Journal of Network Security

The Internet of Things (IoT) brings immense value while also presenting cybersecurity challenges due to its scale, distribution, and heterogeneity. This study conducts an in-depth analysis of IoT security issues, threats, vulnerabilities, and mitigation strategies through an extensive review of scholarly literature and real-world case studies. A multilayered security approach is proposed, encompassing device hardening, network monitoring, encryption, access controls, governance frameworks, and emerging technologies. The analysis underscores systemic IoT security gaps leading to major threats, including distributed denial of service, critical infrastructure manipulation, data breaches, and service disruption. It is argued that a holistic strategy involving device, network, data, identity, and governance controls is essential to safely harness IoT benefits. The study concludes by identifying key future research directions for enhancing IoT security mechanisms, cryptographic methods, AI-driven threat intelligence, blockchain applications, and global standards.

Nordrum A. (2016 Aug 18). Popular Internet of Things Forecast of 50 Billion Devices by 2020 Is Outdated. [Online]. IEEE Spectrum.

Sicari S, Rizzardi A, Grieco LA, Coen-Porisini A. Security, privacy and trust in Internet of Things: The road ahead. Comput Netw. 2015 Jan 15; 76: 146–64.

Antonakakis M, April T, Bailey M, Bernhard M, Bursztein E, Cochran J, Durumeric Z, Halderman JA, Invernizzi L, Kallitsis M, Kumar D. Understanding the mirai botnet. In 26th USENIX security symposium (USENIX Security 17). 2017; 1093–1110.

Greene T. (2018 May 30). VPNFilter malware infecting 500,000 devices is worse than we thought. [Online]. The Next Web.

Granjal J, Monteiro E, Silva JS. Security for the internet of things: a survey of existing protocols and open research issues. IEEE Commun Surv Tutor. 2015; 17(3): 1294–1312.

Neshenko N, Bou-Harb E, Crichigno J, Kaddoum G, Ghani N. Demystifying IoT security: An exhaustive survey on IoT vulnerabilities and a first empirical look on Internet-scale IoT exploitations. IEEE Commun Surv Tutor. 2019 Apr 11; 21(3): 2702–33.

Livshits B, Seifert C. (2015). Microsoft Security Intelligence Report. [Online]. Microsoft.

Palmieri P, Calderoni L, Maio D, Palmieri P. Security issues in control software for smart homes. Inf Econ. 2019; 23(3): 20–29.

Conti M, Dragoni N, Lesyk V. A survey of man in the middle attacks. IEEE Commun Surv Tutor. 2016; 18(3): 2027–2051.

Lv Z, Li Y. Wearable sensors for vital signs measurement: a survey. J Sens Actuator Netw. 2022 Mar 11;11(1):19. doi: 10.3390/jsan11010019.

Newman LH. (2017 Feb 27). Internet of Things Teddy Bear Leaked 2 Million Parent and Kids Message Recordings. [Online]. Wired.

Erickson D, Achleitner S, LaPoint T. Security and Privacy Implications of Smart Home IoT Devices. SAE Technical Papers. 2020.

Mosenia A, Sur-Kolay S. Wearable medical sensor data security using blockchain technology. IEEE EMBC. 2017; 2859–2862.

Sicari S, Rizzardi A, Miorandi D, Cappiello C, Coen-Porisini A. A secure and quality-aware prototypical architecture for the internet of things. Inf Syst. 2016; 58: 43–55.

Wolf C, Mohr B, Stolz R. (2004). Trusted computing - succeeding with trustworthy systems. [Online].

Ding W, Jing X, Yan Z, Yang LT. A survey on data fusion in internet of things: Towards secure and privacy-preserving fusion. Inf Fusion. 2020; 51: 129–144.

Chen G, He Q, Shu H, Li X, Mukherjee A. Privacy-preserving edge-assisted crowdsensing through multiple edge servers collaboration. IEEE Internet Things J. 2020; 8(3): 1660–1674.

Reyna A, Martín C, Chen J, Soler E, Díaz M. On blockchain and its integration with IoT. Challenges and opportunities. Future Gener Comput Syst. 2018; 88: 173–190.

Cebula JJ, Young LR. A taxonomy of operational cyber security risks. In Software Engineering Research and Practice. 2010 Jul; 193–199.

Paladi N, Michalas A, Gehrmann C. Domain based configuration of internet of things security, privacy and dependability. Proceedings of the 15th EAI International Conference on Security and Privacy in Communication Networks. 2018; 1–8.

US Government Accountability Office. (2019). Data Protection: Experts' Views on Effects of Recent Federal Trade Commission Enforcement Actions (GAO-19-693). [Online].

Sicari S, Rizzardi A, Miorandi D, Cappiello C, Coen-Porisini A. A secure and quality-aware prototypical architecture for the internet of things. Inf Syst. 2016; 58: 43–55.

Mineraud J, Mazhelis O, Su X, Tarkoma S. A gap analysis of Internet-of-Things platforms. Comput Commun. 2016; 89: 5–16.

Conti M, Dragoni N, Lesyk V. A survey of man in the middle attacks. IEEE Commun Surv Tutor. 2016; 18(3): 2027–2051.

Dash E. (2019 Oct 1). Cybersecurity flaws affect millions of medical devices, including FDA-approved implants. [Online]. MedCity News.

Rawat DB, Reddy SR. Software defined networking architecture, security and energy efficiency: A survey. IEEE Commun Surv Tutor. 2017; 19(1): 325–346.

Liu Y, Xu C, Cheung A, Lu J. Where Usability and Security Go Hand-in-Hand: Robust Gesture-Based Authentication for Mobile Systems. Proc CHI Conference on Human Factors in Computing Systems. 2018; 1–13.

Hunt T. (2018 Jan 14). CloudPets stuffed toys leak details of half a million kids and parents. [Online]. Troy Hunt Blog.

Ho G, Leung D, Mishra P, Hosseini A, Song D, Wagner D. Smart locks: Lessons for securing commodity internet of things devices. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. 2016; 461–472.

Kubit J. (2018 Dec 11). Baby Monitor Hacks Remain Unfixed Five Years Later. [Online]. Forbes.

Woods M, Natale S. IoT Security: Prioritizing Privacy, Trustworthiness, and User Control in Complex Cyber-Physical Systems. IEEE Secur Priv. 2019; 17(2): 17–26.

Zarpelão BB, Miani RS, Kawakani CT, de Alvarenga SC. A survey of intrusion detection in Internet of Things. J Netw Comput Appl. 2017; 84: 25–37.

Chen Y, Qin Z, Sharif H, Maharjan S, Zhang Y. Secure Artificial Intelligence of Things for Fog-Enabled 5G Networks. IEEE Internet Things J. 2021; 8(10): 8078–8092.

Brandom R. (2018 Apr 4). Amazon S3 bucket leaks shed light on widespread cloud security failures. [Online]. The Verge.

Qiu T, Liu W, Wu J, Wang L, Ban L. A Review. In 2018 IEEE Smart World, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation. 2018.

Ferrag MA, Maglaras L, Janicke H, Jiang J, Shu L. Authentication protocols for Internet of Things: A comprehensive survey. Secur Commun Netw. 2017; 2017: 6562953.

Patil VC, Patil SC, Nair S, Nadaf MAR, Lokhande SD, Naik RH. A survey of privacy and security challenges in Internet of Things. ACM Trans Embed Comput Syst (TECS). 2021; 20(4): 1–34.

Murphy M. (2019 Oct 3). Massive medical data breach impacts 1 million patients. [Online]. Healthcare IT News.

Harwell D. (2021 Feb 9). A hacker tried to poison a Florida city's water supply. Officials see an 'insider' threat. [Online]. Washington Post.

Knowles W, Prince D, Hutchison D, Disso JF, Jones K. A survey of cyber security management in industrial control systems. Int J Crit Infrastruct Prot. 2015; 9: 52–80.

Mineraud J, Mazhelis O, Su X, Tarkoma S. A gap analysis of Internet-of-Things platforms. Comput Commun. 2016; 89–90: 5–16.

Chen M, Ma Y, Song J, Lai CF, Hu B. Smart clothing: Connecting human with clouds and big data for sustainable health monitoring. Mob Netw Appl. 2016; 21(5): 825–845.

Tung L. (2018 Jul 20). SingHealth data breach reveals several 'inadequate' security measures. [Online]. ZDNet.

Khan WZ, Aalsalem MY, Saad N, Arshad M. A quantum-safe privacy-preserving data aggregation scheme for 5G IoT enabled WBAN. IEEE Access. 2018; 6: 76980–76990.

OWASP Internet of Things Project. (2020). Top 10 IoT Vulnerabilities. [Online]. OWASP.

Saleem J, Hammoudeh M, Raza U, Adebisi B, Ande R. IoT standardisation: Challenges, perspectives and solution. In Proceedings of the 2nd international conference on future networks and distributed systems. 2018 Jun 26; 1–9.

Greenberg A. (2018 Aug 22). The Untold Story of NotPetya, the Code that Crashed the World. [Online]. Wired.

Antonakakis M, April T, Bailey M, McCoy D, et al. Understanding the mirai botnet. In 26th {USENIX} Security Symposium ({USENIX} Security 17). 2017; 1093–1110.

Weber V. The World Wide Web of Chinese and Russian information controls. Working Paper Series – No. 11. Center for Technology and Global Affairs. Department of Politics and International Relations, University of Oxford, Oxford, United Kingdom; September 2019. pp. 1-37. https://ctga.web.ox.ac.uk/files/theworldwidewebofchineseandrussianinformationcontrolspdf.