A Survey on Security and Privacy Issues in Internet-of-Things

IEEE Internet of Things Journal

Volumn 4, Issue 5, 2017, Pages 1250-1258

  Yang, Yuchen ^a   Wu, Longfei ^b   Yin, Guisheng ^a   Li, Lijie ^a   Zhao, Hongbin ^a  

^a HARBIN ENGINEERING UNIVERSITY   (China)

^b Temple University   (United States)

Author keywords

Internet of Things (IoT); privacy; security; survey

Indexed keywords

ACCESS CONTROL; COMPUTER PRIVACY; DATA PRIVACY; SURVEYING; SURVEYS;

DAILY LIVES; DIFFERENT LAYERS; INTERNET OF THINGS (IOT); PRIVACY AND SECURITY; SECURITY; SECURITY AND PRIVACY ISSUES; SECURITY ISSUES;

INTERNET OF THINGS;

EID: 85030314760     PISSN: None     EISSN: 23274662     Source Type: Journal    
DOI: 10.1109/JIOT.2017.2694844     Document Type: Article

References (74)

1. IoT Analytics. (2014). Why the Internet of Things Is Called Internet of Things: Definition, History, Disambiguation. [Online]. Available: https://iot-analytics.com/Internet-of-things-definition/
2. I. Saif, S. Peasley, and A. Perinkolam. (2015). Safeguarding the Internet of Things: Being Secure, Vigilant, and Resilient in the Connected Age. [Online]. Available: https://dupress.deloitte.com/ dup-us-en/deloitte-review/issue-17/Internet-of-things-data-security-andprivacy. html
3. M. Rouse. (2013). IoT Security (Internet of Things Security). [Online]. Available: http://internetofthingsagenda.techtarget.com/ definition/IoT-security-Internet-of-Things-security
4. B. Lam and C. Larose. (2016). How Did the Internet of Things Allow the Latest Attack on the Internet? [Online]. Available: https://www.privacyandsecuritymatters.com/2016/10/howdid-the-Internet-of-things-allow-the-latest-attack-on-the-Internet/
5. Talkin Cloud. (2016). IoT Past and Present: The History of IoT, and Where It's Headed Today. [Online]. Available: http://talkincloud.com/cloud-computing/iot-past-and-present-historyiot-and-where-its-headed-today?page=2
6. J. Granjal, E. Monteiro, and J. S. Silva, "A secure interconnection model for IPv6 enabled wireless sensor networks," in Proc. IFIP Wireless Days, Venice, Italy, Oct. 2010, pp. 1-6.
7. S. Sicari, A. Rizzardi, L. Grieco, and A. Coen-Porisini, "Security, privacy and trust in Internet of Things: The road ahead," Comput. Netw., vol. 76, pp. 146-164, Jan. 2015.
8. R. Roman, J. Zhou, and J. Lopez, "On the features and challenges of security and privacy in distributed Internet of Things," Comput. Netw., vol. 57, no. 10, pp. 2266-2279, 2013.
9. W. Trappe, R. Howard, and R. S. Moore, "Low-energy security: Limits and opportunities in the Internet of Things," IEEE Security Privacy, vol. 13, no. 1, pp. 14-21, Jan./Feb. 2015.
10. H. Shafagh, A. Hithnawi, A. Droescher, S. Duquennoy, and W. Hu, "Poster: Towards encrypted query processing for the Internet of Things," in Proc. 21st Annu. Int. Conf. Mobile Comput. Netw. (MobiCom), Paris, France, 2015, pp. 251-253.
11. R. Kotamsetty and M. Govindarasu, "Adaptive latency-aware query processing on encrypted data for the Internet of Things," in Proc. 25th Int. Conf. Comput. Commun. Netw. (ICCCN), Aug. 2016, pp. 1-7.
12. S. A. Salami, J. Baek, K. Salah, and E. Damiani, "Lightweight encryption for smart home," in Proc. 11th Int. Conf. Availability Reliability Security (ARES), Salzburg, Austria, Aug. 2016, pp. 382-388.
13. I. Andrea, C. Chrysostomou, and G. Hadjichristofi, "Internet of Things: Security vulnerabilities and challenges," in Proc. IEEE Symp. Comput. Commun. (ISCC), Larnaca, Cyprus, Jul. 2015, pp. 180-187.
14. E. Ronen and A. Shamir, "Extended functionality attacks on IoT devices: The case of smart lights," in Proc. IEEE Eur. Symp. Security Privacy (EuroS P), Saarbrücken, Germany, Mar. 2016, pp. 3-12.
15. O. Salman, S. Abdallah, I. H. Elhajj, A. Chehab, and A. Kayssi, "Identity-based authentication scheme for the Internet of Things," in Proc. IEEE Symp. Comput. Commun. (ISCC), Messina, Italy, Jun. 2016, pp. 1109-1111.
16. P. Porambage, C. Schmitt, P. Kumar, A. Gurtov, and M. Ylianttila, "Pauthkey: A pervasive authentication protocol and key establishment scheme for wireless sensor networks in distributed IoT applications," in Int. J. Distrib. Sensor Netw., vol. 10, Jul. 2014, Art. no. 357430.
17. G. Ho et al., "Smart locks: Lessons for securing commodity Internet of Things devices," in Proc. 11th ACM Asia Conf. Comput. Commun. Security (ASIA CCS), Xi'an, China, 2016, pp. 461-472.
18. Y. Sharaf-Dabbagh and W. Saad, "On the authentication of devices in the Internet of Things," in Proc. IEEE 17th Int. Symp. World Wireless Mobile Multimedia Netw. (WoWMoM), Coimbra, Portugal, Jun. 2016, pp. 1-3.
19. C. Zhang and R. Green, "Communication security in Internet of Thing: Preventive measure and avoid DDoS attack over IoT network," in Proc. 18th Symp. Commun. Netw. (CNS), San Diego, CA, USA, 2015, pp. 8-15.
20. I. Bouij-Pasquier, A. A. Ouahman, A. A. E. Kalam, and M. O. de Montfort, "Smartorbac security and privacy in the Internet of Things," in Proc. IEEE/ACS 12th Int. Conf. Comput. Syst. Appl. (AICCSA), Marrakesh, Morocco, Nov. 2015, pp. 1-8.
21. G. L. dos Santos, V. T. Guimaraes, G. da Cunha Rodrigues, L. Z. Granville, and L. M. R. Tarouco, "A DTLS-based security architecture for the Internet of Things," in Proc. IEEE Symp. Comput. Commun. (ISCC), Larnaca, Cyprus, Jul. 2015, pp. 809-815.
22. S. Jebri, M. Abid, and A. Bouallegue, "An efficient scheme for anonymous communication in IoT," in Proc. 11th Int. Conf. Inf. Assurance Security (IAS), Marrakesh, Morocco, Dec. 2015, pp. 7-12.
23. K. Yoshigoe, W. Dai, M. Abramson, and A. Jacobs, "Overcoming invasion of privacy in smart home environment with synthetic packet injection," in Proc. TRON Symp. (TRONSHOW), Tokyo, Japan, Dec. 2015, pp. 1-7.
24. L. Seitz, G. Selander, and C. Gehrmann, "Authorization framework for the Internet-of-Things," in Proc. IEEE 14th Int. Symp. World Wireless Mobile Multimedia Netw. (WoWMoM), Madrid, Spain, Jun. 2013, pp. 1-6.
25. M. Vucinic et al., "OSCAR: Object security architecture for the Internet of Things," in Proc. IEEE Int. Symp. World Wireless Mobile Multimedia Netw., Jun. 2014, pp. 1-10.
26. S. Cirani, M. Picone, P. Gonizzi, L. Veltri, and G. Ferrari, "IoT-OAS: An OAuth-based authorization service architecture for secure services in IoT scenarios," IEEE Sensors J., vol. 15, no. 2, pp. 1224-1234, Feb. 2015.
27. Q. Jing, A. V. Vasilakos, J. Wan, J. Lu, and D. Qiu, "Security of the Internet of Things: Perspectives and challenges," Wireless Netw., vol. 20, no. 8, pp. 2481-2501, 2014.
28. J. Chen, S. Kher, and A. Somani, "Distributed fault detection of wireless sensor networks," in Proc. Workshop Dependability Issues Wireless Ad Hoc Netw. Sensor Netw. (DIWANS), 2006, pp. 65-72.
29. A. P. R. da Silva et al., "Decentralized intrusion detection in wireless sensor networks," in Proc. 1st ACM Int. Workshop Qual. Service Amp Security Wireless Mobile Netw. (Q2SWinet), Montreal, QC, Canada, 2005, pp. 16-23.
30. Y. Wang, X. Wang, B. Xie, D. Wang, and D. P. Agrawal, "Intrusion detection in homogeneous and heterogeneous wireless sensor networks," IEEE Trans. Mobile Comput., vol. 7, no. 6, pp. 698-711, Jun. 2008.
31. G. Gaubatz, J.-P. Kaps, E. Ozturk, and B. Sunar, "State of the art in ultra-low power public key cryptography for wireless sensor networks," in Proc. 3rd IEEE Int. Conf. Pervasive Comput. Commun. Workshops, Mar. 2005, pp. 146-150.
32. S. C.-H. Huang and D.-Z. Du, "New constructions on broadcast encryption key pre-distribution schemes," in Proc. IEEE 24th Annu. Joint Conf. Comput. Commun. Soc., vol. 1. Miami, FL, USA, Mar. 2005, pp. 515-523.
33. H. Chan, A. Perrig, and D. Song, "Random key predistribution schemes for sensor networks," in Proc. Symp. Security Privacy, Berkeley, CA, USA, May 2003, pp. 197-213.
34. F. M. Al-Turjman, A. E. Al-Fagih, W. M. Alsalih, and H. S. Hassanein, "A delay-tolerant framework for integrated RSNs in IoT," Comput. Commun., vol. 36, no. 9, pp. 998-1010, 2013.
35. H. Liu, M. Bolic, A. Nayak, and I. Stojmenovic, "Taxonomy and challenges of the integration of RFID and wireless sensor networks," IEEE Netw., vol. 22, no. 6, pp. 26-35, Nov./Dec. 2008.
36. H. Chan and A. Perrig, "PIKE: Peer intermediaries for key establishment in sensor networks," in Proc. IEEE 24th Annu. Joint Conf. Comput. Commun. Soc., vol. 1. Miami, FL, USA, Mar. 2005, pp. 524-535.
37. L. Eschenauer and V. D. Gligor, "A key-management scheme for distributed sensor networks," in Proc. 9th ACM Conf. Comput. Commun. Security (CCS), Washington, DC, USA, 2002, pp. 41-47.
38. H. Corrigan-Gibbs and B. Ford, "Dissent: Accountable anonymous group messaging," in Proc. ACM CCS, Chicago, IL, USA, 2010, pp. 340-350.
39. D. I. Wolinsky, H. Corrigan-Gibbs, B. Ford, and A. Johnson, "Dissent in numbers: Making strong anonymity scale," in Proc. USENIX OSDI, 2012, pp. 179-192.
40. H. Corrigan-Gibbs, D. I. Wolinsky, and B. Ford, "Proactively accountable anonymous messaging in verdict," in Proc. USENIX Security, Washington, DC, USA, 2013, pp. 147-162.
41. H. Corrigan-Gibbs, D. Boneh, and D. Mazières, "Riposte: An anonymous messaging system handling millions of users," in Proc. IEEE S P, San Jose, CA, USA, 2015, pp. 321-338.
42. X. Zhao, L. Li, G. Xue, and G. Silva, "Efficient anonymous message submission," in Proc. IEEE INFOCOM, Orlando, FL, USA, Mar. 2012, pp. 2228-2236.
43. Y. Yao, L. T. Yang, and N. N. Xiong, "Anonymity-based privacypreserving data reporting for participatory sensing," IEEE Internet Things J., vol. 2, no. 5, pp. 381-390, Oct. 2015.
44. D. Halperin et al., "Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses," in Proc. IEEE S&P, Oakland, CA, USA, 2008, pp. 129-142.
45. C. Li, A. Raghunathan, and N. K. Jha, "Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system," in Proc. IEEE HealthCom, Columbia, MO, USA, 2011, pp. 150-156.
46. J. Radcliffe, "Hacking medical devices for fun and insulin: Breaking the human SCADA system," in Proc. Black Hat USA, 2011, pp. 1-12.
47. E. Marin, D. Singelée, B. Yang, I. Verbauwhede, and B. Preneel, "On the feasibility of cryptography for a wireless insulin pump system," in Proc. 6th ACM Conf. Data Appl. Security Privacy (CODASPY), New Orleans, LA, USA, 2016, pp. 113-120.
48. B. Jack. (2015). Implantable Medical Devices: Hacking Humans. [Online]. Available: https://en.wikipedia.org/wiki/BarnabyJack#cite note-medcity-11
49. D. Goldman. (2013). A Hacker Can Give You a Fatal Overdose. [Online]. Available: http://money.cnn.com/2015/06/ 10/technology/drug-pump-hack/
50. Two Safety Communications on the Cybersecurity Vulnerabilities of Two Hospira Infusion Pump Systems, FDA, Silver Spring, MD, USA, 2015. [Online]. Available: http://www.fda.gov/ MedicalDevices/Safety/AlertsandNotices/default.htm
51. K. B. Rasmussen, C. Castelluccia, T. S. Heydt-Benjamin, and S. Capkun, "Proximity-based access control for implantable medical devices," in Proc. ACM CCS, Chicago, IL, USA, 2009, pp. 410-419.
52. X. Hei and X. Du, "Biometric-based two-level secure access control for implantable medical devices during emergencies," in Proc. IEEE INFOCOM, Shanghai, China, 2011, pp. 346-350.
53. F. Xu, Z. Qin, C. C. Tan, B. Wang, and Q. Li, "Imdguard: Securing implantable medical devices with the external wearable guardian," in Proc. IEEE INFOCOM, Shanghai, China, 2011, pp. 1862-1870.
54. M. Rostami, A. Juels, and F. Koushanfar, "Heart-to-heart (H2H): Authentication for implanted medical devices," in Proc. ACM CCS, Berlin, Germany, 2013, pp. 1099-1112.
55. X. Hei, X. Du, S. Lin, and I. Lee, "PIPAC: Patient infusion pattern based access control scheme for wireless insulin pump system," in Proc. IEEE INFOCOM, Turin, Italy, 2013, pp. 3030-3038.
56. X. Hei, X. Du, and S. Lin, "Poster: Near field communication based access control for wireless medical devices," in Proc. ACM MobiHoc, Philadelphia, PA, USA, 2014, pp. 423-424.
57. G. Zheng, G. Fang, M. A. Orgun, and R. Shankaran, "A non-key based security scheme supporting emergency treatment of wireless implants," in Proc. IEEE ICC, Sydney, NSW, Australia, 2014, pp. 647-652.
58. X. Hei, X. Du, J. Wu, and F. Hu, "Defending resource depletion attacks on implantable medical devices," in Proc. IEEE GLOBECOM, Miami, FL, USA, 2010, pp. 1-5.
59. J. Liu, M. A. Ameen, and K. S. Kwak, "Secure wake-up scheme for WBANs," IEICE Trans. Commun., vol. 93-B, no. 4, pp. 854-857, Apr. 2010.
60. S. Raza et al., "Securing communication in 6LoWPAN with compressed IPsec," in Proc. Int. Conf. Distrib. Comput. Sensor Syst. Workshops (DCOSS), Barcelona, Spain, Jun. 2011, pp. 1-8.
61. S. Raza, S. Duquennoy, J. Hoglund, U. Roedig, and T. Voigt, "Secure communication for the Internet of Things-A comparison of link-layer security and IPsec for 6LoWPAN," Security Commun. Netw., vol. 7, no. 12, pp. 2654-2668, 2014.
62. A. J. Jara, D. Fernandez, P. Lopez, M. A. Zamora, and A. F. Skarmeta, "Lightweight MIPv6 with IPsec support," Mobile Inf. Syst., vol. 10, no. 1, pp. 37-77, 2014.
63. T. Kothmayr, C. Schmitt, W. Hu, M. Brünig, and G. Carle, "DTLS based security and two-way authentication for the Internet of Things," Ad Hoc Netw., vol. 11, no. 8, pp. 2710-2723, Nov. 2013.
64. S. Raza, D. Trabalza, and T. Voigt, "6LoWPAN compressed DTLS for CoAP," in Proc. IEEE 8th Int. Conf. Distrib. Comput. Sensor Syst., Hangzhou, China, May 2012, pp. 287-289.
65. S. Raza, H. Shafagh, K. Hewage, R. Hummen, and T. Voigt, "Lithe: Lightweight secure CoAP for the Internet of Things," IEEE Sensors J., vol. 13, no. 10, pp. 3711-3720, Oct. 2013.
66. M. Brachmann, S. L. Keoh, O. G. Morchon, and S. S. Kumar, "End-to-end transport security in the IP-based Internet of Things," in Proc. 21st Int. Conf. Comput. Commun. Netw. (ICCCN), Munich, Germany, Jul. 2012, pp. 1-5.
67. R. Hummen, J. H. Ziegeldorf, H. Shafagh, S. Raza, and K. Wehrle, "Towards viable certificate-based authentication for the Internet of Things," in Proc. 2nd ACM Workshop Hot Topics Wireless Netw. Security Privacy (HotWiSec), Budapest, Hungary, 2013, pp. 37-42.
68. Wikipedia. (2016). Mirai. [Online]. Available: https://en.wikipedia.org/wiki/Mirai(malware)
69. S. Khandelwal. (2016). New IoT Botnet Malware Discovered; Infecting More Devices Worldwide. [Online]. Available: http://thehackernews.com/2016/10/linux-irc-iot-botnet.html
70. Z. A. Baig, M. Baqer, and A. I. Khan, "A pattern recognition scheme for distributed denial of service (DDoS) attacks in wireless sensor networks," in Proc. 18th Int. Conf. Pattern Recognit. (ICPR), vol. 3. Hong Kong, 2006, pp. 1050-1054.
71. X. Du, M. Guizani, Y. Xiao, and H.-H. Chen, "Defending DoS attacks on broadcast authentication in wireless sensor networks," in Proc. IEEE Int. Conf. Commun., Beijing, China, May 2008, pp. 1653-1657.
72. K. Gill and S.-H. Yang, "A scheme for preventing denial of service attacks on wireless sensor networks," in Proc. 35th Annu. Conf. IEEE Ind. Electron., Porto, Portugal, Nov. 2009, pp. 2603-2609.
73. R. Nanda and P. V. Krishna, "Mitigating denial of service attacks in hierarchical wireless sensor networks," Netw. Security, vol. 2011, no. 10, pp. 14-18, 2011.
74. K. Sonar and H. Upadhyay, An Approach to Secure Internet of Things Against DDoS. Ahmedabad, India: Springer, 2016, pp. 367-376.