sensing Layer Threatsmentioning

confidence: 99%

“…However, the quick energy consumption due to the jamming of signals disables the communication between devices and nodes. Ultimately, the signal jamming resulting in the DoS of the nodes prevents communication for the IoT nodes or whole network [13,35,[40][41][42][43]. Information security and privacy in IoT fields demand IoT consideration and concerns.…”

Section: Application Layer Threatsmentioning

confidence: 99%

See 1 more Smart Citation

IoT-based Application of Information Security Triad

Reshan

2021

Int. J. Interact. Mob. Technol.

View full text Add to dashboard Cite

Information Security is the foremost concern for IoT (Internet of things) devices and applications. Since the advent of IoT, its applications and devices have experienced an exponential increase in numerous applications which are utilized. Nowadays we people are becoming smart because we started using smart devices like a smartwatch, smart TV, smart home appliances. These devices are part of the IoT devices. The IoT device differs widely in capacity storage, size, computational power, and supply of energy. With the rapid increase of IoT devices in different IoT fields, information security, and privacy are not addressed well. Most IoT devices having constraints in computational and operational capabilities are a threat to security and privacy, also prone to cyber-attacks. This study presents a CIA triad-based information security implementation for the four-layer architecture of the IoT devices. An overview of layer-wise threats to the IoT devices and finally suggest CIA triad-based security techniques for securing the IoT devices.

show abstract

“…Insecure authentication, insufficient cryptography, and insecure authorization are among the most common issues found with many of these applications [ 2 ]. Moreover, with the explosive proliferation of the Internet of Things (IoT) devices in our daily lives, this has created an Internet of Vulnerabilities (IoV) [ 3 , 4 , 5 ]. Some studies have proposed outsourcing an authentication mechanism that requires IoT RFID-based devices to use a server on the edge of the network to complete the verification and the authentication process [ 5 ], which provides an increasingly secure communications by measuring four different security factors.…”

Section: Introductionmentioning

confidence: 99%

A Hybrid Dynamic Encryption Scheme for Multi-Factor Verification: A Novel Paradigm for Remote Authentication

Obaidat

Brown

Obeidat

et al. 2020

Sensors

Self Cite

View full text Add to dashboard Cite

A significant percentage of security research that is conducted suffers from common issues that prevent wide-scale adoption. Common snags of such proposed methods tend to include (i) introduction of additional nodes within the communication architecture, breaking the simplicity of the typical client–server model, or fundamental restructuring of the Internet ecosystem; (ii) significant inflation of responsibilities or duties for the user and/or server operator; and (iii) adding increased risks surrounding sensitive data during the authentication process. Many schemes seek to prevent brute-forcing attacks; they often ignore either partially or holistically the dangers of other cyber-attacks such as MiTM or replay attacks. Therefore, there is no incentive to implement such proposals, and it has become the norm instead to inflate current username/password authentication systems. These have remained standard within client–server authentication paradigms, despite insecurities stemming from poor user and server operator practices, and vulnerabilities to interception and masquerades. Besides these vulnerabilities, systems which revolve around secure authentication typically present exploits of two categories; either pitfalls which allow MiTM or replay attacks due to transmitting data for authentication constantly, or the storage of sensitive information leading to highly specific methods of data storage or facilitation, increasing chances of human error. This paper proposes a more secure method of authentication that retains the current structure of accepted paradigms, but minimizes vulnerabilities which result from the process, and does not inflate responsibilities for users or server operators. The proposed scheme uses a hybrid, layered encryption technique alongside a two-part verification process, and provides dynamic protection against interception-based cyber-attacks such as replay or MiTM attacks, without creating additional vulnerabilities for other attacks such as bruteforcing. Results show the proposed mechanism outperforms not only standardized methods, but also other schemes in terms of deployability, exploit resilience, and speed.

show abstract

A Comprehensive and Systematic Survey on the Internet of Things: Security and Privacy Challenges, Security Frameworks, Enabling Technologies, Threats, Vulnerabilities and Countermeasures

Cited by 58 publications

References 179 publications

Current Research Trends in IoT Security: A Systematic Mapping Study

Current Research Trends in IoT Security: A Systematic Mapping Study

IoT-based Application of Information Security Triad

A Hybrid Dynamic Encryption Scheme for Multi-Factor Verification: A Novel Paradigm for Remote Authentication

Contact Info

Product

Resources

About