IEEE INTERNET OF THINGS JOURNAL, VOL. 5, NO.

4, AUGUST 2018 2483

Evaluating Critical Security Issues of the IoT

World: Present and Future Challenges
Mario Frustaci, Pasquale Pace , Member, IEEE, Gianluca Aloi, Member, IEEE,
and Giancarlo Fortino, Senior Member, IEEE

Abstract—Social Internet of Things (SIoT) is a new paradigm (which support major Internet platforms and services such as
where Internet of Things (IoT) merges with social networks, PayPal, Twitter, VISA, etc.) through a botnet consisting of
allowing people and devices to interact, and facilitating infor- a large number of vulnerable IoT devices (such as printers,
mation sharing. However, security and privacy issues are a great
challenge for IoT but they are also enabling factors to create IP cameras, residential gateways, and baby monitors) that had
a “trust ecosystem.” In fact, the intrinsic vulnerabilities of IoT been infected by the Mirai malware. With an estimated load of
devices, with limited resources and heterogeneous technologies, 1.2 terabits per second, the attack is, according to experts, the
together with the lack of specifically designed IoT standards, largest DDoS on record [5]. In addition, in the same period,
represent a fertile ground for the expansion of specific cyber researchers uncovered a flaw in the radio protocol ZigBee [6]
threats. In this paper, we try to bring order on the IoT security
panorama providing a taxonomic analysis from the perspective of that has been shown and demonstrated by using an aerial drone
the three main key layers of the IoT system model: 1) perception; to target a set of smart Philips light bulbs in an office tower,
2) transportation; and 3) application levels. As a result of the infecting the bulbs with a virus that let the attackers to turn
analysis, we will highlight the most critical issues with the aim the lights on and off flashing an “SOS” message in Morse
of guiding future research directions. code; moreover, this malware was also able to spread like a
Index Terms—Cyber threats, Internet of Things (IoT), IoT pathogen among the devices neighbors.
protocols, IoT security, IoT system model, trust. Finally, another matter of concern for IoT, is the privacy
in the protection of the personal data collected by such IoT
systems since it is necessary to provide full awareness and
control of the automatic data flow to the generic end user.
I. I NTRODUCTION Starting from this worrying and challenging context, this
N THE next future, the Internet of Things (IoT) paradigm paper discusses the current status and how to design IoT secu-
I will involve billion of smart-devices with processing, sens-
ing and actuating capabilities able to be connected to the
rity. In Section II, we discuss about a generic model for IoT
Systems with specific reference to threats. In Section III, we
Internet [1], [2]. Integrating social networking concepts into define the concept of trust and its importance in IoT to create
the IoT has led to the Social IoT (SIoT) concept which enables social relationships between unknown entities. In Section IV,
people and connected devices to interact, facilitating infor- we define how security must be correctly designed to sup-
mation sharing [3]. However, interoperability [4], security, port the IoT paradigm by exhibiting some generic policies
and privacy issues are a great challenge for IoT but they and strategies which should be redesigned to address spe-
are also enabling factors to create a “trust and interopera- cific characteristics of IoT world (i.e., limited resources and
ble ecosystem.” In fact, not solving these issues, the SIoT technological heterogeneity). A key step to include security
paradigm will not reach enough popularity and all its potential in IoT Systems is also related to the secure communication
can be lost. protocols used in a way that data in transit are confiden-
Security issue is emphasized by the lack of standards tial, reliable, and available by preventing cyber attacks. In
specifically designed for devices with limited resources and fact, in Section V we analyze some widely used IoT pro-
heterogeneous technologies. In addition, these devices, due to tocols dealing with security issues and describing innovative
many vulnerabilities, represent a “fertile ground” for existing solutions presented in the scientific literature. Finally, in
cyber threats. In fact, at the end of 2016, there were distributed Section VI we discuss where it should be directed the scientific
denial of service (DDoS) attacks to the DNS provider Dyn research in the near future to solve the most serious security
IoT issues.
Manuscript received July 15, 2017; revised September 27, 2017; accepted
October 17, 2017. Date of publication October 27, 2017; date of current
version August 9, 2018. This work was supported by the European Union
under the framework of INTER-IoT Research and Innovation action - Horizon II. T HREATS IN I OT S YSTEM M ODEL
2020 European Project, Grant Agreement 687283. (Corresponding author:
Pasquale Pace.) A generic IoT system can be fully represented and described
The authors are with the Department of Informatics, Modeling, Electronics by using three main key layers: 1) perception; 2) trans-
and System Engineering, University of Calabria, 87036 Rende, Italy portation; and 3) application. Each of these system levels
(e-mail: [email protected]; [email protected];
[email protected]; [email protected]). summarized in Fig. 1 has its own specific technologies that
Digital Object Identifier 10.1109/JIOT.2017.2767291 bring issues and some possible security weaknesses. In fact,
2327-4662 c 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

Authorized licensed use limited to: Univ Distrital Francisco Jose de Caldas. Downloaded on April 24,2020 at 02:00:59 UTC from IEEE Xplore. Restrictions apply.
2484 IEEE INTERNET OF THINGS JOURNAL, VOL. 5, NO. 4, AUGUST 2018

B. Transportation Layer
Transportation layer mainly provides ubiquitous access
environment for the perception layer. The purpose of this layer
is to transmit the gathered information, received from the per-
ception layer, to any particular information processing system
through existing communication networks used by both access
networks (3G, WiFi, ad hoc network, etc.) or core networks
(Internet).
In [9], there is a brief overview of security issues in wireless
networks such as cellular networks. According to this paper,
the open and heterogeneous architecture of an IP-based LTE
network, is resulting in increasing number of security threats
compared to the 3G networks.
Generally, at this level, the main security threats are as
Fig. 1. IoT system model.
follows.
1) Routing Attacks: Intermediate malicious nodes (e.g., in
in [7] the security problems of each layer are analyzed a WSN) might modify the right routing paths during the
separately by looking for new robust and feasible solutions. data collection and forwarding process.
2) DoS Attacks: Because of the heterogeneity and complex-
ity of IoT network, the transportation layer is vulnerable
A. Perception Layer
to get attacked.
The first layer is related to the physical IoT sensors to 3) Data Transit Attacks: Various attacks on the confiden-
support data collection and processing on different common tiality and integrity during data transit in access or core
technologies such as radio-frequency identification (RFID), networks.
wireless sensor network (WSN), RFID sensor network (RSN),
and GPS. This layer includes sensors and actuators to perform
different measurements (i.e., temperature, acceleration, humid- C. Application Layer
ity, etc.) and functionalities such as querying location [8]. Due The application layer provides the services requested by
to the limited node resources and distributed organized struc- customers. For instance, the application layer can provide
ture, the main security threats coming from the perception temperature and air humidity measurements to the customers
layer are as follows. asking for such data. The importance of this layer for the
1) Physical Attacks: These kinds of attacks are focused on IoT is that it has the ability to provide high-quality smart
the hardware components of the IoT system and the services to meet customers’ needs. Many different IoT envi-
attacker needs to be physically close or into the IoT ronments (i.e., smart city, smart healthcare, and smart factory)
system in order to make the attacks working. Some can be implemented within this level; moreover, an applica-
examples of these attacks are as follows. tion support sublayer, to support all sorts of business services
a) Node Tampering: The attacker can cause damage and to realize intelligent computation and resources alloca-
to a sensor node, by physically replacing the entire tion, could be implemented throughout specific middleware
node or part of its hardware or even electronically and cloud computing platforms.
interrogating the nodes to gain access and alter The main security threats within this layer are as follows.
sensitive information, such as shared cryptographic 1) Data Leakage: The attacker can easily steal data (also
keys or routing tables. data user, e.g., user password) by knowing vulnerabili-
b) Malicious Code Injection: The attacker compro- ties of the service or application.
mises a node by physically injecting it with mali- 2) DoS Attack: Attackers can destroy the availability of the
cious code that would give him access to the IoT application or service itself.
system. 3) Malicious Code Injection: Attackers can upload mali-
2) Impersonation: Authentication in the distributed envi- cious codes in software applications exploiting the
ronment is very difficult, allowing malicious nodes to known vulnerabilities.
use a fake identity for malicious or collusion attacks
3) Denial of Service (DoS) Attacks: Attackers exploit the
finite processing ability of the nodes, making them III. T RUST IN THE I OT W ORLD
unavailable. Trust management has been proven to be a useful tech-
4) Routing Attacks: Intermediate malicious nodes (e.g., in nology for providing security service and, as a consequence,
a WSN) might modify the right routing paths during the has been used in many applications such as collaborative Web-
data collection and forwarding process. based platforms [10], social media [11], semantic Web [12], or
5) Data Transit Attacks: Various attacks on the confiden- online shopping [13].
tiality and integrity during data transit [e.g., sniffing and For the IoT world, the development of trust mechanisms
man-in-the-middle (MITM)]. is fundamental to help people to overcome perceptions of

Authorized licensed use limited to: Univ Distrital Francisco Jose de Caldas. Downloaded on April 24,2020 at 02:00:59 UTC from IEEE Xplore. Restrictions apply.
FRUSTACI et al.: EVALUATING CRITICAL SECURITY ISSUES OF IoT WORLD: PRESENT AND FUTURE CHALLENGES 2485

TABLE I
T HREATS IN I OT S YSTEM M ODEL about others) and b) opportunism (transacting partners
have different goals).
2) Excellent Flexibility: Trust mechanisms can deal with
changeable security condition and personalized security
request. Users or nodes can define personalized policies
to evaluate whether an object is trusted or not. Every
participant can define one or multiple policies to perform
decision-making according to their request.
3) Better Efficiency: Trust management systems must be
lightweight enough to provide a good performance
taking into account energy constrains of several sen-
sor nodes. For example, for the routing process, sen-
sor nodes might need to know which other nodes
to trust when forwarding a packet, so as to choose
whether to send the information either through the
fastest link or through the nodes that have spent less
uncertainty and risk in using IoT services and applica- energy. Furthermore, the bandwidth can be evaluated by
tions [14], [15], [19]. Especially, in SIoT, trust plays a key trust value so as to select routing properly to balance
role in establishing trustworthy social relationships between the load.
unknown entities. In fact, in this context, IoT devices mimic 4) Uniforming Decision-Making for Heterogeneous IoT:
autonomously the social behavior of their human counter- Trust can be supported across multiple IoT domains
parts according to the owners’ social networks and build up based on trust chain technology.
social relationships with other trust devices in order to provide 5) Compatibility Between Trust and Security: In fact, a trust
services to the humans. management system can assist and/or take advantage of
other security protocols and mechanisms [e.g., key man-
A. Trust Properties agement, intrusion detection system (IDS), and privacy].
For example, regarding the key management systems,
Trust is a very complicated concept that is influenced by a node can use the trust measurements to revoke the
many measurable and nonmeasurable properties. It is strictly keys of an untrusted entity. In this regard, the work
related to security since ensuring system security and user in [18] proposes an adaptive trust management proto-
safety is a necessity to gain trust. However, trust is more than col for SIoT systems to enhance the security against
security. Another important concept related to trust is privacy malicious attacks.
that is the ability of an entity to determine whether, when, and
to whom information about itself is to be released or disclosed.
The properties influencing a trust decision can be classified C. Trust Management Goals
into five categories [16]. To provide trustworthy IoT system, trust management in IoT
1) Trustee’s objective properties, such as a trustee’s secu- should achieve the following objectives grouped in different
rity, dependability (reliability, maintainability, usability, categories [16].
and safety) and privacy preservation. 1) Layer Goals:
2) Trustee’s subjective properties, such as trustee honesty, a) Data Perception Trust: Data sensing and collection
benevolence and goodness. should be reliable in IoT (perception layer goal).
3) Trustor’s subjective properties, such as trustor disposi- b) Data Communication Trust: Data should be
tion and willingness to trust. securely transmitted in the IoT systems (perception
4) Trustor’s objective properties, such as the criteria or and transportation layer goal).
policies specified by the trustor for a trust decision. c) Data Fusion and Mining Trust: Data collected
5) Context: The situation or environment (time, place, and in IoT should be processed and analyzed in a
involved entities) in which the entities operate. Trust is trustworthy way, e.g., with regard to privacy preser-
different depending on the context: the trust relationships vation and accuracy (application layer goal).
of a IoT device in a controlled environment are different d) Quality of IoT Services: This objective should be
from those a public space where there are unknown and ensured through “only here, only me and only
untrusted entities. now” services (application layer goal).
e) Human–Computer Trust Interaction: To support
B. Importance of Trust user usability using IoT services (application layer
The main advantages of introducing trust mechanism into goal).
IoT are as follows [17]. 2) Cross-Layer Goals:
1) Certainty in Collaboration: Uncertainty is originated a) Generality: Trust management for various IoT
basically from two sources: a) information asymmetry systems and services should be generic in order
(a partner does not have all the information it needs to be widely applied.

Authorized licensed use limited to: Univ Distrital Francisco Jose de Caldas. Downloaded on April 24,2020 at 02:00:59 UTC from IEEE Xplore. Restrictions apply.
2486 IEEE INTERNET OF THINGS JOURNAL, VOL. 5, NO. 4, AUGUST 2018

b) Trust Relationship and Decision: It is necessary a

Trust relationship evaluation for all IoT entities in
order to make the best decision for intelligent and
autonomic trust management.
c) System Security and Robustness: System security
and dependability are fundamentals to gain user
confidence.
d) Privacy Preservation: User privacy must be
preserved according to user policy.
e) Identity Trust: Entities identities should be well
managed in a trustworthy way considering the
objective properties of IoT system (e.g., identity
Fig. 2. CIA security model.
privacy) and subjective properties of IoT entities
(e.g., user belief) and context that may influence attacks on the services like DoS attack can deny data avail-
identity management policies. ability. The most famous mechanisms to protect availability
Only addressing these goals, it is possible to achieve a are: firewall, IDS, and redundancy methods.
comprehensive and holistic trust management for IoT.

B. Traditional IT Security Versus IoT Security

IV. I OT S ECURITY
A fundamental issue in IoT world is that most of the IoT
Security in IoT devices is often neglected or treated as
devices are “closed,” thus, customers cannot add security soft-
an afterthought from the IoT manufacturers. This is mostly
ware once the devices have been shipped from the factory.
due to the short time to market and costs reduction driv-
For such reasons, security has to be built into IoT devices
ing the device’s design and development process. The few
so that they are “secure by design” (“built-in security”). In
devices that support some protection usually employ software
other words, for IoT devices, the security concept must evolve
level solutions, such as firmware signing. However, focusing
from “add-on security” in which security is just added on the
the attention on the software-based protection schemes often
existing systems such as servers or PCs (traditional IT).
leaves the hardware unintentionally vulnerable (e.g., debug
Another important issue is related to the fact that, in general,
interfaces open), allowing for new attacks; as a reference
an IoT system is composed by nodes with limited hardware
example, the work in [20] clearly demonstrated that a non-
and software resources (i.e., sensor or RFID nodes), while
secure hardware platform will inevitably lead to a nonsecure
traditional IT is mostly based on resources rich devices. So,
software stack.
in the IoT world, only lightweight algorithms can be used,
In this section, we discuss about the design of security
in most of the cases, to find a right balance between higher
techniques for IoT systems and devices also highlighting the
security and lower capabilities.
differences with traditional IT security. In addition, we pro-
In addition, the broad heterogeneity that characterizes the
vide useful policies to secure IoT systems from some standard
IoT devices is a common feature, easily observable in every
threats summarized in Table I.
functional element (identification, sensing, communication,
computation, service, and semantic) [21]. In fact, in the future
A. Security Goals: CIA Security Model there will be many kinds of things potentially connecting to
The security triad, a distinguished model for the devel- the Internet, ranging from cars, robots, fridges, mobile phones,
opment of security mechanisms, implements the security by to shoes, plants, watches, and so on. These kinds of things,
making use of three main areas which are: data confiden- with different technologies, will generate also large volumes
tiality, integrity, and availability (CIA security model, shown of heterogeneous data poorly manageable [22]–[24]. However,
in Fig. 2). the negative aspect of security is related to the increase of the
Data confidentiality is the ability to provide confidence attack surface: many heterogeneous technologies, coupled with
to user about the privacy of the sensitive information by their related issues, can bring also security weaknesses.
using different mechanisms so that its disclosure to the unau- Moreover, in IoT system model, the perception layer is the
thorized party is prevented and can be accessed by the most complicated to be protected because: 1) technological
authorized users only. Data confidentiality is usually sup- heterogeneity determines difficulty of using only one kind of
ported through different mechanisms such as data encryption security technology and 2) the perceptual environment is often
or access control. open, and thus, security strategies, previously used in closed
Data integrity refers to the protection of useful information environments, can cause problems in the open environment.
from the cybercriminals or the external interference during On the other side, considering the application layer, privacy
data transit or rest through some common methods like data issues are more challenging because IoT applications are used
integrity algorithms preventing data alteration. in our everyday life and they gather our private information
Data availability ensures the immediate access of autho- every second automatically to make our life easier. In fact,
rized party to their information resources not only in the these IoT applications can even control our everyday life envi-
normal conditions but also in disastrous conditions. The ronment and this can bring great potential security problems if

Authorized licensed use limited to: Univ Distrital Francisco Jose de Caldas. Downloaded on April 24,2020 at 02:00:59 UTC from IEEE Xplore. Restrictions apply.
FRUSTACI et al.: EVALUATING CRITICAL SECURITY ISSUES OF IoT WORLD: PRESENT AND FUTURE CHALLENGES 2487

TABLE II
T RADITIONAL IT S ECURITY V ERSUS I OT S ECURITY successfully deployed. In this context, it is extremely
useful to ensure the credibility in the relationships
among IoT devices or between those devices and the
users.
However, the security requirements for IoT cannot be
achieved by simply putting specific solutions from each layers
together. In fact, it is necessary to consider IoT system as a
whole system and security can be thought of as a chain that
is robust as much as its weakest link.
Therefore, to improve IoT security, we also need to have
some cooperation between different layers by designing secu-
rity solutions for cross layers usage overcoming heterogeneous
integration issues. In this sense, interoperability [25]–[27] can
become one of the enabling factors for IoT security.

we lose control of them. Moreover, due to the lack of specific V. I SSUES AND S ECURITY S OLUTIONS FOR
security software (e.g., antivirus and IDS), the IoT world is I OT C OMMUNICATION P ROTOCOLS
surely less secure than traditional IT. A key step to include security in IoT Systems is also related
In summary, IoT systems are deployed in more danger- to the secure communication protocols used in a way that data
ous and heterogeneous environments with limited resources in transit are confidential, reliable and available by preventing
and also with less security guards. So we need to imple- cyber attacks.
ment lightweight solutions to deal with such more dangerous By looking the context from the protocol point of view,
environments with a large attack surface. Table II resumes IoT protocols can be divided into three main levels [28]:
the main differences between traditional IT and IoT security 1) physical access; 2) network; and 3) service and applica-
requirements and application contexts. tion. In this section, we revise the most used communication
protocols also describing issues and some innovative solutions
C. Multilayer and Cross Layer Security for IoT System proposed in the scientific literature. Table III summarizes all
the considered IoT protocols and the related issues also high-
According to the presented IoT system model, security must
lighting the possible standard and novel solutions in each of
be developed at different layers. Here we describe the appro-
the different levels.
priate security policies and strategies which provide a certain
reference value for the practical application to IoT scenarios.
Security policies within each layer must consider the fol- A. Physical Access Level
lowing basic mechanisms. This level is composed by physical and MAC layer pro-
1) Hardware Security: Using cryptographic coprocessor tocols of the well known ISO/OSI architecture. In the IoT
or anti-tampering technologies (e.g., chip or memory arena, the most used radio technologies to communicate are
protection, self-destruction, etc.). wireless such as IEEE 802.15.4, BLE, IEEE 802.11/WiFi, and
2) Access Control and Authentication System: To prevent LTE. While in wired networks, the communicating nodes are
the access to IoT sensor nodes or application from physically connected through cables, in wireless networks they
unauthorized users. are extremely vulnerable due to the broadcast nature of the
3) Data Encryption Mechanisms: Guaranteed by symmetric wireless medium. Explicitly, wireless networks are prone to
and asymmetric encryption algorithms that should be malicious attacks, including eavesdropping attack, DoS attack,
used during data transit and storage. spoofing attack, MITM attack, message falsification/injection
4) Secure Routing: To ensure the correct route discovery attack, etc. Cryptographic techniques assume that the eaves-
also building and maintaining target even when network dropper has limited computing power and rely upon the
threats and attacks happen. computational hardness of their underlying mathematical prob-
5) Risk Assessment: To discover the new system threats lems. Recently, physical-layer security is emerging as a
preventing the security breaches and determining the promising means of protecting wireless communications to
best security strategies. achieve information-theoretic security against eavesdropping
6) Intrusion Detection System: To detect local and network attacks. The physical layer encryption exploits the features of
intrusion (e.g., in WSN). It is also useful to have DDoS the physical wireless channel for its security by communica-
attack detection and prevention mechanisms. tions, signal processing, and coding techniques [29].
7) Anti-Malware Solution: To detect and prevent malicious In the following, the most common communication proto-
code update in the device firmware (e.g., sensor node) cols used by IoT devices, are presented according to the radio
or in service or application itself. coverage range.
8) Firewall: To block unauthorized hosts. 1) IEEE 802.15.4: This communication standard defines
9) Trust Management System: To ensure that the security the operation of low-rate wireless personal area networks. It
goals are enforced and the security mechanisms are is at the basis of the ZigBee technology. The 802.15.4 security

Authorized licensed use limited to: Univ Distrital Francisco Jose de Caldas. Downloaded on April 24,2020 at 02:00:59 UTC from IEEE Xplore. Restrictions apply.
2488 IEEE INTERNET OF THINGS JOURNAL, VOL. 5, NO. 4, AUGUST 2018

TABLE III
I OT P ROTOCOLS : I SSUES AND S OLUTIONS

layer is handled at the media access control layer, below the its previous versions. Bluetooth low-energy (BLE) version
application control. The specification does not support security 4.2 is more secure compared with earlier versions. In fact,
for acknowledgment packets; other packet types can option- it is able to create the so called LE secure connections
ally support integrity protection and confidentiality protection using elliptic curve Diffie–Hellman public key cryptography
for packets data field. The 802.15.4 specification defines dif- which offers significantly stronger security compared to the
ferent security suites that can be classified according to the original BLE key exchange protocol [36], [37]. In addition,
following proprieties: no security, encryption only [advanced BLE also provides replay protection via the SignCounter field
encryption standard (AES)-CTR], authentication only (AES- for authenticated data over an unencrypted channel and pri-
CBC-MAC), and encryption and authentication (AES-CCM). vacy services by frequently changing the BLE device address
The AES-CBC-MAC cipher suite ensures the authentication to avoid being tracked. BLE has two primary components,
of the frame including a 32, 64, or 128 bits message integrity the controller (PHY and link), and the host (upper layers).
code (MIC) behind the payload. The AES-CTR enables Message confidentiality is typically achieved by encrypting
encryption with cipher block of 128-byte length to guarantee the payload portion of a frame. The header information is
confidentiality. The AES-CCM combines authentication with not encrypted. At the controller, link layer security in BLE
AES-CBC-MAC followed by encryption with AES-CTR. provides confidentiality and integrity via AES-CCM. Data
Regarding the keys management process, three kinds of keys channel packet data units (PDUs) are authenticated with a
are defined. 4-byte MIC. The encryption is done over the data channel
1) The master key, initially predistributed to all the nodes PDU payload and the MIC. Advertising channel PDUs are
of the network. not encrypted or authenticated and this provides opportunities
2) The network key shared by the legitimate nodes after for a range of attacks like inference attacks, eavesdropping,
authorization and authentication services provided by the message modification and packet injection with incorrect con-
upper layers. trol sequences. To secure all data, including the meta-data,
3) The link key established between neighbor legitimate an innovative approach is based on the black network con-
nodes. cept. Adversaries should not be able to determine the source,
So as requirements, the master key must be physically secured the destination, the frame sequence number or the replay
to avoid node tampering because the attacker capable to get counter. The resulting link layer advertising and data PDUs
this key can take the control of the whole IEEE 802.15.4 are BLE compatible but with a decreased routing and payload
network [35]. efficiency [30]. Finally, to assess the vulnerability of BLE
2) Bluetooth Low-Energy: This communication technology technology, researchers have shown that BLE technology
uses a short range radio with a minimal amount of power presents high vulnerabilities due to its specific authentication
to operate for a longer time (even for years) compared to mechanism [31].

Authorized licensed use limited to: Univ Distrital Francisco Jose de Caldas. Downloaded on April 24,2020 at 02:00:59 UTC from IEEE Xplore. Restrictions apply.
FRUSTACI et al.: EVALUATING CRITICAL SECURITY ISSUES OF IoT WORLD: PRESENT AND FUTURE CHALLENGES 2489

3) IEEE 802.11/WiFi: The family of Wi-Fi networks layer confidentiality, integrity and authentication through IPsec
mainly based on the IEEE 802.11 b/g/n standards is explo- protocol.
sively expanding. This technology uses WEP, WPA, or In IPv6, the secure neighbor discovery (SEND) protocol
WPA2 protocols to implement authentication and encryption is a security extension of the neighbor discovery proto-
processes. WEP uses a 64- or 128-bit encryption key that must col (NDP), used in IPv6 for the discovery of neighboring
be manually entered on wireless access points and devices nodes on the local link. NDP determines the link layer
and does not change while the temporal key integrity proto- addresses of other nodes, finds available routers, maintains
col (TKIP) has been adopted for WPA employing a per-packet reachability information, performs address resolution and
key that dynamically generates a new 128-bit key for each detects address duplication. SEND enhances this insecure
packet to prevent attacks that compromised WEP. Finally, the protocol by employing cryptographically generated addresses
protocol used by WPA2, based on the advanced encryption (CGAs) to encrypt NDP messages. This method is inde-
standard (AES) cipher is significantly stronger in protection pendent of IPSec, which is typically used to secure IPv6
for both privacy and integrity than the RC4-based TKIP used transmissions. The introduction of CGA helps to nullify neigh-
by WPA. In particular, both WPA and WPA2 use the same bor/solicitation/advertisement spoofing, neighbor unreachabil-
authentication system. Enterprise networks use EAP protocol ity detection failure, DOS attacks, router solicitation, and
for mutual authentication through a RADIUS server, whilst, advertisement and replay attacks. Using IPv4, it is fairly easy
for home and small office networks, preshared key (PSK) pro- for an attacker to redirect traffic between two legitimate hosts
tocol is used. In addition, WPA adopts Michael algorithm for and manipulate the conversation or at least observe it but IPv6
data integrity but WPA2 implements a more robust, efficient makes this very difficult [34].
and stronger algorithm, CBC-MAC. In [32], a comparative 2) 6LoWPAN: Since IoT system is also composed by
study of WPA and WPA2 in terms of security methods used WSNs, the Internet protocol (IP) is not suitable for such
and throughput, is presented drawing the main conclusions on resource constrained devices. Thus, 6LoWPAN protocol pro-
how WPA2 has less reduction on network throughput than vides an adaptation layer to connect the IP world to the
WPA due to its encryption algorithm (CCMP) which is highly resource constrained devices enabling the access of the sensor
improved compared to TKIP. networks world to the Internet. In the OSI abstraction model,
4) LTE: This communication technology is the long term 6LoWPAN is an adaptation layer located between the network
evolution standard for cellular technology based on the layer and the link layer. 6LoWPAN achieves low overhead
Universal Mobile Telecommunications System (UMTS). For by applying cross-layer optimization and compression of the
the LTE network, two standardized algorithms are required headers of the IPv6 protocol stack.
for the radio interface, namely: 1) EPS encryption algo- In [35], three interesting solutions to provide security in
rithm (EEA) and 2) EPS integrity algorithm (EIA). Two 6LoWPAN networks are proposed and discussed.
confidentiality and integrity algorithm sets had already been 1) Using security features of IEEE 802.15.4 (link layer
developed and standardized. The first set, 128-EEA1 and security).
128-EIA1, is based on the stream cipher SNOW 3G, and was 2) Compressed IPsec to provide end-to-end security at
inherited from the UMTS network. The second set, 128-EEA2 the network layer also using header compression tech-
and 128-EIA2, is based on the block cipher AES. niques [38].
3GPP Systems and Architecture Group agreed in May 2009 3) Compressed DTLS to provide end-to-end security at the
on a requirement for a third encryption and integrity algorithm transport layer. A specific technique to compress DTLS
set, 128-EEA3 and 128-EIA3, based on a core stream cipher header in a standard compliant way into a 6LoWPAN
algorithm named ZUC. network can be used to achieve better energy efficiency
A comparative study among all core LTE cryptographic by reducing the message size.
algorithms such as ZUC, SNOW 3G, and AES is provided The main difference among these solutions is that link layer
in [33]. The results of this paper show that SNOW 3G offers security ensures the security of the wireless medium, whereas
less immunity against different attacks than ZUC and AES. upper layer security is designed to achieve end-to-end security
between two peers.
3) RPL: It is a standardized routing protocol for the
B. Network Level IP-connected IoT devices. It creates a destination-oriented
The main functions of the network layer include message directed acyclic graph (DODAG) and supports different modes
forwarding and host addressing supported by the standard of operation: unidirectional traffic to a DODAG root (typi-
ISO/OSI architecture through protocols such as IPv4/IPv6, cally the 6BR/border router) and bi-directional traffic between
6LoWPAN, and routing protocol for low power and lossy constrained nodes and a DODAG root. Nodes have a rank
networks (RPL). that determines their individual position with respect to the
1) IPv4/IPv6: IPv6 is the main enabler for extending IoT DODAG root and relative to other nodes.
to the future Internet. In fact, IPv6 extends the existing IPv4 The RPL specification [39] defines secure versions of the
notation from 32 to 128 bits per IP address offering scalability various routing control messages, as well as three basic secu-
for IoT world. In addition, IPv6 use mandatory end-to-end rity modes. In the first mode, named “unsecured,” RPL control
encryption, while in IPv4, it remains an extra option. IPv6 messages are sent without any additional security mechanisms.
also supports more-secure name resolution achieving network In the second mode, called “preinstalled,” nodes joining an

Authorized licensed use limited to: Univ Distrital Francisco Jose de Caldas. Downloaded on April 24,2020 at 02:00:59 UTC from IEEE Xplore. Restrictions apply.
2490 IEEE INTERNET OF THINGS JOURNAL, VOL. 5, NO. 4, AUGUST 2018

RPL instance have preconfigured symmetric key that enable due to its inherent design which supports broadcast encryp-
them to process and generate secured RPL messages. The third tion (one encryption message delivered to multiple intended
mode, named “authenticated,” it is used for devices operating users) that make it suitable for IoT applications; moreover,
as routers. A device may initially join the network using a pre- the feasibility of SMQTT approach through simulations and
configured key and the preinstalled security mode, and next performance evaluation has been validated.
obtain a different cryptographic key from a key authority with In [43], two different types of ABEs, key-policy ABE
which it may start functioning as a router. The key authority and ciphertext-policy ABE, have been evaluated on different
is responsible for authenticating and authorizing the device classes of mobile devices including a laptop and a smartphone
for this purpose. Each RPL message has a secure variant and providing a comprehensive study of ABE techniques and their
AES/CCM algorithms [40] are used to support confidentiality performances. Compared to the RSA (an asymmetric crypto-
and integrity. graphic algorithm), ABE is slower and has more data overhead
Even with message security that enables encryption and and energy consumption; however, the main advantage to use
authentication, networks are vulnerable to a number of wire- ABE is to enable a flexible and fine grained access control
less and routing attacks aimed to disrupt the network. Hence, and to offer scalable key management because senders and
an IDS is necessary to detect intruders that are trying to receivers are completely decoupled.
disrupt the network. In [41], a novel IDS for IoT systems In IoT world, protection of privacy can be a challenging
is presented. This IDS called SVELTE is well designed for task because connected objects can generate an enormous
6LowPAN networks with RPL in which a hybrid, centralized amount of data, some of which actually constitute personal
and distributed approach is used to place IDS modules both in data. In addition, it is difficult to control the data flow
the 6BR and in the resource constrained nodes. SVELTE has without having any user interface or adequate tools for the
three main centralized modules developed in the 6BR. The first user. An efficient solution to enforce security policy rules in
module, called 6LoWPAN mapper, gathers information about IoT is described in [44] and [45]. This enforcement solu-
the RPL network and reconstructs the network in the 6BR. tion consists of a model-based security toolkit named SecKit
The second module is the intrusion detection component that that is integrated within the MQTT protocol. The policy
analyzes the mapped data and detects intrusion. The third mod- enforcement support for MQTT is based on a custom pol-
ule, a distributed mini-firewall, is designed to offload nodes by icy enforcement point (PEP) component implemented in C
filtering unwanted traffic toward resource-constrained network. language. The PEP is a connector that: 1) intercepts the
messages exchanged inside the broker with a publish-subscribe
mechanism; 2) notifies these messages as events in the SecKit
C. Service and Application Level policy decision point implemented in Java; and optionally
As a result of the wide-spread and rapid evolution of IoT 3) receives an enforcement action (allow, deny, modify, and
devices, different protocols have been developed in order to delay) to be executed. In addition, this PEP has been embed-
support the emerging M2M data communications such as ded in the Mosquitto Broker [46] using security plugin. The
MQTT, constrained application protocol (CoAP), XMPP, and following list summarizes advantages of this solution respect
AMQP. to the missing features in current MQTT implementations.
In this section, we discuss issues and some innovative solu- 1) Modification of messages and identity obfuscation.
tions proposed by researchers for the two most widely used 2) Delaying of messages to prevent real-time tracking of
application protocols: 1) MQTT and 2) CoAP. In particular, devices and users.
these protocols overcomes other solutions in terms of min- 3) Enforcement when a message is delivered to a client in
imum header size, power consumption, and data loss; thus, addition to enforcement when a client subscribes a topic.
they are well suited for constrained-resource applications [21]. 4) Support for reactive rules to notify, log, or request user
1) Message Queuing Telemetry Transport: This protocol is a consent.
publisher/subscriber messaging protocol specifically developed 5) Misbehavior checking rules, for DoS attack detection.
for constrained devices. Message queuing telemetry transport The main drawback of this approach is the high overhead
(MQTT) security is based on the TLS/SSL to provide transport when one publisher has many interested subscribers, and a
encryption. It provides a security against eavesdropping. On the policy needs to be checked for every subscriber. This overhead
application layer, MQTT application provides client identifier introduces a small latency of a few tens of ms.
and username/password credentials which can be used for 2) Constrained Application Protocol: The protocol is an
devices authentication. The disadvantage of MQTT security is HTTP remarkable version to match the IoT requirements for
the use of TLS/SSL which is not optimized for constrained low overhead. The CoAP uses UDP protocol and encryption
devices. In fact, using TLS/SSL with certificates and session is most commonly accomplished using DTLS and some-
key management for a multitude of heterogeneous devices, is times with IPSec. DTLS is applied in the transport layer and
surely cumbersome [42]. For this reasons, a more scalable, the fundamental AES/CCM provides confidentiality, integrity,
lightweight, and robust security mechanism is required. authentication, and nonrepudiation.
In [42] a secure MQTT (SMQTT) is proposed to increase The Californium framework (implemented in Java) provides
security features of the existing MQTT protocol and its a set of security capabilities for CoAP. There are four security
variants based on lightweight attribute-based encryption modes defined for CoAP to implement TLS [47].
(ABE), over elliptic curves. The advantage of using ABE is 1) No security.

Authorized licensed use limited to: Univ Distrital Francisco Jose de Caldas. Downloaded on April 24,2020 at 02:00:59 UTC from IEEE Xplore. Restrictions apply.
FRUSTACI et al.: EVALUATING CRITICAL SECURITY ISSUES OF IoT WORLD: PRESENT AND FUTURE CHALLENGES 2491

2) PSK enabled by sensing devices preprogrammed with

symmetric cryptographic keys. This mode is suitable
for devices that are unable to support the public key
cryptography.
3) Raw public key (RPK) for devices that require authen-
tication based on public key. This mode enables a TLS
session without certificate.
4) Certificates to support authentication based on public
key where keys are always validated according to a
trusted entity known as certificate authority. The draw-
back of using the certificates is mainly due to heavy
data format and fixed costs. A clear advantage, how-
ever, is the possibility to revoke certificates if the device
is compromised.
Key management is a drawback of the CoAP security which
is a common issue in almost all protocols. Another problem
is the heavy cost of computation and high handshake in the
message which causes message fragmentation. Many studies Fig. 3. Qualitative risk evaluation for IoT system.
proposed different solutions to compress the DTLS. In fact,
a novel DTLS header compression scheme called Lithe has hardware limitations and technological heterogeneity that limit
been proposed in [48] with the aim of significantly reducing the implementation of effective security measures.
the energy consumption by leveraging the 6LoWPAN stan- On the other side, the transportation layer can be classified
dard without compromising the end-to-end security properties. as a lower risk level respect to the perception layer due to
In addition, the evaluation results show significant gains in the known drawbacks of standard wireless data transfer tech-
terms of packet size, energy consumption, processing time, nologies, as well as known threats in access networks. The
and network-wide response times when compressed DTLS is advantage of this layer is the intensive research on the vul-
enabled. A clear limitation of this solution is that DTLS header nerabilities and the continuous development of new protection
compression is applied only within 6LoWPAN networks. methods.
In [49], a security analysis between CoAP and MQTT is Finally, the application layer has a “variable” level of risk
presented with a particular focus on the transport level protocol depending on the specific implemented application; in fact, this
used (UDP for CoAP and TCP for MQTT), which inherently layer is generally accessible from a large number of users and
enforces the usage of DTLS for CoAP and TLS for MQTT. in some IoT applications, the impact of both data and services
Moreover a set of security modes and also mandatory-to- confidentiality, integrity, or availability losses, can be signif-
implement ciphers are supported by CoAP whilst, in contrast, icant and not tolerable (i.e., strategic sectors such as energy
the MQTT specification only enumerates a list of security con- sector or intelligent transportation systems). In addition, com-
siderations and does not enforce any kind of implementations. pared to the perception layer, it has more mature technology,
The comparative analysis has been conducted considering the less threats, and already tested security methods.
four security modes already described. According to this anal- Fig. 3 graphically resumes this qualitative risk evaluation
ysis, RPK is not supported by MQTT, but it represents a mixed for each layer of the IoT system.
security alternative to heavier certificates and lightweight
PSKs. However, the traditional certificates-based authenti- A. Critical Security Issues Identification
cation and encryption offers the highest level of security. According to the previous analysis, the most vulnerable
Furthermore, the possibility to revoke certificates, consider- layer of the presented IoT system model is the perception layer
ing illicit usage, makes it more capable to react to different and the critical issues to solve in next future are as follows.
attacks as already been proven with HTTP. In addition, due 1) Hardware InSecurity of IoT Devices: This issue depends
to different standard security mechanisms, the interoperability on device manufacturers’s negligence.
issue has a non trivial solution, mostly based on security level 2) Lack of Lightweight Cryptographic Algorithms and
negotiation between IoT devices. Effective Key Management: Protecting data confidential-
ity and integrity at rest or in transit.
3) Lack of Lightweight Trust Management System: It is
VI. C RITICAL I SSUES AND F UTURE D IRECTIONS important to ensure credibility especially in the relation-
To direct further research on the most vulnerable layer of ships between IoT devices placed in open and dynamic
IoT system model, we can use risk classification limited to a environments.
qualitative evaluation of each layer due to lack of quantitative 4) InSecure Routing Protocols: Providing protection
metrics. against routing threats with specific focus on the WSNs.
The perception layer can be classified with the highest secu- 5) Lack of Lightweight Anti-Malware Solutions: Providing
rity risk level for physical exposure of IoT devices, deployed protection from malware that can infect the software
also in open environments. In addition, it has very large installed on the IoT device.

Authorized licensed use limited to: Univ Distrital Francisco Jose de Caldas. Downloaded on April 24,2020 at 02:00:59 UTC from IEEE Xplore. Restrictions apply.
2492 IEEE INTERNET OF THINGS JOURNAL, VOL. 5, NO. 4, AUGUST 2018

TABLE IV
M ETRIC VALUES AND BS FOR C RITICAL AND O PEN I SSUES IN I OT S YSTEM

Regarding the transportation layer, since it is composed by the security of data privacy would be of great importance in
a mixed wireless network technologies, the most critical and smart healthcare, but in intelligent urban management, data
open issues to be addressed are as follows. authenticity and integrity would be more important. Moreover,
1) Physical Wireless InSecurity: The broadcast nature of at the present time, there are no universal standards for the
wireless communications makes the physical channel developing of IoT application layer making very difficult
extremely vulnerable to classic data transit attacks [29]. the interoperability among them (e.g., different software and
2) DDoS Attacks: Because of the heterogeneity and com- applications have different authentication mechanisms, which
plexity of the IoT networks, the transportation layer is makes integration of all of them very difficult to ensure data
vulnerable and exposed to this kind of attacks. Usually privacy and identity authentication).
the solution is to upgrade the system and use DDoS At this layer the most serious issues that must be considered
attack detection and prevention. Currently, there is no are as follows.
good solution to solve the network DDoS attack. 1) Common Application Vulnerabilities: These vulnerabili-
Finally, the application layer represents the most varie- ties can be exploited by an attacker to hack an applica-
gate security context, in fact, different security requirements tion service. In this context, the Open Web Application
need to be satisfied for different applications; for instance, Security Project [53], [55] provides a list of critical

Authorized licensed use limited to: Univ Distrital Francisco Jose de Caldas. Downloaded on April 24,2020 at 02:00:59 UTC from IEEE Xplore. Restrictions apply.
FRUSTACI et al.: EVALUATING CRITICAL SECURITY ISSUES OF IoT WORLD: PRESENT AND FUTURE CHALLENGES 2493

Fig. 4. Research direction.

and common software vulnerabilities for Web appli- 3) The authentication (Au) metric that describes the num-
cation or cloud services, coupled with few possible ber of times that an attacker must authenticate to a target
solutions. to exploit it.
2) Privacy Protection Issue: It is necessary to provide BS = (0.6 ∗ Impact + 0.4 ∗ Exploitability − 1.5)
user data protection mechanisms in which user can also
transparently enforce own privacy preferences [54]. ∗ f (Impact). (1)
The impact metrics measure how a vulnerability, if
exploited, will directly affect an IT asset, where the
B. Critical Security Issues Evaluation impacts are independently defined as the degree of loss of
confidentiality (C), integrity (I), and availability (A).
To evaluate the presented critical security issues, with the To calculate these sets of metrics, the following mathemat-
aim of directing the research activities in the next future, ical equations have been used:
we considered them as intrinsic vulnerabilities of the IoT
Systems and we calculated a severity score for each of them Exploitability = 20 ∗ AC ∗ Au ∗ AV
by using a novel approach through conventional base score Impact = 10.41 ∗ (1 − (1 − C) ∗ (1 − I) ∗ (1 − A))
(BS) equations named common vulnerability scoring system
where
(CVSS) v2, proposed by the National Infrastructure Advisory
Council [50], [51]. CVSS is a free and open industry stan- f (Impact) = 0 if Impact = 0
dard for assessing the severity of computer system security f (Impact) = 1.176 otherwise.
vulnerabilities. It attempts to assign severity scores to differ- The possible values of the six base metrics are shown in
ent vulnerabilities, allowing managers to prioritize responses Table V and they are chosen considering the characteristics of
and resources according to the specific threat. Scores are cal- each specific security issue.
culated according to several metrics that approximate ease of Table IV resumes the results obtained by applying the
exploit and the impact of exploit. Scores range from 0 to 10, CVSSv2 metrics to the security open issues identified in the
with 10 being the most severe. proposed IoT system. In particular, to compute the BS, we
The BS shown in (1) is composed of two sets of metrics: have used CVSSv2 calculator, freely provided by National
1) the exploitability metrics and 2) the impact metrics. Institute of Standards and Technology [52].
The exploitability metrics capture how the vulnerability is Once computed the BS, the security issues have been sorted
accessed and whether or not extra conditions are required to according to the availability of the solutions to better under-
exploit it. These metrics are as follows. stand in which direction the research must be oriented. By
1) The access vector (AV) that shows how a vulnerability looking Fig. 4 that graphically resume the conducted analysis,
may be exploited. the following meaningful considerations can be done.
2) The access complexity (AC) metric that describes 1) Hardware insecurity and common application
how easy or difficult it is to exploit the discovered vulnerabilities have already many mature solu-
vulnerability. tions. However, the real applicability of those solutions

Authorized licensed use limited to: Univ Distrital Francisco Jose de Caldas. Downloaded on April 24,2020 at 02:00:59 UTC from IEEE Xplore. Restrictions apply.
2494 IEEE INTERNET OF THINGS JOURNAL, VOL. 5, NO. 4, AUGUST 2018

TABLE V
BASE M ETRICS W ITH S UBSCORES [4] Inter-IoT Project. Accessed: Oct. 2017. [Online]. Available:
http://www.inter-iot-project.eu/
[5] Wikipedia Contributors. (2016). Dyn Cyberattack. [Online]. Available:
https://en.wikipedia.org/w/index.php?title=2016_Dyn_cyberattack&
oldid=763071700
[6] E. Ronen, A. Shamir, A.-O. Weingarten, and C. O’Flynn, “IoT goes
nuclear: Creating a ZigBee chain reaction,” in Proc. IEEE Symp. Security
Privacy (SP), San Jose, CA, USA, 2017, pp. 195–212.
[7] Q. Jing, A. V. Vasilakos, J. Wan, J. Lu, and D. Qiu, “Security of the
Internet of Things: Perspectives and challenges,” Wireless Netw., vol. 20,
no. 8, pp. 2481–2501, Nov. 2014.
[8] K. Lin, M. Chen, J. Deng, M. M. Hassan, and G. Fortino, “Enhanced fin-
gerprinting and trajectory prediction for IoT localization in smart build-
ings,” IEEE Trans. Autom. Sci. Eng., vol. 13, no. 3, pp. 1294–1307,
Jul. 2016.
[9] S. Baraković et al., “Security issues in wireless networks: An overview,”
in Proc. XI Int. Symp. Telecommun. (BIHTEL), Sarajevo, Bosnia and
Herzegovina, 2016, pp. 1–6.
[10] P. De Meo, K. Musial-Gabrys, D. Rosaci, G. M. L. Sarnè, and L. Aroyo,
“Using centrality measures to predict helpfulness-based reputation in
trust networks,” ACM Trans. Internet Technol., vol. 17, no. 1, pp. 1–20,
2017.
[11] W.-Y. Lin, X. Zhang, H. Song, and K. Omori, “Health information
strictly depends on device manufacturers or software seeking in the Web 2.0 age: Trust in social media, uncertainty reduc-
developers that should be forced to implement them. tion, and self-disclosure,” Comput. Human Behav., vol. 56, pp. 289–294,
Mar. 2016.
2) Lack of lightweight anti-malware and DDoS attack issue [12] H. Shirgahi, M. Mohsenzadeh, and H. H. S. Javadi, “Trust estimation of
have few research solutions although they can have a the semantic Web using semantic Web clustering,” J. Exp. Theor. Artif.
medium-high severity index. Intell., vol. 29, no. 3, pp. 537–556, 2017.
[13] T. S. Vijay, S. Prashar, and C. Parsad, “Online shoppers’ satisfaction: The
3) The remaining security issues have several on going impact of shopping values, website factors and trust,” Int. J. Strategic
solutions but still immature. Decis. Sci., vol. 8, no. 2, pp. 52–69, 2017.
According to these considerations, the research activity in [14] S. Pinto, T. Gomes, J. Pereira, J. Cabral, and A. Tavares, “IIoTEED:
An enhanced, trusted execution environment for industrial IoT
the near future, should concentrate to solve critical issues with edge devices,” IEEE Internet Comput., vol. 21, no. 1, pp. 40–47,
greater availability of ongoing solutions that are progressively Jan./Feb. 2017.
more feasible thanks to the technology advancements. [15] D. He, C. Chen, S. Chan, J. Bu, and A. V. Vasilakos, “ReTrust:
Attack-resistant and lightweight trust management for medical sen-
sor networks,” IEEE Trans. Inf. Technol. Biomed., vol. 16, no. 4,
VII. C ONCLUSION pp. 623–632, Jul. 2012.
[16] Z. Yan, P. Zhang, and A. V. Vasilakos, “A survey on trust management
Along with the rapid development of the IoT industry, the for Internet of Things,” J. Netw. Comput. Appl., vol. 42, pp. 120–134,
importance of the security in the IoT is gradually emerging. Jun. 2014.
In fact, we have shown that IoT system model has many secu- [17] G. Lize, W. Jingpei, and S. Bin, “Trust management mechanism for
Internet of Things,” China Commun., vol. 11, no. 2, pp. 148–156,
rity issues among which threats that can exploit some possible Feb. 2014.
weaknesses. For these reasons, it is necessary to appropriately [18] I.-R. Chen, F. Bao, and J. Guo, “Trust-based service management
enforce trust management and security in the IoT world start- for social Internet of Things systems,” IEEE Trans. Depend. Secure
Comput., vol. 13, no. 6, pp. 684–696, Nov./Dec. 2016.
ing from the characterization of the different threats related to [19] I. Kounelis et al., “Building trust in the human–Internet of Things
each specific level of the general IoT system model. relationship,” IEEE Technol. Soc. Mag., vol. 33, no. 4, pp. 73–80,
According to this paper, the most vulnerable level of the Nov. 2014.
[20] O. Arias, J. Wurm, K. Hoang, and Y. Jin, “Privacy and security in
IoT system model is the perception layer due to the physical Internet of Things and wearable devices,” IEEE Trans. Multi-Scale
exposure of IoT devices, to their constrained resources and Comput. Syst., vol. 1, no. 2, pp. 99–109, Apr./Jun. 2015.
to their technological heterogeneity. Thus, it is crucial, in the [21] A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and
M. Ayyash, “Internet of Things: A survey on enabling technologies, pro-
next future, to start working on the critical issues of this level tocols, and applications,” IEEE Commun. Surveys Tuts., vol. 17, no. 4,
implementing lightweight security solutions that can adapt pp. 2347–2376, 4th Quart., 2015.
to the heterogeneous environments with resource-constrained [22] X. Xu, R. Ansari, A. Khokhar, and A. V. Vasilakos, “Hierarchical
data aggregation using compressive sensing (HDACS) in WSNs,” ACM
devices. Trans. Sensor Netw., vol. 11, no. 3, 2015, Art. no. 45.
[23] Y. Qin et al., “When things matter: A survey on data-centric Internet of
Things,” J. Netw. Comput. Appl., vol. 64, pp. 137–153, Apr. 2016.
R EFERENCES
[24] J. Wan et al., “Software-defined industrial Internet of Things in the con-
[1] S. Karnouskos, P. J. Marrón, G. Fortino, L. Mottola, and text of industry 4.0,” IEEE Sensors J., vol. 16, no. 20, pp. 7373–7380,
J. R. Martínez-de Dios, Applications and Markets for Cooperating Oct. 2016.
Objects (Springer Briefs in Electrical and Computer Engineering). [25] G. Aloi et al., “Enabling IoT interoperability through opportunistic
Heidelberg, Germany: Springer, 2014, pp. 1–120. smartphone-based mobile gateways,” J. Netw. Comput. Appl., vol. 81,
[2] G. Fortino and P. Trunfio, Internet of Things Based on Smart Objects, pp. 74–84, Mar. 2017.
Technology, Middleware and Applications. Cham, Switzerland: Springer, [26] R. Gravina, C. E. Palau, M. Manso, A. Liotta, and G. Fortino,
2014. Integration, Interconnection, and Interoperability of IoT Systems. Cham,
[3] H. Xiao, N. Sidhu, and B. Christianson, “Guarantor and reputation Switzerland: Springer, 2018.
based trust model for social Internet of Things,” in Proc. Int. Wireless [27] G. Aloi et al., “A mobile multi-technology gateway to enable IoT
Commun. Mobile Comput. Conf. (IWCMC), Dubrovnik, Croatia, 2015, interoperability,” in Proc. IEEE 1st Int. Conf. Internet Things Design
pp. 600–605. Implement. (IoTDI), Berlin, Germany, 2016, pp. 259–264.

Authorized licensed use limited to: Univ Distrital Francisco Jose de Caldas. Downloaded on April 24,2020 at 02:00:59 UTC from IEEE Xplore. Restrictions apply.
FRUSTACI et al.: EVALUATING CRITICAL SECURITY ISSUES OF IoT WORLD: PRESENT AND FUTURE CHALLENGES 2495

[28] Z. Sheng et al., “A survey on the IETF protocol suite for the Internet [55] J. Ahamed and A. V. Rajan, “Internet of Things (IoT): Application
of Things: Standards, challenges, and opportunities,” IEEE Wireless systems and security vulnerabilities,” in Proc. 5th Int. Conf. Electron.
Commun., vol. 20, no. 6, pp. 91–98, Dec. 2013. Devices Syst. Appl. (ICEDSA), Ras al-Khaimah, UAE, 2016, pp. 1–5.
[29] Y. Zou, J. Zhu, X. Wang, and L. Hanzo, “A survey on wireless security:
Technical challenges, recent advances, and future trends,” Proc. IEEE,
vol. 104, no. 9, pp. 1727–1765, Sep. 2016.
[30] S. Chakrabarty and D. W. Engels, “Black networks for Bluetooth low
energy,” in Proc. IEEE Int. Conf. Consum. Electron. (ICCE), Las Vegas,
NV, USA, 2016, pp. 11–14.
[31] Y. Qu and P. Chan, “Assessing vulnerabilities in Bluetooth low energy
(BLE) wireless network based IoT systems,” in Proc. IEEE 2nd Int. Mario Frustaci received the master’s degree in
Conf. Big Data Security Cloud (BigDataSecurity), New York, NY, USA, electronic engineering in 2014 and the postgraduate
2016, pp. 42–48. degree in cyber security. He is currently pursuing
[32] A. H. Adnan et al., “A comparative study of WLAN security protocols: the Ph.D. degree in telecommunications engineer-
WPA, WPA2,” in Proc. Int. Conf. Adv. Elect. Eng. (ICAEE), Dhaka, ing at the Department of Informatics, Modeling,
Bangladesh, 2015, pp. 165–169. Electronics and System Engineering, University of
[33] A. G. Sulaiman and I. F. Al Shaikhli, “Comparative study On 4G/LTE Calabria, Rende, Italy.
cryptographic algorithms based on different factors,” Int. J. Comput. Sci. His current research interests include security,
Telecommun., vol. 5, no. 7, pp. 7–10, Jul. 2014. privacy, and interoperability for Internet of Things.
[34] Y. E. Gelogo, R. D. Caytiles, and B. Park, “Threats and security analysis
for enhanced secure neighbor discovery protocol (SEND) of IPv6 NDP
security,” Int. J. Control Autom., vol. 4, no. 4, pp. 179–184, 2011.
[35] C. Hennebert and J. D. Santos, “Security protocols and privacy issues
into 6LoWPAN stack: A synthesis,” IEEE Internet Things J., vol. 1,
no. 5, pp. 384–398, Oct. 2014.
[36] (Dec. 2014). Bluetooth Core Version 4.2. [Online]. Available:
https://www.bluetooth.com/specifications/adopted-specifications
[37] A Basic Introduction to BLE Security. Accessed: Nov. 2016. [Online]. Pasquale Pace (M’05) received the Ph.D. degree
Available: https://eewiki.net/display/Wireless/A+Basic+Introduction+ in information engineering from the University of
to+BLE+Security Calabria (Unical), Rende, Italy, in 2005.
[38] S. Raza et al., “Securing communication in 6LoWPAN with compressed He was a Visiting Researcher with CCSR, Surrey,
IPsec,” in Proc. Int. Conf. Distrib. Comput. Sensor Syst. Workshops U.K., and the Georgia Institute of Technology,
(DCOSS), Barcelona, Spain, 2011, pp. 1–8. Atlanta, GA, USA. He is currently an Assistant
[39] “RPL: IPv6 routing protocol for low-power and lossy networks,” Internet Professor of telecommunications with Unical. He
Eng. Task Force, Fremont, CA, USA, RFC 6550, 2012. [Online]. has authored over 80 papers in international publi-
Available: https://tools.ietf.org/html/rfc6550 cations. His current research interests include coop-
[40] J. Granjal, E. Monteiro, and J. S. Silva, “Security for the Internet of erative communications, cognitive networks, sensor
Things: A survey of existing protocols and open research issues,” IEEE and self-organized networks, and interoperability of
Commun. Surveys Tuts., vol. 17, no. 3, pp. 1294–1312, 3rd Quart., 2015. Internet of Things platforms and devices.
[41] S. Raza, L. Wallgren, and T. Voigt, “SVELTE: Real-time intrusion
detection in the Internet of Things,” Ad Hoc Netw., vol. 11, no. 8,
pp. 2661–2674, Nov. 2013.
[42] M. Singh, M. A. Rajan, V. L. Shivraj, and P. Balamuralidhar, “Secure
MQTT for Internet of Things (IoT),” in Proc. 5th Int. Conf. Commun.
Syst. Netw. Technol., Gwalior, India, 2015, pp. 746–751.
[43] X. Wang, J. Zhang, E. M. Schooler, and M. Ion, “Performance evalu-
ation of attribute-based encryption: Toward data privacy in the IoT,” in Gianluca Aloi (S’99–M’02) received the Ph.D.
Proc. IEEE Int. Conf. Commun. (ICC), Sydney, NSW, Australia, 2014, degree in systems engineering and computer science
pp. 725–730. with the DEIS Department, University of Calabria
[44] R. Neisse, G. Steri, and G. Baldini, “Enforcement of security policy rules (Unical), Rende, Italy, in 2003.
for the Internet of Things,” in Proc. IEEE 10th Int. Conf. Wireless Mobile In 2004, he joined Unical, where he is cur-
Comput. Netw. Commun. (WiMob), Larnaca, Cyprus, 2014, pp. 165–172. rently an Assistant Professor of telecommunica-
[45] R. Neisse, G. Steri, I. N. Fovino, and G. Baldini, “SecKit: A model-based tions with the Department of Informatics, Modeling,
security toolkit for the Internet of Things,” Comput. Security, vol. 54, Electronics and System Engineering. His current
pp. 60–76, Oct. 2015. research interests include spontaneous and reconfig-
[46] Mosquitto: An Open Source MQTT v3.1/v3.1.1 Broker. Accessed: urable wireless networks, cognitive and opportunis-
Oct. 2017. [Online]. Available: https://mosquitto.org/ tic networks, sensor and self-organizing wireless
[47] R. A. Rahman and B. Shah, “Security analysis of IoT protocols: A focus networks, and Internet of Things technologies.
in CoAP,” in Proc. 3rd MEC Int. Conf. Big Data Smart City (ICBDSC),
Muscat, Oman, 2016, pp. 1–7.
[48] S. Raza, H. Shafagh, K. Hewage, R. Hummen, and T. Voigt, “Lithe:
Lightweight secure CoAP for the Internet of Things,” IEEE Sensors J.,
vol. 13, no. 10, pp. 3711–3720, Oct. 2013.
[49] S. Zamfir, T. Balan, I. Iliescu, and F. Sandu, “A security analysis on stan-
dard IoT protocols,” in Proc. Int. Conf. Appl. Theor. Electricity (ICATE),
Craiova, Romania, 2016, pp. 1–6. Giancarlo Fortino (SM’12) received the Ph.D.
[50] CVSS. Accessed: Mar. 2017. [Online]. Available: degree in computer engineering from the University
https://en.wikipedia.org/wiki/CVSS of Calabria (Unical), Rende, Italy, in 2000.
[51] CVSSv2. Accessed: Mar. 2017. [Online]. Available: He is a Professor of computer engineering
https://www.first.org/cvss/v2/guide with the Department of Informatics, Modeling,
[52] Common Vulnerability Scoring System Version 2 Calculator. Accessed: Electronics, and Systems, Unical. He is the
Mar. 2017. [Online]. Available: https://nvd.nist.gov/CVSS/CVSS-v2- co-founder and the CEO of SenSysCal S.r.l., Rende,
Calculator a Unical spin-off focused on innovative Internet
[53] OWASP Project. Accessed: Mar. 2017. [Online]. Available: of Things (IoT) systems. He has authored over
https://www.owasp.org/ index.php/OWASP_Internet_of_Things_Project 300 papers in international journals, conferences,
[54] The Internet of Things (IoT): An Overview. Accessed: Mar. 2017. and books. His current research interests include
[Online]. Available: https://www.internetsociety.org/doc/iot-overview agent-based computing, wireless sensor networks, and IoT technology.

Authorized licensed use limited to: Univ Distrital Francisco Jose de Caldas. Downloaded on April 24,2020 at 02:00:59 UTC from IEEE Xplore. Restrictions apply.