IOT Security: A Review

Abstract — In the past decade, Internet of Things has been a focus of research. Security and privacy are the key issues for Internet of Things applications, and still face some challenges. One of the key challenges for the realization of the Internet of Things includes security challenges, especially in the area of privacy and confidentiality among management of heterogeneities and limitations of network capacities. This review paper gives an insight into the most important security challenges related to Internet of Things.

Keywords: security, Internet of Things, challenges, privacy, data, confidentiality, regulation, IoT.


The Internet of Things (IoT) is the interconnection of uniquely identifiable embedded computing devices within the existing Internet infrastructure. The Internet of Things concerns the connection of physical devices (cars, thermostats, smartphones, home lighting, tide sensors, smart meters, etc.) to the Internet. A more widely accepted definition is ITU’s definition from 2005, which is very general and reads as follows:

Internet of Things is a global infrastructure for the modern Society, enabling sophisticated services by interconnecting physical and virtual interoperable information and communication technologies.

There are more devices connected to the Internet than people on the planet, and the prediction is that there will be 50 billion devices by 2020.


The three main points attackers can access IOT devices connected to a network are:

1. The device,

2. The cloud,

3. The network. ​

1. Securing the Device​:

There are some technologies in the industry such as embedded SIM Technology (eUICC)​, M2M-optimised SIM Technology​, SafeNet Hardware Security Modules (HSMs), Trusted Key Manager​​, IP protection to provide security for embedded devices. My opinion is the IP protection is little bit old. Current IoT ecosystems should move from such security infrastructures to something more advanced with encryption technologies.

2. Securing the cloud infrastructure:

This is a major form of threat comes from the enterprise or cloud environment that smart devices are connected to. Data encryption, cloud security and cloud-based licensing ​helps technology companies leverage the full potential of the cloud environment, ensuring their intellectual property is secured.

3. IoT Security Lifecycle Management.

Managing the lifecycle of security components across the device and cloud spectrum is a critical element for a robust and long-term digital security strategy. Security of an Internet of ecosystem is not a one-off activity, but an evolving part of the Internet of ecosystem. Some solutions to build a sustainable security lifecycle management infrastructure, to address current and future security threats are Identity & access management​, Crypto management and maintaining Trusted Services Hubs.


There are now more connected cars, meters, machines, wearable devices and similar IoT nodes than there are PCs, laptops, tablets, and smartphones. Exact numbers and estimates vary but the consensus is that there are now close to 8 billion IoT devices in use and around 7 billion non-IoT connected devices. Low bandwidth and/or low latency environments such as oil rigs, mines, or factories are rapidly taking the experience of IoT. It will gain in further importance over time. However, the critical element will be the interconnection between device and cloud, in which the cloud performs many of the non-critical tasks and large-scale data storage. The modern IoT trends are as follows according to the analytics done by


· Authentication

Now-a-days IoT devices use PKI (public key infrastructure) authentication where digital certificates prove the authenticity of the device. However, IoT devices use few protocols than normal networking devices use and their standards and each authentication method must ensure that each device is capable of authentication in a secure manner. Some may need manual update because lacking OTA functionality and others may have locked settings that cannot be changed from the default.

· Access Control

My opinion is that organizations better to have an automated and integrated security framework that secures network access, monitors traffic and behaviors because Access control systems play a major role in security of Internet of Things, it should ensure that access controls are universally applied and devices are removable with minimal impact to critical business transactions and work-flows.

· Privacy

As an example, Internet of Things is being used to monitor infants’ health and activities, thus enabling them to live safely and independently at home. However, Internet of Things create privacy challenges that need to be addressed. There are some other aspects of privacy such as confidentiality and secondary use of users’ information. The developers of Internet of Things should adopt an expanded view of privacy. This will ensure that safeguards are built in to Internet of Things devices to protect and maintain users’ privacy while also enabling the appropriate sharing of data to support the users’ safety and wellbeing.

· Policy Enforcement

Governments and regulators can help unlock socio-economic benefits by implementing policies that promote innovation and investment, as well as introducing regulatory frameworks that build trust and are technology neutral. But in Sri Lanka there no any active policies yet under the IoT ecosystem because that is still not yet touched by public. So startups and new inventors are capable in nature to try anything using IoT technologies because those technologies are not yet regulated by the government. I suggest that the government of Sri Lanka should adapt to those technologies and make rules and regulations before going it viral in the country.

· Trust

As a user I may consider Trust as the most important thing before interacting with an IoT devices because I’m going to share my data with those tiny devices. The security and privacy requirements including privacy and trust management among users and things are playing a fundamental role to detect malicious nodes in IoT. According to my experience an IoT service provider should do surveys continuously on trust evaluation under some specified criteria to provide a trustworthy service.

· Mobile Security

There are so many types of attacks could be performed via next generation IMSI catchers just like fake mobile. They will open back doors to monitor users’ IoT activities (e.g., home automation activities, daily routine automations), Create fake nodes based on that information, using these profiles to monitor their activity and behavior remotely even if the users move away from the area. So the current IoT in fractures should pay more attention on mobile devices because it is the device acting as middle person to inter connect the IoT device and the user.

· Secure Middleware

The middleware for IoT acts as a bond joining the nodes through interfaces. Sometimes middleware acts like a software layer interposed between the infrastructure and the applications using it to support important requirements for these applications. To track issues of middleware, first we should have a better understanding of the current gap and future directions of existing middleware systems. Second, fundamental functional features should be classified on the existing IoT-middleware. Then we can analyze and research the issues to optimize the system security. As a theory no any system is secure within a network.

· Confidentiality

IoT interconnections generate a huge amount of private data, which needs to be processed, communicated and stored. Using normal security solutions to ensure data confidentiality is challenging. So my opinion is that we should discuss further more to build up a standardized infrastructure with more secure protocols for the future. Otherwise the developers and innovators will have to do more effort to communicate and promote their product within a society affected by IoT phobias.


Internet of Things represents a new, interesting direction in the development of the Internet. It refers to unique identification of objects and their virtual representation in the structure of the Internet and they may communicate with each other, provide information about itself and accept data collected by other objects. This emerging domain for the Internet of Things has been attracting the significant interest in last few years, and will continue for the years to come The development of Internet of Things depends on the dynamics of innovations in numerous technical fields, from wireless sensors to nanotechnology. Capacities, such as the monitoring of changes in the environment or communication between devices, represent high priority in the development of Internet of Things. One of the key challenges for the realization of the Internet of Things include security, privacy and confidentiality, management of heterogeneities, limitations of network capacities, management and processing of large quantities of data in order to provide useful information / service and enable an efficient regulatory policy in the area of Internet of Things. According to the Gartner’s expectations IoT security spending to grow by almost 60 percent in the next two years, reaching around USD 547 million. So we should take the maximum outcome for the spending. Since, protection of privacy is one of the key constitutional rights of European citizens’ it is very important to note that Internet of Things will have to be established in Sri Lanka as regulatory frameworks for data and privacy protection, as well as with all legal requirements into a single group of rules in SL and including also revised measures for data transparency and safety issues.


[1] Hari and Singh: Security Issues in Wireless Sensor Networks, International Conference on Advances in Computing, Communication, & Automation (ICACCA), Apr. 2016; DOI: 10.1109/ICACCA.2016.7578876

[2] Ferrag M. A., L. A. Maglaras, H. Janicke and J. Jiang: „Authentication Protocols for Internet of Things: A Comprehensive Survey “, arXiv, Dec. 2016

[3] IoT 2017 in review: The 10 most relevant IoT developments of the year,

[4] Chaqfeh, Moumena. “Challenges in middleware solutions for the internet of things.” International Conference on Collaboration Technologies and Systems (CTS) (2012): 21–26.

[5] ABDMEZIEM, Mohammed. (2016). Data Confidentiality in the Internet of Things. 10.13140/RG.2.2.19150.87366.

[6] Mario Ballano Barcena and Candid Wueest, Symantec Antivirus,” Insecurity in the Internet of Things, Mar 12 2015

[7] Ericson Corporation, “IOT Security”, Ericson White paper, 284 23–3302 (Uen), February 2017

[8] Gartner, Forecast: IoT Security, Worldwide, 2016,

Hey, It’s nice to see you reading my article. If you are interested in, send me your order today: I’m on Fiverr:

Founder @