A Holistic Analysis of Internet of Things (IoT) Security: Principles, Practices, and New Perspectives

Mahmud Hossain (), Golam Kayas, Ragib Hasan, Anthony Skjellum, Shahid Noor and S. M. Riazul Islam ()
Additional contact information
Mahmud Hossain: Department of Private Certificate Authority, Amazon Web Services (AWS), Herndon, VA 20171, USA
Golam Kayas: Department of Cybersecurity & Privacy Group, Comcast Crop., Philadelphia, PA 19103, USA
Ragib Hasan: Department of Computer Science, University of Alabama at Birmingham, Birmingham, AL 35294, USA
Anthony Skjellum: Department of Computer Science and Engineering, University of Tennessee at Chattanooga, Chattanooga, TN 37403, USA
Shahid Noor: Department of Computer Science, Northern Kentucky University, Highland Heights, KY 41099, USA
S. M. Riazul Islam: School of Natural and Computing Sciences, University of Aberdeen, Aberdeen AB24 3FX, UK

Future Internet, 2024, vol. 16, issue 2, 1-57

Abstract: Driven by the rapid escalation of its utilization, as well as ramping commercialization, Internet of Things (IoT) devices increasingly face security threats. Apart from denial of service, privacy, and safety concerns, compromised devices can be used as enablers for committing a variety of crime and e-crime. Despite ongoing research and study, there remains a significant gap in the thorough analysis of security challenges, feasible solutions, and open secure problems for IoT. To bridge this gap, we provide a comprehensive overview of the state of the art in IoT security with a critical investigation-based approach. This includes a detailed analysis of vulnerabilities in IoT-based systems and potential attacks. We present a holistic review of the security properties required to be adopted by IoT devices, applications, and services to mitigate IoT vulnerabilities and, thus, successful attacks. Moreover, we identify challenges to the design of security protocols for IoT systems in which constituent devices vary markedly in capability (such as storage, computation speed, hardware architecture, and communication interfaces). Next, we review existing research and feasible solutions for IoT security. We highlight a set of open problems not yet addressed among existing security solutions. We provide a set of new perspectives for future research on such issues including secure service discovery, on-device credential security, and network anomaly detection. We also provide directions for designing a forensic investigation framework for IoT infrastructures to inspect relevant criminal cases, execute a cyber forensic process, and determine the facts about a given incident. This framework offers a means to better capture information on successful attacks as part of a feedback mechanism to thwart future vulnerabilities and threats. This systematic holistic review will both inform on current challenges in IoT security and ideally motivate their future resolution.

Keywords: Internet of Things; analysis; security; communication security; device security; service security; forensic; threats; vulnerabilities; requirements; challenges; solutions; new perspectives (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2024
References: View complete reference list from CitEc
Citations: View citations in EconPapers (1)

Downloads: (external link)
https://www.mdpi.com/1999-5903/16/2/40/pdf (application/pdf)
https://www.mdpi.com/1999-5903/16/2/40/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:16:y:2024:i:2:p:40-:d:1325877

Access Statistics for this article

Future Internet is currently edited by Ms. Grace You

More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().