978-1-5386-8125-1/19/$31.

00 ©2019 IEEE

Security Issues and Challenges in IoT

Dr. Kahkashan Tabassum
Dept. of Computer Sciences, CCIS,
Princess Nourah Bint Abdulrahman
University, Riyadh, KSA.
ktosman@pnu.edu.sa
0000-0001-7150-9830
Dr Ahmed Ibrahim
Dept. of Computer Sciences, CCIS,
Princess Nourah Bint Abdulrahman
University, Riyadh, KSA.
azibrahim@pnu.edu.sa
Dr Sahar A. El_Rahman
Faculty of Engineering, Shoubra Benha
University, Cairo, Egypt
Princess Nourah Bint Abdulrahman
University, Riyadh, KSA.
sahr_ar@yahoo.com
Abstract—The Internet of Things (IoT) supports a wide range of
applications including smart cities, traffic congestion, waste
management, structural health, security, emergency services,
logistics, retails, industrial control, and health care. IoT is megatechnology that can establish connection with anything,
anyone,
at any time, place, service on a platform and any network. It has
a great impact on the whole block chain of businesses, smart
objects and devices, systems and services that are enabled by
heterogeneous network connectivity and is developed as a smart
pervasive framework of smart devices. IoT devices are in use in
many fields, they connect to complex devices, interface with
hostile environments and are deployed on various uncontrolled
platforms, therefore faces many security issues and challenges.
Since the IoT offers a potential platform for integrating any type
of network and complex system it could encounter vulnerabilities
inherent to the individual systems which are available within the
integrated network. This research paper is a study of the security
issues of the individual systems responsible for IoT
interconnection and their impact towards the integrated IoT
system.
Keywords— Big Data Analytics, Network security, Device security,
Internet of Things.
I. INTRODUCTION
IoT devices are currently used in almost every area may it
be industrial, educational, medical or business. IoT connects
complex devices together, it can interface with a
heterogeneous set of environments deployed on various
platforms. Since the IoT provide integration of many types of
networks and complex systems, it is exposed to security
challenges and issues that are already a part of the individual
systems involved in its framework or available within its
integrated network. This paper targets the real challenges for
the clients from both the hardware (embedded server) and
software perspectives. Most of the connected devices that
seem to be functional are at a risk due to reasons that they
may be hacked by hackers and the whole business may suffer
drawbacks. These issues explain how critical are the privacy
and security to a system. The solution to these issues could be
providing the customer with personalized devices that offer
the system a high level of security through setting
personalized IDs, using MAC address security. public/private
keys, digital signatures and certificates within the system.
Unfortunately, there is no added cost for the system that
chooses to offer security but instead the cost exists only for the
system. IoT is the only technology in todays’ world which is
considered to have a fantastic prospective that can fill the gap
or barriers which existed within various technologies until
recently.
II. BACKGROUND AND RELATED WORK
This section discusses the security issues and challenges
in IoT in various fields and the survey is organized as
follows: First part of this section discusses general IoT
security[1], which is followed by a survey[2] based on deeper
insight on the IoT data transfer in the form of Big data. The
next part is organized from [3][4][5] and deals with the
description about the challenges that are faced by IoT and Big
Data security, the final section presents the secure applications
of IoT business analytics and Health informatics. The survey
in paper [6] expresses the IoT business collaboration, safety,
and confidentiality, the researchers in [7] discuss about IoT
business collaboration with financial perspective and
highlights its benefits. In [8] the researchers have illustrated a
real-life example about a specific industry and how the IoT
steps can be applied to a real-life scenario to secure it. In the
modern age, it is of the utmost importance for any business to
incorporate some features for optimal operation. One of which
is security, this links back to the huge size of data that is being
exchanged between devices. The current technology is striving
to advance towards development of deep learning analysis of
the security architecture and features of IoT. The research
status of key technologies including encryption mechanism,
security layers, cryptographic algorithms are reviewed and
discussed amongst these survey papers . All that was
discussed in [1] has an effect on business in the modern age.
[2] explores the potential impact of large data challenges,
research efforts directed towards the analysis of IoT data, and
various tools associated with its analysis. It discusses some
problems and challenges presented by big data, one of which
being the acquisition of knowledge from IoT data. The authors
discussed the relationship between Business Data
Analytics(BDA) and IoT, examined various research topics,
various opportunities generated by data analysis in the IoT
paradigm, challenges and tools used for BDA, and they
discussed the information security dimension of BDA. In the
article, numerous types of analysis techniques were used. The
authors suggested the use of platforms to explore big data in
numerous stages because Big Data platform has its own
individual approach. All types of devices communicate
together in numerous ways. They have to transfer enormous
amounts of data between each other. This article [3] has to do
with Big Data delivery over the IoT. The purpose of this
article is to develop suitable algorithms for efficient
transmission of big data. The authors represented an
architecture system that will be an entire automated system of
sensor and body area networks that will be built into the
appropriate topologies.
As mentioned previously there are many challenges in
IoT security regarding business. This paper [4] debates some
of these challenges and talks about IoT business analytics
security. The author’s research shows that almost all physical
devices will be connected by an IoT by the year 2020. All
major businesses are vying for the IoT market. Amongst this
market is the IoT security market which will be one of the
most imperative markets in the IoT driven digital marketplace
that the author’s research predicts. This article [5] aims to
present mature research or work-in-progress results in all areas
focused on security in IoT architecture based on business
processes and Business Analytics. It also discusses physical
linkage in IoT between devices. The authors speak about how
IoT device linkage can have real life application, such as
improving user experience. The article debates some problems
that businesses might face from a security perspective when
dealing with IoT, for example, hacker interception. It shows
the way to avoid this by saying that IoT’s for collaborative
business technologies must have a viable, efficient, and
resilient security solution. Which help businesses believe in
the IoT as a solution of collaborative technologies. Businesses
are aware of the financial and marketplace gain that IoT may
incur, but they’re unsure of how to approach its
implementation. Article [6] proposes a method that businesses
might be able to use for implementing IoT into themselves.
The article hinges on partner collaboration and it shows how
they might benefit from it. It also demonstrates how this
method has integrated the IoT framework strategy category,
and its tactics.
All businesses must care for the financial side of things,
and this also applies to the IoT marketplace. This article [7]
argues about financial technology (FinTech) which employs
technological advancements and sharing economy models to
improve financing services. The article shows a proactive
FinTech model that speaks of actual costs and potential
benefits in real time which they believe will offer attractive
service value. FinTech is a fast-growing technology that has
been implemented by many businesses and IoT has the
potential to be combined with it, which will mix these two
business powerhouses into a useful financial business tool.
The article acknowledges how this type of IoT implementation
might be an invasion into people’s privacy, it tries to outweigh
this con by arguing that some people might be willing to forgo
the potential invasion into their privacy by stating that most
people will find that monetary benefit is more appealing than
maximum privacy. It specifically states that implementation of
IoT will naturally invade people’s privacy, but there will be
benefits that will render the decrease in privacy acceptable.
One example of businesses are the oil and gas industries. This
article [8] discusses IoT business analytics security in this
specific field. This same knowledge can be transferred over to
other fields of industry, which ultimately means the
information can be applied to most businesses. The article
expresses the economical trend of implementing already tried
and tested methods in the oil and gas industry with a
technological aspect. Which helps simplify most tasks and
increases efficiency, cutting costs and increasing output. IoT is
a big way of facilitating tasks in these industries, in the sense
that IoT can be integrated into the infrastructure of these
industries. The article discusses IoT deployments and
protocols, which relates to IoT business analytics security. The
current article deals with a huge range of industries and cases
by implementing an equally huge number of devices and
network communication protocols. E.g. HTTPS, Access
control, etc.
III. PROPOSED APPROACH TO SECURE IOT
At first it may appear quite challenging to secure IoT but
it can be achieved through planning at the beginning, since if
the security is considered in the initial stage it can solve
substantial IoT security issues. Generally, security is
implemented at organizational level after understanding and
evaluating the overall risk related to the functionality of the
secure policies and standards. By evaluating the data security
risks and the controls required to manage data with respect to
the devices they operate on, as well as device security, any
organization can resolve IoT security issues maximum
possible extent. This strategy will simplify the implementation
of any IoT framework and also provides the additional benefit
to apply and integrate the existing proven security principles
into the current technological environment. Thus this strategy
involves thorough understanding of deployed components,
their restrictions and their implementation abilities. Therefore,
every IoT device is based on a network stack mostly
consisting of wireless networking design and technology since
these IoT have their own operating systems(OS). The OS
within the IoT devices could be locked down to secure them
from any vulnerability due to attacks and threats which require
regular monitoring of OS services or maintain proper
infrastructure security based on possible remedies. The
vulnerabilities due to insecurity leaves OS in a compromising
situation but protection can be achieved by constant vigilance
and organized maintenance programs or using a firewall.
However, to enable security using this strategy will be limited
to a system with few devices otherwise it is required to
automate and synchronize in case of many devices which may
assist the system in avoiding human errors.
Since IoT devices rely on wireless technology based on
wireless Ethernet or Bluetooth for communications, these
technologies can use critical updates and revisions of software
to address prior vulnerabilities or use newer versions of
framework to quickly address the security threats. 1) The
framework is dependent on the encryption techniques applied
between the communicating points to ensure end to end
communication among the peers by using unique keys. 2)
Another layer of security includes any device attempting to
connect to the network depends on the enterprise preferences
for successful authentication process implementation. 3) The
third important layer consists of controlling and dividing
communication paths which is accomplished by grouping
devices based on network types and functionality ( using
Routers and Switches). Bluetooth firewalls and IP-based
firewalls could be effective counter methods to implement
cyber threats apart from controlling other devices on the
network. The next section IV discusses a suitable IoT
framework based on three layers which could serve as a secure
reference framework for IoT elements.
IV. A SECURE IOT ARCHITECTURE
The IoT has a great potential, where its main aim is to
transform the way of performing different activities and
reform the living pattern of people in the recent world. Due to
this reason the IoT architecture differs based on type of
solution we intend to develop. IoT technology framework
mainly consists of four basic components( Sensors, Devices,
Gateways and Clouds). But there are several kinds of
challenges associated with IoT framework of devices and also
management of these devices. The focus of this paper is the
security issues and challenges from the IoT perspective which
in turn is based on internet security issues and security among
layers. A detailed discussion is provided below section. The
composition of IoT framework with respect to the three layers:
application layer, network layer and perception layer has to be
studied to understand the underlying issues and possible near
solutions to make the systems secure from the attacks (refer
Fig. 1) [11][12]. The major concerns in IoT development are
security and privacy issues as illustrated in [13]14]. The
security and privacy satisfaction requirements represent a
primary role where the requirements implicate access control
through IoT networks, data confidentiality and authentication,
privacy[15][18] and trust between things and users, and the
reinforcement of privacy and security regulations (refer Fig.
2). The main requirements to secure IoT is to ensure that the
data is available for the authorized users at all times [19][20].
IoT has different applications with different economic impact
ranging from home to industry (Fig. 3) and it is remarkably
growing to allow the daily tasks to be a part of the global
network. As IoT grows, security challenges increase and the
approaches to secure the devices and the networks move
towards a greater autonomy in reacting to attacks and
perceiving threats, based on a systemic cognitive technique
[21]. Fig. 4 indicates the evolution of security requirements
[22]. Consequently, efficient security techniques are required
for embedded computing that are based on scarce resources,
applications and secure network protocols, such as
authentication techniques, credential and key management
[18][23]. Security plays an important role in IoT application
development. Also, IoT applications gather enormous amount
of data from a number of sensors (Fig. 5).
Fig. 1. IoT Architecture
So, this data needs to be protected by information security
algorithms
Fig. 2. IoT Security Challenges
such as encryption where the most of this data is personal
[24][25],
Fig. 3. Impact of IoT in Industries
whereas, the collection and usage of personal data is a privacy
IoT challenge on its own. [26].
Fig. 4. Evolution of security requirements

Data collection

Security and Privacy

Services Semantics

Resources IoT Objects

Fig. 5. Integration Requirements of IoT data

A. Perception Layer Security issues
The main enabling technologies utilized in this layer are
Radio Frequency Identification (RFID), Wireless Sensor
Network (WSN) and other types of identification and sensing
techniques. The most popular threat types privileged by this
layer are [11]:
Malicious Node: In this type of security threat, the
malicious node is added to the existing system by the
antagonists over which they can disseminate malicious
data over the network, so as to infect the whole system.
Node Capture: The nodes that exist in the network
gateway have a greater potential to be exposed that may
result in the important information leakage that risks the
entire network’s security.
Replay Attack: In the replay attack, the antagonist
replays the previous messages to the destination node in
order to compromise the authentication scheme and
network trust.
Distributed Denial of Service (DDoS) Attack: Denial of
Service (DoS) DDoS attacks are the most popular and
easiest to conduct attacks through the networks. Where
they produce the unavailability of services and the
exhaustion of network resources.
B. Network and Transformation Layer Security issues
The main threats in this layer are Network Intrusion,
Man-in-the-middle, eavesdropping, and DoS/DDoS. These
threats relate to integrity, confidentiality, and availability
[15][25].
Issues of Scalability: IoT includes a huge number of
devices and sometimes large in size and these may
leave or enter the network many times, thus increasing
the challenges such as network congestion, lack of
authentication and authorization, a sharing
environment, etc. It also consumes more resources.
Heterogeneity: This makes the system vulnerable. The
main reason the system suffers heterogeneity is the
involvement (and utilization) of various technologies
[27], network coordination and protocols security are
difficult to preserve.
Data Revelation: The antagonist may be able to get
sensitive data from the network by utilizing social
engineering mechanisms. Although the IoT network has
a lot of devices that have a huge amount of data, it is
easy to retrieve the information from the nodes utilizing
certain information retrieval mechanisms.
C. Application Layer Security issues
This layer requires different security levels according to
the application requirements that make the securing
application tasks complicated and hard. At this layer, the
security and privacy issues[12].
Privacy: Personal privacy should be guaranteed for
each connection, where at times the methods that are
utilized to process and analyze the data may be weak
that can cause data loss and do huge damages to the
system over a long period.
Data Management: As the data collected in the system
is huge, its complexity grows that leads to a lot of
resources being exhausted and complicated
mechanisms for the data management and may also
produce data loss.
Node identification and Mutual authentication: For
identifying the node to perform authentication different
degrees of access privileges are required in each
application and it is dependent on the number of users
allowed by a specific application. This creates a serious
requirement for an effective Authentication scheme to
be implemented and utilized to prohibit any illegal
access.
Specific Vulnerabilities of Application: There exists
threats or vulnerabilities that can be used by the
antagonists resulting in development of application
modules anonymous to the user.
V. CONCLUSION
Today it is estimated that over 23 billion IoT connected
devices exist worldwide and it is anticipated to rise and reach
30 billion in near future within a year or two(by 2020)
and more than 60 billion by 2025. This gigantic wave of new
IoT gadgets are cost affective. As the IoT connected devices
continues to escalate in the upcoming years, so will the
security threats for Data privacy and security associated with
these will rise. So, there is a tremendous need for
implementing security throughout the platforms being used to
integrate IoT devices.
To summarize it is required to be thoughtful and make a
choice of IoT device based on the ability of security that can
be provided by the device. To design a secure IoT framework,
it is important to identify the limitation of IoT device, consider
the network infrastructure, the categories of vulnerabilities and
possibilities of organizational risks. It is required to build up a
strong network foundation to support IoT elements even
though they grow fast in the environments (network), still the
threats could be managed effectively and conveniently.
As a future work, our aim is to develop a real
implementation of a secure IoT Framework and illustrate
how to address the IoT Security threats using wireless network
simulation and present the potential importance for
supporting authenticated access to critical information.
ACKNOWLEDGEMENTS
We are thankful to the Head of Department of Computer
Sciences and the Research Unit of College of Computer and
Information Sciences, Princess Nourah Bint Abdulrahman
University for all the encouragement and support they have
extended to carry out the research activities at the department
and college level. We would like to extend our sincere thanks
for the research awareness and motivation they have
developed for women empowerment. I also extend my sincere
gratitude towards their constant cooperation and guidance to
get the required resources and information for the research.
REFERENCES
1. Hui Suo , Jiafu Wan , Caifeng Zou , Jianqi Liu, “Security in the Internet
of Things: A Review”, International Conference on Computer Science
and Electronics Engineering, IEEE Xplore Digital Library, 2012.
2. Fabián Constante Nicolalde, Fernando Silva, Boris Herrera,
António Pereira, “Big Data Analytics in IOT: Challenges, Open
Research Issues and Tools”, World Conference on Information Systems
and Technologies, Trends and Advances in Information Systems and
Technologies, 2018, Part of book pp 775-788.
3. Andreas P. Plageras , Kostas E. Psannis, “Algorithms for Big Data
Delivery over the Internet of Things”, IEEE 19th Conference on
Business Informatics (CBI), IEEE Xplore Digital Library, 2017.
4. Sachchidanand Singh , Nirmala Singh, “Internet of Things (IoT):
Security challenges, business opportunities & reference architecture for
E-commerce”, International Conference on Green Computing and
Internet of Things (ICGCIoT), IEEE Xplore Digital Library, 2015.
5. Layth Sliman , Hachemi Nabil Dellys, “Security, Safety and
Confidentiality in IoT for Collaborative Business Technologies (SSCIoT
Track of WETICE 2018)”, IEEE 27th International Conference on
Enabling Technologies: Infrastructure for Collaborative Enterprises
(WETICE), IEEE Xplore Digital Library, 2018.
6. Hwaiyu Geng, “IoT Business Models”, Internet of Things and Data
Analytics Handbook, IEEE Xplore Digital Library, 2017.
7. Zahraa Marafie , Kwei-Jay Lin , Yanlong Zhai , Jing Li, “ProActive
Fintech: Using Intelligent IoT to Deliver Positive InsurTech Feedback”,
IEEE 20th Conference on Business Informatics (CBI), IEEE Xplore
Digital Library, 2018.
8. Cristian TOMA, Marius POPA, “IoT Security Approaches in Oil & Gas
Solution Industry 4.0”, Informatica Economica Academic Journal, vol.
22, no. 3/2018.
9. Aakanksha Tewari, B.B. Gupta, “Security, privacy and trust of different
layers in Internet of Things (IoTs) framework”, Future Generation
Computer Systems, May 2018. Available [Online]
https://doi.org/10.1016/j.future.2018.04.027
10. Jianwei Hou, Leilei Qu, Wenchang Shi, “A survey on internet of things
security from data perspectives”, Computer Networks Journal, in press,
Dec 2018. https://doi.org/10.1016/j.comnet.2018.11.026
11. Miao Wu, Ting-Jie Lu, Fei-Yang Ling, Jing Sun, Hui-Ying Du,
“Research on the architecture of Internet of Things”, in: Proceeding of
2010 3rd International Conference on Advanced Computer Theory and
Engineering(ICACTE), 2010, pp. 484-487.
12. Zhihong Yang, Yingzhao Yue, Yu Yang, Yufeng Peng, Xiaobo Wang,
Wenji Liu, “Study and application on the architecture and key
technologies for IoT”, in Proceeding of 2011 International Conference
on Multimedia Technology ( ICMT), 2011, pp. 747-751.
13. Ying-Cong Zhang, Jing Yu, “A study on the fire IOT development
strategy”, Procedia Engineering, Vol. 52, 2013, pp. 314-319.
14. Rishika Mehtaa , Jyoti Sahnib, Kavita Khannac, “Internet of Things:
Vision, Applications and Challenges”, International Conference on
Computational Intelligence and Data Science (ICCIDS 2018), Procedia
Computer Science, Vol. 132, 2018, pp. 1263-1269.
15. S. Sicari, A. Rizzardi, L.A. Grieco, A. Coen-Porisini, “Security, privacy
and trust in Internet of Things: The road ahead”, Computer Networks
Journal, Vol. 76, 2015, pp. 146–164.
16. Mardiana binti, Mohamad Noor, Wan Haslina Hassan, “ Current
research on Internet of Things (IoT) security: A survey”, Computer
Networks Journal, in press, Dec 2018.
https://doi.org/10.1016/j.comnet.2018.11.025
17. Kazi Masum Sadique, Rahim Rahmani, Paul Johannesson, “Towards
Security on Internet of Things: Applications and Challenges in
Technology”, The 9th International Conference on Emerging Ubiquitous
Systems and Pervasive Networks (EUSPN 2018), Procedia Computer
Science, Vol. 141, 2018, pp. 199–206.
18. Mahmoud Ammar, Giovanni Russello, Bruno Crispo, “Internet of
Things: A survey on the security of IoT frameworks”, Journal of
Information Security and Applications, Vol. 38, 2018, pp. 8–27.
19. Kevin Ashton, “Internet of Things”, RFiD Journal, 2009.
20. Huansheng Ning ; Ziou Wang, “Future Internet of Things Architecture:
Like Mankind Neural System or Social Organization Framework?”,
IEEE Communications Letters, Vol. 15 , No. 4 , 2011, pp. 461–463.
21. Hugh Boyes, Bil Hallaq, Joe Cunningham, Tim Watson, “The industrial internet of things (IIoT): An analysis framework”, Computers in
Industry Jornal, Vol. 101, 2018, pp. 1–12.
22. Arbia Riahi Sfar, Enrico Natalizio, Yacine Challal, Zied Chtourou, “A
roadmap for security challenges in the Internet of Things “, Digital
Communications and Networks, Vol. 4, 2018, pp. 118–137.
23. Luigi Atzori, Antonio Iera, Giacomo Morabitoc, “The Internet of
Things: A survey”, Computer Networks Journal, Vol. 54, No. 15, 2010,
pp. 2787-2805.
24. Ira S. Rubinstein, “Big Data: The End of Privacy or a New Beginning?”
International Data Privacy Law, Vol. 3, No. 2, 2013, pp. 74–87.
25. Christos Stergioua, Kostas E. Psannisa, Brij B. Guptab, Yutaka
Ishibashic, “Security, privacy & efficiency of sustainable Cloud
Computing for Big Data and IoT”, Sustainable Computing: Informatics
and Systems, Vol. 19, 2018, pp. 174–184.
26. Xavier Caron, Rachelle Bosua, Sean B. Maynard, Atif Ahmad, “The
Internet of Things (IoT) and its impact on individual privacy: An
Australian perspective”, Computer Law & Security Review Journal,
Vol. 32, 2016, pp. 4–15.
27. Dr. Kahkashan Tabassum, Dr. A. Damodaram and S.V.S. Rama
Krishnam Raju, “An Energy-Efficient New Hierarchical Stable Election
Protocol for Wireless Sensor Networks”, Proceedings of 2nd
International Conference on Recent Advances in Design, Development
and Control of Micro-Air-Vehicles IC-RA-MAV-2013.