1. INTRODUCTION:

An increasing quantity of objects connected to the internet at a very high-speed rate, realizing the idea of the Internet of Things (IoT). The IoT enables these physical objects to act by having them communicate together, transfer and share information together and synchronize decisions among them. The IoT enhances these objects from being conventional and usual to smart and intelligent by exploiting its basic technologies such as embedded devices, sensor networks, communication technologies, persistent computing, internet protocols, and applications.

It has been observed in recent years that academic investigate and research to focus on the security issues for IoT systems and has attained constructive developments. Currently, the security methods and techniques which have been proposed are based on conventional network security methods. As a result of the heterogeneity of the devices, protocols, scale or the number of nodes in the system, in IoT system implementing these security mechanisms is more demanding and challenging as compared to conventional networks. The challenges in applying IoT security mitigation which is caused by physical coupling, heterogeneity, resource constraints, privacy, the large scale, trust management and unpreparedness for security are extensively explained in various research articles.

IoT Security issues, such as system configuration, authorization, access control, privacy, verification, information storage, and management are the major challenges in an IoT environment [1]. Like, IoT applications, such as Smart Phone and embedded devices, helps to give a digital environment for global connectivity that makes easier lives by being adaptive, sensitive and responsive to human needs. On the other hand, achieving security is not guaranteed. The privacy and confidentiality of users may be compromised and the data or information of these users may be leaked when the user signal is shared and intercepted. To broadly adopt the IoT, these terms should be pointed to grant user confidence in the contexts of privacy and control of personal information [2]. The development of a secure IoT environment very much depends on addressing security concerns [3]. This study focuses on security threats and vulnerabilities in the context of perception and network layer of the IoT and the modern IoT security. This paper study a variety of existing works in the IoT security that uses different techniques and methods. This paper also presents IoT security taxonomy based on the current security threats in the contexts of perception and network layer. Possible security threats and vulnerabilities of the IoT are also compared and analysis of the possible threats and attacks to the IoT environment.

This paper also aims to provide a user manual of existing security threats of the IoT environment and proposes possible solutions for improving the IoT security architecture. Modern IoT security threats and vulnerabilities in terms of perception and network layer have been studied. The IoT security, particularly the IoT architecture, such as authentication and authorization, has also been investigated.

2. OVERVIEW OF IOT:

The IoT has drawn interest to lots of researchers recently because of the development of appliances associated with the Internet [4] [5]. IoT simply defines as an interconnection of huge heterogeneous network frameworks and systems in a different mode of communication, For instance, human-to-human, human-to-thing, or thing-to-thing [6]. Furthermore, the IoT is a realm where physical objects are consistently connected to form a network to provide advanced and smart services to users [8]. The connected “things” i.e. sensors or mobile devices observe and collect all types of information and data. They enable the collection of real-time data about the environment. In the IoT based network, sensor-equipped devices know procedure to deliver data to the physical world besides it also take care of authorizing cloud-based resources to extract data and also make decision from the extracted data by using actuator equipped devices which improve the communication among objects [9] [10].

Through the quantity and the size of IoT components, the IoT applications improved using different techniques, methods, and models derived from device-driven embedded frameworks [11]. The IoT system is required to deal with the problems that are related to the IoT application environments, for instance, real-time communication [12], the presence of both sensor and processing units, and the heterogeneous nature of the IoT. Different researchers investigate the method of securing a wireless sensor network (WSN), which is a major component for developing constrained devices in the IoT [13] [14]. These are the Ad-hoc networks that are considered the key component for the IoT devices. They are used for taking and gathering information or data from their surroundings and sending them to users and for accessing connected IoT devices. It contains a large number of small nodes that can detect, compute, and communicate with other devices [15]. The communication between the Internet and the sensor nodes should assure privacy, reliability, verification, and non-revocation [17]. The privacy and security issues in the IoT are completely different from traditional and other wireless networks in terms of deployment and technology [19]. The deployment of IoT networks is done on low-power and lossy networks (LLN). LLNs are networks constrained by energy, processing power, and memory. Therefore, the lightweight cryptographic algorithm is used for securing the IoT environments. These aspects have not been considered for conventional and other wireless networks [20].

3. OVERVIEW IOT ARCHITECTURE:

The IoT system capable of interconnecting a large number of heterogeneous objects through the Internet, Therefore a flexible layered architecture is needed. An increasing number of proposed architectures have not yet converged to a reference model [7]. There are some projects like IoT-A [16] that attempt to give a general architecture based on the study of the needs of researchers. A basic 3-layer architecture model is chosen in this paper from the collection of proposed models [3] [18]. This basic IoT architecture consists of a perception/hardware layer, a network/communication layer, and a layer of applications/services. More abstraction to the IoT architecture has been proposed in some other models illustrated in Fig.1 [17]-[20]. Some common architecture among them is the 5-layer has been used in [3], [17], [18]. Next, we provide a brief discussion on these three layers but mostly focus on perception and network Layer.

Fig. 1: IoT Architectures

3.1 Application layer:

There is no existing standard that specifies the constructing of the IoT application [21]. Based on the service it provides, the application layer can be structured in various ways. The application layer is visible to the end-user and it is the top layer on IoT 3-Layered architecture. An application layer protocol is distributed over various end systems. This end system uses a protocol to share data packets with another end system [22] [23]. Application services including smart cities, smart grid, intelligent transportation protocols, and healthcare systems comprise this layer [1]. An application layer typically comprises a middleware, a machine-to-machine (M2M) communication protocol, cloud computing, and a service support platform. The security issues at this layer are depending on the environment [24] [25].

3.2 Perception layer:

The perception layer categories into two sections, namely, the perception node i.e. sensors or controllers, and the perception network that interconnects the network layer illustrated in Fig 2. [35], at the perception node, data are controlled and gathered, while control instructions for transferring and computing data are carried out at the perception network layer. The perception layer contains every type of sensors, such as RFID, ZigBee, and sensor gateways [36].

A. RFID:

The RFID technology is a major revolution in the communication model that provides the configuration of computing devices i.e. microprocessors for wireless communication. RFID tags are categories into two types active and passive RFID tags [6], have their power source. They are the same as lower end nodes of WSNs in terms of limited storage and processing capability. These tags provide signals to readers regardless of their battery supply and distance of providing instant communication. These Active RFID tags have constrained life spans. On the other hand, Passive RFID tags are not powered by their battery. They utilize the power from an inquiry signal of the reader to establish a connection from the tag to the RFID reader. They are used in various application services like road toll tags and bank cards. Passive RFID tags are very small and have a virtually unconstrained life period. The main features of RFID tags are self-recognition and a unique identity that involves the quick transfer of data and information between tags and readers by wireless communication. The possible threats on RFID include DoS, repudiation; secure localization, tractability, eavesdropping, accessibility, tracking, spoofing, data newness, self-organization, robustness, and survivability [1].

Fig. 2: Overview of Perception Layer

B. Sensor Nodes:

A sensor node acquires and processes data and communicates with other sensor nodes in the network. Sensor nodes have the following components a controller, transceiver, program memory, power source, and hardware. These components execute data processing, transmit and receive radio frequencies, programming the devices; supplies power to the sensor nodes, and capture data from the environment [37]. Another major component of a sensor node is the actuators. Based on the commands receives from the nodes, these actuators is used to activate devices. However, these sensor nodes are also vulnerable to different threats which include node failure, passive information gathering, node subversion, node outage, false node, tampering, exhaustion, unfairness, jamming, collisions and message corruption [38].

C. Sensor Gateways:

Sensor gateways deal with wireless communication and shared information from various distributed wireless sensor nodes. WSN includes the group of dedicated transducers with a communication framework for monitoring the conditions of any sensor device at different locations. Chemical concentrations, power-line voltage, speed, light strength, pollutant levels, humidity, pressure, vibration strength, sound strength and temperature are the parameters that are considered and monitored repeatedly. The wireless channel includes transmitters, receivers and radio communication for share data between devices. However, this channel leads to several threats at sensor gateways including DoS, hacking, signal lost, protocol tunneling, man-in-the-middle attack, interruption, interception and modification

Thethreats on RFIDs include repudiation, tracking, DoS, eavesdropping, spoofing, and counterfeiting [1]. ZigBee comprises a microcontroller, a radio transmission, and a simple protocol. It is small in size, limited power consumption, and low-cost. These devices are vulnerable to threats including key exchange, packet manipulation and hacking Bluetooth [39] [40], allows two devices to connect that comprises a frequency-hopping spectrum, and it is safe and convenient but exposed to threats such as DoS, Bluesnarfing, eavesdropping, , Bluejacking, and car whisperer [41]. The sensors and actuators utilized to sense and activate devices based on commands sent from the nodes. it has high latency in communication and very flexible [42]. These sensor nodes are vulnerable to threats including jamming, tampering, DoS, unfairness, exhaustion, and collisions [38].

3.3. Network layer:

The middle layer of IoT architecture is the network layer that provides network communication and information security. It also provides a persistent access environment to the perception layer i.e. data transmission and storage consciousness and awareness illustrated in Fig 3. The network layer includes mobile devices, cloud computing, and the Internet [26]

A. Mobile device:

A mobile (Movable) device is any portable device with an operating system that runs applications. These portable devices are equipped with Bluetooth, Wi-Fi, and Global Positioning System (GPS). It also has the capability to connections with the Internet and other devices. Location-based services can also be used by Mobile devices [27]. Personal digital assistants and smart phones are also suitable for specific users who want to use some services of a traditional personal computer, where moving one would be impossible. Digital business partners can further enhance the accessible components for business users by integrating data capture devices, such as barcode, RFID, and smart card readers [28]. However, these mobile devices have vulnerabilities to attacks and threats for instance eavesdropping, tracking, DoS, blue-snarfing, blue-jacking, blue-bugging alteration, corruption, and deletion [29].

Fig. 3: Overview of Network Layer

B. Cloud computing:

Cloud computing is Internet-based computing that is distributed in nature and provides data processing for devices based on a set of necessities and requirements. This distributed computing is a suitable model for on-demand network access to a common pool of developing computing properties i.e. servers, systems, storage. In the IoT environment, cloud computing technology has made the work of computing and processing a large amount of data produced by communicating devices [6]. This cloud computing technology also provides low-cost services, high computing power, and performance, versatility for device accessibility [8]. On the other hand, like conventional technologies, cloud users face several security threats including identity management and dynamic change in the IoT devices. It makes transmitted data unreachable to an authentic device, data access controls, encryption, system difficulties, physical protection, communications and infrastructure backbone security, user identity and erroneous configuration of software [6].

C. Internet:

The Internet is a worldwide arrangement of an interconnected and organized collection of computers that uses the conventional Internet protocol (IP) suite (TCP/IP). This arrangement consists of a network of networks, such as private, public, academic, business, and government networks, that are connected by a collection of electronic, wired, wireless and optical networking technologies [30]. The Internet communication structure consists of various software layers and hardware components that control different aspects of the framework. It serves as a platform for devices connected to share information and resources [31]. Furthermore, It is exposed to numerous frequent security and privacy challenges, such as cyber bullying, viruses, encryption, confidentiality, hacking, identity theft, reliability, and integrity [32].

The communication media in the IoT environment can either be wireless or wired. A wired medium involves utilizing network adapters, cables, and routers for data sharing between IoT devices. It enhances the security, reliability, and ease of use [33]. However, a wired medium is exposed to certain threats including extortion hack, data manipulation, Signaling System No. 7, equipment hijacking and malicious attacks [34]. A wireless communication medium enhances the guest access and gives network expansion, increased mobility, and collaboration but is vulnerable to several threats and attacks, such as misconfiguration, hacking, signal loss, DoS, war dialing, protocol tunneling, and MitM [2].

4. TYPES OF ATTACKS IN IOT NETWORKS:

In this section, security challenges in perception and network layer of IoT architecture are discussed. In IoT, security challenges can be attributed to challenges in the network and the perception layer layers. In the following, only security challenges in the perception layer, the network layer are presented.

A. Perception Layer Attacks:

As the main purpose of the perception layer in IoT is to collect data, the security challenges in this layer focus on forging collected data and destroying perception devices, which are presented below and are illustrated in Fig 4.

Jamming: In the Perception layer of IoT, Jamming is measured as the prime DOS attack [5]. It has the capability to disturb the connections of an appliance or a communication network by a powerful jamming source like diffusing radio signals [43]. To protect against jamming attacks, spread-spectrum communication is applied. This solution uses the chaotic direct-sequence spread-spectrum (DSSS) system but for underwater communication. It has the capability to improve security and reduce multipath interference. For underwater networks, the Code Division Multiple Access (CDMA) provides an efficient solution. Switching nodes to a lower duty cycle can be a promising scheme. In this phenomenon, nodes have to be active only for receiving and sending data; otherwise, in order to save their energy, they move to sleep mode.

Node Capture Attacks:

In this attack, the attacker captures and controls the node through physically replacing the entire node, or by tampering the hardware of the node [44]. The data or information will be uncovered to the attacker if a node is compromised by this attack. The attacker can also store and send information related to the captured node to a malicious node. This type of attack is also known as the node replication attack. A node captureattack can incur a serious impact on the IoT network. To defend against this attack, effective schemes to observe, sense and identify malicious nodes require to be studied [45].

False Data Injection Attacks:

The attacker injects false data in place of actual data extracted by the captured node in IoT network, and then sends this false data to IoT applications [46]. After getting the false data, IoT applications return incorrect and erroneous services and commands which will affect the efficiency of IoT networks. The technique False Data Filtering schemes can strongly detect and mitigate false data before the data is received. by the IoT application services [47] [48].

Malicious code Injection Attacks: This attack aims to control a node in IoT by injecting malicious code into the memory of the node. [49] The injected malicious code executes particular functions and grants access to the IoT system to the attacker. To defend against this attack, effective code authentication techniques require be developing and implementing into the IoT network [50].

Fig. 4: Perception Lyer Attacks

Replay Attacks:

In IoT, the attacker can use a malicious node to transmit the legitimate identification information to the destination node, with the aim that the malicious node gets the trust and confidence of the IoT network Secure time stamp schemes should be developed and implemented in IoT, to mitigate the replay attack [21].

Cryptanalysis Attacks:

This attack can obtain ciphertext to infer the encryption key being used in the encryption algorithm. However, the efficiency of the cryptanalysis attack is low. To improve the efficiency the adversary could deploy some techniques on the encryption devices in IoT to obtain the encryption key, which is used in IoT for encrypting data and decrypting data. To mitigate this attack, secure encryption algorithms, and key management techniques should be developed in IoT [22].

Eavesdropping and Interference:

Vulnerability in the IoT network is that data received in the wireless medium can be eavesdropped by non-authorized users [51] [52]. The attacker can also transmit noise signals to interfere with the information delivered in the IoT network. To deal with eavesdropping, secure encryption algorithms and key management schemes are required [53].

Sleep Deprivation Attacks:

In IoT, Due to the low power devices in IoT, to extend the life cycle of the nodes, these nodes are associated with a sleep routine technique to decrease the power consumption [54]. This attack can break the routine techniques and keep nodes awake all the time until they are shut down. The energy harvest mechanism can be a possible solution, in which nodes can harvest energy from the external environment [55].

B. Network Layer Attacks:

As the main purpose of the network layer in IoT is to transmit collected data, the security challenges in this layer focus on the impact of the availability of network resources. Also, most devices in IoT are connected to IoT networks via wireless communication links. Thus, most security challenges in this layer are related to wireless networks in IoT are illustrated in Fig .5

Denial-of-Service (DoS) Attacks:

This attack can be performed by stealing the device, disrupting the communication channel and updating its software. Attackers may repeatedly broadcast dummy messages to jam the channel to decrease the performance and efficiency of the network [56], To mitigate this attack, the techniques need to be developed in an efficient defensive way to secure IoT systems [57].

Spoofing Attacks:

In this attack, the attacker gains complete access to the system, and transmit malicious data into the IoT system [55], In IoT, at the network layer, an attacker can spoof the valid IP address of any other authorized nodes and access the IoT system to send malicious data. To defend against the spoofing attack, identification, and authentication techniques, and secure trust management schemes can be possible solutions [58] [59].

Sinkhole Attacks:

In a sinkhole attack, the attacker offers optimal paths to reach the base station with strong connections that suggest the transmitting nodes to update their routing tables to route data via the malicious node, so that all data passing through this malicious node can be acquired by the attacker. A sinkhole attack causes an essential threat to IoT networks because the sensor nodes based IoT networks are mostly spread out globally [53]. To prevent this attack, techniques such as secure multiple routing protocols need to be developed and implemented [60].

Wormhole Attacks:

Low latency communication between two or more groups of a network through which an attacker can replies network messages is a wormhole attack [60]. At least two malicious nodes must require in this attack. These two nodes are associated with a powerful radio link therefore this path is more optimal and faster. It facilitates the construction of sinkhole nodes and allows modifying and transmitting information to the other network and also ignoring the intermediate nodes. Updated data will be sent to the base station. Then the malicious nodes can gain unauthorized access to perform Denial of Service (DoS) attacks. To prevent this attack, there is one technique is to update the routing protocols to increase security in the route selection process [61].

Fig. 5: Network Layer Attacks

Hello Flood attack:

The major aim of this attack is to consume the energy of the nodes, including the most distant by the repeated transmission of messages discovery of neighborhood type HELLO. The message receivers try to reply to the malicious node even they are positioned in long distances. During the reply procedure, all nodes get affected through this HELLO message consume their energy. By this attack, congestion will occur in the network which is one kind of DOS [62]. To prevent Hello Flood attacks, blocking methods can be used [40] [63].

Black-hole Attack:

The black hole attack idea is to attach a new malicious node and compromise a network node to force maximum neighbors to update their routing tables and to transmit their data through this malicious node. The data and information received by this malicious node will be destroyed and will never be reinserted on the network [55]. Updating in routing tables and redundant paths can secure the black hole attack [5].

Sybil attack:

Sybil attack aims to broadcast the malicious node to multiple nodes by endorsing him different identities to form a large number of paths passing through it. These paths are in reality just single way Sybil attack [64] is concerned in protocols based on the organization of a redundant path to ensure reliability. A secure identification and authentication mechanisms required to be developed and implemented for IoT systems, to defend against Sybil attacks [65].

Flooding attack:

In a flooding attack, one or more malicious nodes send messages repeatedly for a high transmission power with the intention of saturate the network. This type of attack degrades the entire network performance in networks with a single base station. This malicious node causes network congestion by sending a flood of packets to the base station. The attacker can use various packets to congest the network therefore, a flooded base station is difficult to resolve [5] [65].

5. FUTURE SCOPE:

The IoT network development and implementation faces many challenges including security, trust, QoS, infrastructure and energy management. In IoT, securing the nodes is essential because most devices are wireless. Security problems are essential and fundamental in the IoT because attacks can occur at various layers. Different security mechanism, such as authentication, authorization, integrity, confidentiality, privacy, and availability, should be adopted for security in the IoT system. The aim of securing the entire IoT network is extremely challenging and demanding due its environmental properties.

6. CONCLUSION:

The security in IoT has recently emerged as an essential research area. The needs for the implementation of the IoT are growing with important security issues. This paper presented a study on IoT security threats and vulnerabilities presented in the perception and network layer of IoT architecture. This paper also discussed possible solution of the IoT security to defend against the security issues in the IoT environment with some open research issues and challenges to the IoT security.

7. REFERENCES:

1. Q. Jing, A. V Vasilakos, J. Wan, J. Lu, and D. Qiu, “Security of the Internet of Things: perspectives and challenges,” Wirel. Networks, vol. 20, no. 8, pp. 2481–2501, 2014, doi: 10.1007/s11276-014-0761-7.

2. J. Lin, W. Yu, N. Zhang, X. Yang, H. Zhang and W. Zhao, "A Survey on Internet of Things: Architecture, Enabling Technologies, Security and Privacy, and Applications," in IEEE Internet of Things Journal, vol. 4, no. 5, pp. 1125-1142, Oct. 2017, doi: 10.1109/JIOT.2017.2683200

3. S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, “Security, privacy and trust in Internet of Things: The road ahead,” Comput. Networks, vol. 76, pp. 146–164, 2015, doi: https://doi.org/10.1016/j.comnet.2014.11.008.

4. A. Whitmore, A. Agarwal, and L. Da Xu, “The Internet of Things—A survey of topics and trends,” Inf. Syst. Front., vol. 17, no. 2, pp. 261–274, 2015, doi: 10.1007/s10796-014-9489-2.

5. L. Atzori, A. Iera, and G. Morabito, “The Internet of Things: A survey,” Comput. Networks, vol. 54, no. 15, pp. 2787–2805, 2010, doi: https://doi.org/10.1016/j.comnet.2010.05.010.

6. S. Horrow and A. Sardana, Identity management framework for cloud based internet of things. 2012.

7. A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and M. Ayyash, “Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications,” IEEE Commun. Surv. Tutorials, vol. 17, no. 4, pp. 2347–2376, 2015, doi: 10.1109/COMST.2015.2444095.

8. H. F. Atlam, A. Alenezi, A. Alharthi, R. J. Walters, and G. B. Wills, “Integration of Cloud Computing with Internet of Things: Challenges and Open Issues,” in 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), 2017, pp. 670–675, doi: 10.1109/iThings-GreenCom-CPSCom-SmartData.2017.105.

9. E. Borgia, D. Gomes, B. Lagesse, R. Lea, and D. Puccinelli, “Editorial Special Issue on Internet of Things: Research challenges and Solutions,” Comput. Commun., vol. 89–90, May 2016, doi: 10.1016/j.comcom.2016.04.024.

10. R. H. Weber, “Internet of Things – New security and privacy challenges,” Comput. Law Secur. Rev., vol. 26, no. 1, pp. 23–30, 2010, doi: https://doi.org/10.1016/j.clsr.2009.11.008.

11. S. Mansfield-Devine, “The secure way to use open source,” Comput. Fraud Secur., vol. 2016, pp. 15–20, May 2016, doi: 10.1016/S1361-3723(16)30046-X.

12. M. Jutila, “An Adaptive Edge Router Enabling Internet of Things,” IEEE Internet Things J., vol. 3, no. 6, pp. 1061–1069, 2016, doi: 10.1109/JIOT.2016.2550561.

13. N. YE, Y. Zhu, R. WANG, R. Malekian, and L. Qiao-min, “An Efficient Authentication and Access Control Scheme for Perception Layer of Internet of Things,” Appl. Math. Inf. Sci., vol. 8, Jul. 2014, doi: 10.12785/amis/080416.

14. R. Roman, C. Alcaraz, J. Lopez, and N. Sklavos, “Key management systems for sensor networks in the context of the Internet of Things,” Comput. Electr. Eng., vol. 37, no. 2, pp. 147–159, 2011, doi: https://doi.org/10.1016/j.compeleceng.2011.01.009.

15. B. Zhuming, W. Guoping, and X. L. Da, “A visualization platform for internet of things in manufacturing applications,” Internet Res., vol. 26, no. 2, pp. 377–401, Jan. 2016, doi: 10.1108/IntR-02-2014-0043.

16. J. Frizzo-Barker, P. Chow-White, M. Mozafari, and V. T. D. Ha, “An empirical study of the rise of big data in business scholarship,” Int. J. Inf. Manage., vol. 36, pp. 403–413, Jun. 2016, doi: 10.1016/j.ijinfomgt.2016.01.006.

17. A. Gluhak, S. Krco, M. Nati, D. Pfisterer, N. Mitton, and T. Razafindralambo, “A survey on facilities for experimental internet of things research,” IEEE Commun. Mag., vol. 49, no. 11, pp. 58–67, 2011, doi: 10.1109/MCOM.2011.6069710.

18. A. Roukounaki, S. Efremidis, J. Soldatos, J. Neises, T. Walloschke and N. Kefalakis, "Scalable and Configurable End-to-End Collection and Analysis of IoT Security Data : Towards End-to-End Security in IoT Systems," 2019 Global IoT Summit (GIoTS), Aarhus, Denmark, 2019, pp. 1-6, doi: 10.1109/GIOTS.2019.8766407.

19. B. Mostefa and G. Abdelkader, "A survey of wireless sensor network security in the context of Internet of Things," 2017 4th International Conference on Information and Communication Technologies for Disaster Management (ICT-DM), Münster, 2017, pp. 1-8, doi: 10.1109/ICT-DM.2017.8275691.

20. H. Suo, J. Wan, C. Zou, and J. Liu, “Security in the Internet of Things: A Review,” Proc. - 2012 Int. Conf. Comput. Sci. Electron. Eng. ICCSEE 2012, vol. 3, Mar. 2012, doi: 10.1109/ICCSEE.2012.373.

21. K. Zhao and L. Ge, “A Survey on the Internet of Things Security,” in 2013 Ninth International Conference on Computational Intelligence and Security, 2013, pp. 663–667, doi: 10.1109/CIS.2013.145.

22. M. Noura, M. Atiquzzaman, and M. Gaedke, “Interoperability in Internet of Things: Taxonomies and Open Challenges,” Mob. Networks Appl., vol. 24, no. 3, pp. 796–809, 2019, doi: 10.1007/s11036-018-1089-9.

23. J. Nolin and N. Olson, “The Internet of Things and Convenience,” Internet Res., vol. Vol. 26, Feb. 2016, doi: 10.1108/IntR-03-2014-0082.

24. I. Yaqoob, I. Hashem, Y. Mehmood, A. Gani, S. Mokhtar, and S. Guizani, “Enabling Communication Technologies for Smart Cities,” IEEE Commun. Mag., vol. 55, Jan. 2017, doi: 10.1109/MCOM.2017.1600232CM.

25. C. Valmohammadi, “Examining the perception of Iranian organizations on Internet of Things solutions and applications,” Ind. Commer. Train., vol. 48, Feb. 2016, doi: 10.1108/ICT-07-2015-0045.

26. P. Pongle and G. Chavan, “A survey: Attacks on RPL and 6LoWPAN in IoT,” in 2015 International Conference on Pervasive Computing (ICPC), 2015, pp. 1–6, doi: 10.1109/PERVASIVE.2015.7087034.

27. M. Bohge and W. Trappe, An authentication framework for hierarchical ad hoc sensor networks. 2003.

28. S. Laghari and M. A. Niazi, “Modeling the Internet of Things, Self-Organizing and Other Complex Adaptive Communication Networks: A Cognitive Agent-Based Computing Approach,” PLoS One, vol. 11, no. 1, pp. e0146760-, Jan. 2016, [Online]. Available: https://doi.org/10.1371/journal.pone.0146760.

29. C. Bekara, “Security Issues and Challenges for the IoT-based Smart Grid,” Procedia Comput. Sci., vol. 34, pp. 532–537, 2014, doi: https://doi.org/10.1016/j.procs.2014.07.064.

30. Ş. Bahtiyar and M. Ufuk Çağlayan, “Extracting trust information from security system of a service,” J. Netw. Comput. Appl., vol. 35, no. 1, pp. 480–490, 2012, doi: https://doi.org/10.1016/j.jnca.2011.10.002.

31. Ş. Bahtiyar and M. Ufuk Çağlayan, “Extracting trust information from security system of a service,” J. Netw. Comput. Appl., vol. 35, no. 1, pp. 480–490, 2012, doi: https://doi.org/10.1016/j.jnca.2011.10.002.

32. A. Akhunzada et al., “Secure and Dependable Software Defined Networks,” J. Netw. Comput. Appl., Dec. 2015, doi: 10.1016/j.jnca.2015.11.012.

33. H.-D. Ma, “Internet of Things: Objectives and Scientific Challenges,” J. Comput. Sci. Technol., vol. 26, pp. 919–924, Nov. 2011, doi: 10.1007/s11390-011-1189-5.

34. C. Perera, A. Zaslavsky, P. Christen, and D. Georgakopoulos, “Context Aware Computing for The Internet of Things: A Survey,” IEEE Commun. Surv. Tutorials, vol. 16, no. 1, pp. 414–454, 2014, doi: 10.1109/SURV.2013.042313.00197.

35. C.-W. Tsai, C.-F. Lai, and A. Vasilakos, “Future Internet of Things: open issues and challenges,” Wirel. Networks, vol. 20, pp. 2201–2217, Nov. 2014, doi: 10.1007/s11276-014-0731-0.

36. J. Yin and S. Madria, “ESecRout: An Energy Efficient Secure Routing for Sensor Networks,” Int. J. Distrib. Sens. Networks, vol. 4, Apr. 2008, doi: 10.1080/15501320802001101.

37. J. Wu, M. Dong, K. Ota, L. Liang, and Z. Zhou, “Securing distributed storage for Social Internet of Things using regenerating code and Blom key agreement,” Peer-to-Peer Netw. Appl., vol. 8, Jun. 2014, doi: 10.1007/s12083-014-0286-y.

38. B. Massis, “The Internet of Things and its impact on the library,” New Libr. World, vol. 117, pp. 289–292, Mar. 2016, doi: 10.1108/NLW-12-2015-0093.

39. C. Lee, L. Zappaterra, K. Choi, and H.-A. Choi, “Securing smart home: Technologies, security challenges, and security requirements,” in 2014 IEEE Conference on Communications and Network Security, 2014, pp. 67–72, doi: 10.1109/CNS.2014.6997467.

40. A. S. K. Pathan, H.-W. Lee, and C. S. Hong, Security in wireless sensor networks: issues and challenges, vol. 2. 2006.

41. S. Rahimi Moosavi et al., SEA: A Secure and Efficient Authentication and Authorization Architecture for IoT-Based Healthcare Using Smart Gateways, vol. 52. 2015.

42. Y. Zhang, Y. Shen, H. Wang, J. Yong, and X. Jiang, “On Secure Wireless Communications for IoT Under Eavesdropper Collusion,” IEEE Trans. Autom. Sci. Eng., vol. 13, no. 3, pp. 1281–1293, 2016, doi: 10.1109/TASE.2015.2497663.

43. Y. Zhang, Y. Shen, H. Wang, J. Yong, and X. Jiang, “On Secure Wireless Communications for IoT Under Eavesdropper Collusion,” IEEE Trans. Autom. Sci. Eng., vol. 13, no. 3, pp. 1281–1293, 2016, doi: 10.1109/TASE.2015.2497663.

44. K. Zhao and L. Ge, A Survey on the Internet of Things Security. 2013.

45. M. V Bharathi, R. C. Tanguturi, C. Jayakumar, and K. Selvamani, “Node capture attack in Wireless Sensor Network: A survey,” in 2012 IEEE International Conference on Computational Intelligence and Computing Research, 2012, pp. 1–3, doi: 10.1109/ICCIC.2012.6510237.

46. X. Yang, J. Lin, W. Yu, P. Moulema, X. Fu, and W. Zhao, “A Novel En-Route Filtering Scheme Against False Data Injection Attacks in Cyber-Physical Networked Systems,” IEEE Trans. Comput., vol. 64, no. 1, pp. 4–18, 2015, doi: 10.1109/TC.2013.177.

47. J. Lin, W. Yu, X. Yang, G. Xu, and W. Zhao, “On False Data Injection Attacks against Distributed Energy Routing in Smart Grid,” in 2012 IEEE/ACM Third International Conference on Cyber-Physical Systems, 2012, pp. 183–192, doi: 10.1109/ICCPS.2012.26.

48. J. Lin, W. Yu, and X. Yang, “Towards Multistep Electricity Prices in Smart Grid Electricity Markets,” IEEE Trans. Parallel Distrib. Syst., vol. 27, no. 1, pp. 286–302, 2016, doi: 10.1109/TPDS.2015.2388479.

49. X. Yang et al., “Towards a Low-Cost Remote Memory Attestation for the Smart Grid,” Sensors (Basel)., vol. 15, pp. 20799–20824, Aug. 2015, doi: 10.3390/s150820799.

50. A. Seshadri, A. Perrig, L. van Doorn, and P. Khosla, “SWATT: softWare-based attestation for embedded devices,” in IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004, 2004, pp. 272–282, doi: 10.1109/SECPRI.2004.1301329.

51. N. Zhao, F. R. Yu, M. Li, and V. C. M. Leung, “Anti-Eavesdropping Schemes for Interference Alignment (IA)-Based Wireless Networks,” IEEE Trans. Wirel. Commun., vol. 15, no. 8, pp. 5719–5732, 2016, doi: 10.1109/TWC.2016.2568188.

52. G. Gomez, F. J. Lopez-Martinez, D. Morales-Jimenez, and M. R. McKay, “On the Equivalence Between Interference and Eavesdropping in Wireless Communications,” IEEE Trans. Veh. Technol., vol. 64, no. 12, pp. 5935–5940, 2015, doi: 10.1109/TVT.2014.2387475.

53. N. Bressan, L. Bazzaco, N. Bui, P. Casari, L. Vangelista, and M. Zorzi, “The Deployment of a Smart Monitoring System Using Wireless Sensor and Actuator Networks,” in 2010 First IEEE International Conference on Smart Grid Communications, 2010, pp. 49–54, doi: 10.1109/SMARTGRID.2010.5622015.

54. M. Sarkar and D. B. Roy, “Prevention of sleep deprivation attacks using clustering,” in 2011 3rd International Conference on Electronics Computer Technology, 2011, vol. 5, pp. 391–394, doi: 10.1109/ICECTECH.2011.5942027.

55. I. Andrea, C. Chrysostomou, and G. Hadjichristofi, “Internet of Things: Security vulnerabilities and challenges,” in 2015 IEEE Symposium on Computers and Communication (ISCC), 2015, pp. 180–187, doi: 10.1109/ISCC.2015.7405513.

56. S. H. Ahmed, G. Kim, and D. Kim, “Cyber Physical System: Architecture, applications and research challenges,” in 2013 IFIP Wireless Days (WD), 2013, pp. 1–5, doi: 10.1109/WD.2013.6686528.

57. S. U. Maheswari, N. S. Usha, E. A. M. Anita, and K. R. Devi, “A novel robust routing protocol RAEED to avoid DoS attacks in WSN,” in 2016 International Conference on Information Communication and Embedded Systems (ICICES), 2016, pp. 1–5, doi: 10.1109/ICICES.2016.7518942.

58. M. Chuang and J. Lee, “TEAM: Trust-extended authentication mechanism for vehicular ad hoc networks,” in 2011 International Conference on Consumer Electronics, Communications and Networks (CECNet), 2011, pp. 1758–1761, doi: 10.1109/CECNET.2011.5768376.

59. I. Chen, J. Guo, and F. Bao, “Trust management for service composition in SOA-based IoT systems,” in 2014 IEEE Wireless Communications and Networking Conference (WCNC), 2014, pp. 3444–3449, doi: 10.1109/WCNC.2014.6953138.

60. A. Sarkar, “Significance of Smart Cities in 21st Century: An International Business Perspective,” Focus J. Int. Bus., vol. 2, Feb. 2015, doi: 10.17492/focus.v2i2.8623.

61. U. K. Chaurasia and V. Singh, “MAODV: Modified wormhole detection AODV protocol,” in 2013 Sixth International Conference on Contemporary Computing (IC3), 2013, pp. 239–243, doi: 10.1109/IC3.2013.6612197.

62. K. Ren, W. Lou, and Y. Zhang, “Multi-user Broadcast Authentication in Wireless Sensor Networks,” in 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, 2007, pp. 223–232, doi: 10.1109/SAHCN.2007.4292834.

63. P. yi, Y. Wu, F. Zou, and N. Liu, “A Survey on Security in Wireless Mesh Networks,” IETE Tech. Rev., vol. 27, Jan. 2010, doi: 10.4103/0256-4602.58969.

64. I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, “A survey on sensor networks,” IEEE Commun. Mag., vol. 40, no. 8, pp. 102–114, 2002, doi: 10.1109/MCOM.2002.1024422.

65. M. Chuang and J. Lee, “TEAM: Trust-extended authentication mechanism for vehicular ad hoc networks,” in 2011 International Conference on Consumer Electronics, Communications and Networks (CECNet), 2011, pp. 1758–1761, doi: 10.1109/CECNET.2011.5768376.

Receivedon 12.06.2020 Acceptedon 11.08.2020

Int.J.Tech.2020;10(2): 143-152.

DOI: 10.5958/2231-3915.2020.00026.7