This work is licensed under a Creative Commons Attribution 3.0 License.
For more information, see http://creativecommons.org/licenses/by/3.0/.
This article has been accepted for publication in
a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2924045,
IEEE Access
Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures
FIGURE 1: Present and Future Architecture of IoT.
TABLE 1: Comparison of Security of IT devices and IoT devices.
Widespread IT Security
IoT security
Widespread IT has devices which is resource rich
IoT devices need to be carefully provisioned with security
measures
Widespread IT is based on resource rich devices
IoT system are composed of devices having limitation in
terms of their software and hardware
For wide security and lower capabilities complex algorithm
are implemented
only lightweight algorithms are preferred
Homogeneous technology is responsible for high security
IoT with heterogeneous technology produce large amount
of heterogeneous data increasing the attack surface
normal information technology (IT) devices. Due to all these
issues and vulnerabilities, the IoT applications create a fertile
ground for different kinds of cyber threats. There have been
various security and privacy attacks on the already deployed
IoT applications worldwide. Mirai attack in the last quarter
of 2016 was estimated to infect around 2.5 million devices
connected to the Internet and launch distributed denial of
service (DDoS) attack [5]. After Mirai, Hajime and Reaper
are the other big botnet attacks launched against a large
number of IoT devices [5]. IoT devices, being low powered
and less secure, provide a gateway to the adversaries for
entering into home and corporate networks, thereby giving
easy access to the user’s data. Also, the domain of IoT is
expanding beyond mere things or objects. There have been
various successful attempts to implant IoT devices into the
human body to monitor the live condition of various organs
[6]. Attackers can target such devices to track the location of
a particular individual or falsify data. Such an attack has not
taken place yet in real life but can be highly dangerous, if
such devices are compromised.
Cyber Physical Systems (CPS) is another area benefitting
from the growth of IoT. In CPS physical objects in the
environment are monitored, and actions are taken based on
the physical changes. Since CPS encompass assets of crit-
ical importance (e.g., power grids, transportation systems),
security vulnerabilities in such systems have serious conse-
quences. However, security challenges for CPS have their
unique characteristics and are outside the scope of this paper.
In any IoT ecosystem or environment, there are four im-
portant layers. The first layer includes the use of various
sensors and actuators to perceive the data or information
to perform various functionalities. Based on that, in the
second layer, a communication network is used to transmit
the collected data. Most of the evolving IoT applications
deploy the third layer, called a middleware layer, to act as
a bridge between the network and application layer. Finally,
on the fourth layer, there are various IoT based end-to-end
applications like smart grids, smart transport, smart factories,
etc. All of these four layers have security problems specific
to them. Apart from these layers, various gateways connect
these layers and help in the data movement. There are certain
security threats specific to these gateways as well.
In this paper, a detailed survey of IoT security solutions in
the existing literature is presented. First of all, the fundamen-
tal constraints to achieve high levels for security in IoT ap-
plications are presented. The goal of this paper is to highlight
2
VOLUME x, 2019
This work is licensed under a Creative Commons Attribution 3.0 License. For more information, see http://creativecommons.org/licenses/by/3.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2924045, IEEE Access
Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures
the major existing and upcoming solutions for IoT security.
Specifically, the four major classes of IoT security solutions
namely: (1) blockchain based solutions; (2) fog computing
based solutions; (3) machine learning based solutions and
(4) edge computing based solutions are highlighted. Table 3
gives a list of acronyms related to IoT used in this paper.
Chia sẻ với bạn bè của bạn: