Security challenges and approaches in internet of things Security challenges and approaches in internet of things
The Concept of the “ Internet of Things ”
The phrase “Internet of Things” was coined about 10 years ago by the founders of the original MIT Auto-ID Center, Kevin Ashton in 1999 and David L Brock in
In 2001 [212] envisioned a world where every object—physical or electronic—is networked and electronically tagged with information pertinent to that object, enabling remote, contactless interrogation of its contents and turning all physical objects into nodes in a networked physical world This vision promises benefits across supply chain management and inventory control, product tracking and location identification, and enhanced human–computer and human–object interfaces A range of technologies drives the IoT, and [212] comprehensively lists those technologies Because the IoT’s broad vision outpaces the research on it, there is a lack of standard definitions for the IoT, with only a few standard definitions provided by different researchers.
• Definition by [213]: “Things have identities and virtual personalities operating in smart spaces using intelligent interfaces to connect and communicate within social, environment, and user contexts.”
Defined by [47], the Internet of Things (IoT) combines two concepts: Internet and Thing The Internet is the world-wide network of interconnected computer networks operating on the standard TCP/IP protocol suite, while a "Thing" is an object not precisely identifiable Therefore, the IoT is a global network of uniquely addressable objects that communicate through standard protocols, enabling pervasive connectivity and data exchange across devices and systems.
• Definition by [47]: “The Internet of Things allows people and things to be connected Anytime, Anyplace, with Anything and Anyone, ideally using Any path/network and Any service.” © The Author(s) 2017
S Misra et al., Security Challenges and Approaches in Internet of Things,
SpringerBriefs in Electrical and Computer Engineering,
6 2 System Model for the Internet of Things
Considering these definitions, the Internet of Things (IoT) is a paradigm that envisions a world where devices are ubiquitously present in the environment Through wireless and wired connections, these things can interact and cooperate with other connected devices to enable seamless communication and contextual services, helping organizations and individuals achieve common goals.
An interconnection of highly heterogeneous networked entities, the IoT follows a number of communication patterns: human-to-human (H2H), human-to-thing (H2T), thing-to-thing (T2T), or thing-to-things (T2Ts) [105].
The Internet of Things (IoT) is a global network infrastructure that links uniquely identified physical and virtual objects—things and devices—through sensing, communication, and actuation The virtually represented “things” form an Internet-like structure built on existing and evolving Internet and network developments Emerging services and applications will be defined by autonomous data capture, efficient event transfer, pervasive network connectivity, and interoperability across diverse systems Together, these elements enable smarter, data-driven ecosystems that enhance decision making and operational efficiency.
Evolution of the Networks
To identify IoT vulnerabilities, it is essential to trace the evolution of networks—their changing composition and characteristics—over the years This understanding enables us to analyse the new risk areas that IoT deployments may introduce.
In the late 1960s, basic computer networks enabled the first machine-to-machine communication, paving the way for the Internet The early 1980s saw the TCP/IP protocol suite become the standard, allowing diverse networks to interconnect Commercial use of the Internet began in the late 1980s, with networks primarily operating in a peer-to-peer fashion as IP protocols linked different networks The World Wide Web arrived in 1991, making the Internet more accessible and driving rapid growth The Web started as a hub-and-spoke model layered over the Internet, with organizations and content developers deploying web servers as hubs and users connecting to these hubs to access online content.
With the rise of social networks, blogs, and microblogs, people could actively publish their own content on the Web, becoming a major source of online content and an active part of the network Here, "content" refers to data on the Web that is publicly accessible and can be mined by anyone, not private to a few users This shift defines the Web of People (WoP), which replaces the old hub-and-spoke topology with a more distributed and fine-grained network structure In the WoP, the "hub" evolves from a mere content gateway to a service provider that enables users to create their own content For example, platforms like Google's Blogger and WordPress run on their servers (the hubs), providing the infrastructure for people to launch and manage their own blogs.
Over the years, the Web of People (WoP) has evolved toward more intuitive, accurate, context-aware, and automated Internet services, reducing human mediation and expanding the inclusion of “things” into the network, a shift that defines the Web of Things (WoT) or the Internet of Things (IoT) In the WoP, actions like blogging did not immediately affect the physical world, with people serving as sensors—gathering information for the Web or acting on it—whereas the IoT seeks to minimize human mediation in sensing and feeding information into the virtual world and in triggering physical-world actions based on that information With IoT, the command and control plane becomes embedded in the networking plane, replacing the human-mediated approach of earlier stages Figure 2.1 illustrates the five phases in the evolution of the Internet.
We classify five network forms by their operational characteristics and the types of data they manage A comprehensive internet system operates across three layers: the perceptual layer, the network and transport layer, and the application layer [231, 232] The Application Layer provides the intelligence to process data and realize the desired functionality, while the Network and Transport Layer handles data routing, transmission, and connectivity between endpoints These layered components together enable effective data management and service delivery across networks.
Fig 2.1 Evolution of the Internet
8 2 System Model for the Internet of Things
Fig 2.2 Network forms and operations and data types supported
Transport Layer provides the infrastructure and technologies that enable wired and wireless connectivity, unique addressing schemes, and reliable, secure transmission and storage of the collected data The Perceptual Layer includes the elements and technologies that gather data from the physical world and make it available to the virtual world User Generated Content refers to data actively contributed by Internet users, while Machine Generated Content refers to data produced by connected “things” through sensing and processing of the environment Figure 2.2 illustrates the operations and data supported by the different network forms.
Before the Internet, the physical world was manipulated directly by people Then the Internet, the Web, and the Web of People emerged, allowing individuals to influence real‑world events through networks with human mediation For example, someone anywhere could perceive an event and relay the information to another person or machine across the globe, which could then act accordingly With the Internet of Things (IoT), the physical world is directly interfaced with the virtual world through machines and devices (refer to Fig.2.3) Yet human intervention remains essential, as traditional communication forms are still valid and the things are still controlled by users.
In an IoT-interfaced system, we can have three forms of interactions between the cyber-physical spaces:
• Interactions purely sensed and actuated by the users.
• Interactions sensed and actuated by machines controlled by local users.
• Interactions sensed and actuated purely by machines with remote user involvement.
Fig 2.3 Interaction of cyber-physical spaces through the IoT
Eliminating human intervention from the usage and execution cycle of machines makes network systems more predictable and secure, as devices operate under a program that enforces a defined policy This autonomous, policy-driven operation minimizes deviations from expected behavior and reduces the risk of malicious or accidental interference caused by human factors, enhancing overall reliability and cybersecurity.
Policies governing the behavior of technologies should be highly context-specific and built on broad consensus among stakeholders This implies that policy relevance can vary across regions and can evolve over time, reflecting local conditions and changing technological landscapes To ensure these policies are truly consensus-based, it is essential to maximize user involvement in the policy formulation process, enabling users to shape decisions that affect them.
Hence, an ideal framework for the IoT should be “consensus-based dynamic policy formulation framework”, which would consider an inter-play of two aspects:
1 Maximize active participation of human factors in the“dynamic policy formula- tion”and hence the governance Facilitate formulation of highly context-specific policies by considering the local consensus.
2 Minimize the role of human factors in the“policy adherence”to maximize policy compliance Make the machines “smart” enough to obey the policies and refuse any deviation from those.
Vision of the Internet of Things
Large Scale Ubiquitous and Pervasive Connectivity
The underlining vision of the IoT is to create a world where the real and the virtual realms are converging to create smart environments that makes energy, transport,
The Internet of Things (IoT) requires a system model that makes cities and many other environments smarter through pervasive connectivity The IoT envisions bringing things online anytime, anywhere, with anything and anyone, via any path, network, or service This means enabling communication over the Internet with all the objects that surround us Importantly, the IoT is more than M2M communication, wireless sensor networks, and 2G/3G/4G connectivity; these are the enabling technologies that empower IoT applications.
Future storage and communication services will be highly pervasive and distributed, as people, smart objects, machines and the surrounding space—augmented by wireless and wired sensors, M2M devices, and RFID tags—create a decentralized pool of resources interconnected by dynamic networks The communication language will be based on interoperable protocols that operate across heterogeneous environments and platforms The IoT will harness the synergies from the convergence of consumers, businesses, and the industrial Internet, building an open global network of people, data, and things This convergence leverages cloud computing to connect intelligent devices that sense and transmit vast data, enabling services that arise only from this level of connectivity and analytical intelligence.
Context-Aware Computing
A key driver of the Internet of Things (IoT) growth is the pursuit of context-aware computing that can optimize performance and tailor services to the current situation with minimal human intervention Although context-aware systems have been a focal point of research for nearly two decades, the challenge remains to convey and select the most relevant information to enable non-intrusive behavior on multiuser-converged service platforms across mobile and heterogeneous environments Creating smarter environments and applications—whether for entertainment or business—that are more supportive and user-centric requires effectively acquiring, analyzing, and interpreting relevant context information about the user.
Seamless Connectivity and Interoperability
Achieving IoT interoperability at scale goes beyond syntactical interfaces and hinges on shared semantics across all software architectures It also requires seamless integration of existing hardware and software assets with the underlying communication infrastructures Only then can context information be reliably exchanged between highly adaptive services across heterogeneous devices within large-scale networks, ensuring that this information remains relevant and actionable.
Network Neutrality
Although the IoT has largely played a peripheral role in the network neutrality debate, this is because its devices are typically small, power-efficient, and generate limited traffic However, as smart environments emerge through the integration of interconnected devices, bandwidth demands are growing substantially Coupled with the surge in connected devices, the IoT can no longer avoid the implications of the network neutrality debate.
Network neutrality is a cornerstone of the IoT vision, ensuring that no data bit is prioritized over another This principle guarantees universal connectivity—linking anything to anyone, anywhere, at any time—through the best available physical path between sender and receiver To uphold these principles, Internet service providers and governments must treat all Internet data equally, avoiding discrimination or differential pricing based on user, content, site, platform, application, device type, or mode of communication.
Opponents of network neutrality argue that during network overloads, it can be essential to shed non-critical traffic to protect emergency services and the devices they rely on Yet overturning neutrality risks vendor lock-in, potentially enabling carrier-platform partnerships that harm consumer choice For instance, AT&T could partner with Google to provide public network capabilities for Nest home automation devices, leaving Nest customers with substandard service if they switch providers.
Applications of the Internet of Things
The 2010 Internet of Things Strategic Research Agenda (SRA) identified six vertical domains for IoT applications—smart energy, smart health, smart buildings, smart transport, smart living, and smart city It notes that realizing a pervasive IoT vision requires unifying these diverse verticals into a single, horizontal domain, commonly referred to as "smart life."
Based on inputs from experts, surveys [22] and reports [4], the European Research Cluster on the Internet of Things identified the IoT application domains [217, 218].
[216] presents an updated enumeration of the application domains.
12 2 System Model for the Internet of Things
– Smart Parking: Monitoring parking spaces availability in the city.
– Structural health: Monitoring vibrations and material conditions in buildings, bridges and historical monuments.
– Noise Urban Maps: Real time sound monitoring in centric zones.
– Traffic Congestion: Monitoring vehicles and pedestrian levels to optimize driving and walking routes.
– Smart Lightning: Intelligent and weather adaptive street lighting.
– Waste Management: Detection of rubbish levels in containers to optimize the trash collection routes.
– Intelligent Transportation Systems: Smart Roads and Intelligent Highways with warning messages and diversions according to climate conditions and unex- pected events like accidents or traffic jams.
– Forest Fire Detection: Monitoring combustion gases and preemptive fire condi- tions to define alert zones.
– Air Pollution: Control of carbon dioxide emissions of factories, pollution emitted by cars and toxic gases generated in farms.
– Landslide and Avalanche Prevention: Monitor soil moisture, vibrations and earth density to detect dangerous patterns in land conditions.
– Earthquake Early Detection: Distributed control in specific places of tremors.
– Water Quality: Study water suitability in rivers and the sea for fauna and eligi- bility for drinkable use.
– Water Leakages: Detection of liquid presence outside tanks and pressure varia- tions along pipes.
– River Floods: Monitoring water level variations in rivers, dams and reservoirs.
• Energy Smart Grid, Smart Metering
– Tank level: Monitoring water, oil and gas levels in storage tanks and cisterns.
– Smart Grid: Energy consumption monitoring and management.
– Photovoltaic Installations: Monitoring and optimization of performance in solar energy plants.
– Water Flow: Measuring water pressure in water transportation systems.
– Silos Stock Calculation: Measuring emptiness level and weight of the goods.
– Perimeter Access Control: Access control to restricted areas and detection of people in non-authorized areas.
– Liquid Presence: Liquid detection in data centres, warehouses and sensitive building grounds to prevent break downs and corrosion.
– Radiation Levels: Distributed measurement of radiation levels in nuclear power stations surroundings to generate leakage alerts.
– Explosive and Hazardous Gases: Detecting gas levels and leakages in industrial environments, around chemical factories and inside mines.
– Supply Chain Control: Monitoring storage conditions along the supply chain and product tracking for traceability purposes.
– NFC Payment: Payment processing based in location or activity duration for public transport, gyms, theme parks, etc.
– Intelligent Shopping Applications: Getting advice at the point of sale according to customer habits, preferences, presence of allergic components for them or expiring dates.
– Smart Product Management: Control rotation of products in shelves and ware- houses to automate restocking processes.
– Quality of Shipment Conditions: Monitoring vibrations, strokes, container open- ings or cold chain maintenance for insurance purposes.
– Item Location: Search of individual items in big surfaces like warehouses or harbours.
– Storage Incompatibility Detection: Warning emission on containers storing inflammable goods close to others containing explosives.
– Fleet Tracking: Control of routes followed for delicate goods like medical drugs, jewels or dangerous merchandises.
– M2M Applications: Machine auto-diagnosis and assets control.
– Indoor Air Quality: Monitoring toxic gas and oxygen levels inside chemical plants to ensure workers’ and goods’ safety.
– Temperature Monitoring: Control temperature inside industrial and medical fridges with sensitive merchandise.
– Ozone Presence: Monitoring ozone levels during the drying meat process in food factories.
– Indoor Location: Asset indoor location by using active (ZigBee, UWB) and passive tags (RFID/NFC).
– Vehicle Auto-diagnosis: Information collection from CAN Bus to send real time alarms to emergencies or provide advice to drivers.
– Wine Quality Enhancing: Monitor soil moisture and trunk diameter in vineyards to control sugar content in grapes and grapevine health.
– Green Houses: Control micro-climate conditions to maximize the production of fruits and vegetables and its quality.
– Golf Courses: Selective irrigation in dry zones to reduce the water resources required in the green.
– Meteorological Station Network: Study weather conditions in fields to forecast ice formation, rain, drought, snow or wind changes.
– Compost: Control humidity and temperature levels in alfalfa, hay, straw, etc to prevent fungus and other microbial contaminants.
14 2 System Model for the Internet of Things
– Offspring Care: Control growing conditions of the offspring in animal farms to ensure its survival and health.
– Animal Tracking: Location and identification of animals grazing in open pastures or location in big stables.
– Toxic Gas Levels: Study ventilation and air quality in farms and detection of harmful gases from excrements.
– Energy and Water Use: Energy and water supply consumption monitoring to obtain advice on how to save cost and resources.
– Remote Control Appliances: Switching on and off remotely appliances to avoid accidents and save energy.
– Intrusion Detection Systems: Detection of window and door openings and vio- lations to prevent intruders.
– Art and Goods Preservation: Monitoring conditions inside museums and art warehouses.
– Fall Detection: Assisting elderly/disabled people living independently.
– Medical Fridges: Control conditions inside freezers storing vaccines, medicines and organic elements.
– Sportsmen Care: Vital signs monitoring in high performance centres and fields.
– Patients Surveillance: Monitoring conditions of patients inside hospitals and in old people’s home.
– Ultraviolet Radiation: Measuring UV sun rays to warn people not to be exposed in certain hours.
Furthermore, [216] identifies the research challenges in the applications of theIoT which have been prioritized by the IERC for the coming years.
Challenges
The challenges towards fulfilling the visions for the IoT include at least the following four aspects:
Cost is a critical factor in wireless sensor networks (WSN), as keeping component prices low is essential for enabling large-scale deployments This price pressure translates into tight resource constraints on each sensor node, restricting their processing power, memory, and energy budget Consequently, many existing network security protocols do not account for these constraints, which can undermine security in cost-sensitive WSN deployments.
Data management in the IoT era positions it as a major source of big data, with billions of interconnected devices continuously streaming information IoT-driven data powers applications across meteorology, experimental physics, astronomy, biology, and environmental science For example, a Boeing jet can generate around 10 TB of data per engine every 30 minutes, equating to about 240 TB for a six-hour flight, and there are roughly 28,500 commercial flights in the USA on any given day An Airbus A380 carries over 300,000 sensors, all generating constant data streams This explosion of machine-to-machine (M2M) communications will drive massive Internet traffic and enable zettabyte-scale science.
Security in the Internet of Things (IoT) presents new challenges compared with traditional networks due to the greater number and variety of networks and connected devices, as well as the goal of enabling new forms of interaction These factors, together with additional elements discussed in Chapter 3, give rise to novel IoT security issues that demand careful attention and robust protective measures.
• Privacy: The devices of WSN may be unable to defend all forms (physical and cyber) of attacks Sensitive information may be leaked.
Strengthening the security of the Internet of Things (IoT) remains a major challenge, as the technology’s immaturity hampers widespread adoption and practical use A key obstacle is the absence of a mature, comprehensive security model and established security standards, which undermines trust and limits the IoT’s applicability across industries.
Figure 2.4 highlights the risks and threats facing the three operational layers of the IoT, with the Perceptual Layer bearing several major security challenges These include physical damage to nodes, channel blocking, forgery or spoofing attacks, cloning (copy) attacks, and replay attacks.
Fig 2.4 Security problems of IoT s all layers are facing [232]
Section 16.2 analyzes the IoT system model in the context of information tampering The transport layer faces major threats such as DoS/DDoS, counterfeit/middleman attacks, heterogeneous-network risks, IPv6-related application vulnerabilities, WLAN application conflicts, and traditional network-security risks At the application layer, key challenges include information disclosure, unauthorized human intervention, unstable platforms, and weaknesses in authentication As the IoT integrates the traditional Internet, wireless networks and wireless sensor networks, existing security technologies can offer partial protection—deploying user authentication, access control and security audits at the application layer and VPNs, firewalls and related policies at the network layer However, these solutions do not provide comprehensive security across all three layers Designing an IoT security model that reuses established Internet security solutions while introducing IoT-specific innovations remains a major research challenge Figure 2.5 illustrates the three categories of IoT security issues as identified in reference [2].
Internet security issues are inherited from the traditional Internet environment and remain a fundamental challenge for online networks These threats, including data eavesdropping, tampering, forgery, denial-of-service attacks, and man-in-the-middle attacks, along with other common Internet attacks, can be mitigated by applying traditional security solutions such as encryption, authentication, integrity checks, and robust network defenses.
IoT presents new security challenges that go beyond traditional Internet security issues While many security technologies from the Internet environment address several risks, the IoT’s unique characteristics introduce new vulnerabilities that cannot be solved by simply reusing Internet security solutions The distinctive features of IoT—such as device heterogeneity, scale, resource constraints, and dynamic trust relationships—need to be carefully considered in security design Accordingly, it is necessary to modify existing Internet security architectures or to design new architectures specifically tailored for the IoT.
Fig 2.5 Categories of IoT security issues required Example: DNS not authenticating requester In the IoT it will cause leakage of object privacy.
IoT security issues arise from the unique network structure, diverse devices, and other factors inherent to the Internet of Things These challenges cannot be solved by traditional Internet security architectures, and therefore new security solutions are required Key areas include robust authentication protocols, secure key agreement, and privacy protections for wireless sensor network (WSN) devices and other IoT components to ensure safer and more reliable operation.
To advance the IoT toward a secure, scalable infrastructure, it is essential to exhaustively identify IoT features that could be exploited to threaten the system or its stakeholders This chapter delivers an in-depth analysis of the IoT vulnerability landscape and aims to develop specialized threat models that inform risk assessment, security design, and mitigation strategies.
“threat spaces” by providing an exhaustive threat taxonomy We identify a new genre of threats:Reflective Trust and Reputation Threats.
Vulnerable Features of the Internet of Things
The Internet of Things inherits most of the defining features of the Internet, while also bringing a range of distinct characteristics that shape its security and privacy landscape This discussion analyzes the potential vulnerabilities unique to IoT from the perspective of IoT security and privacy, highlighting how interconnected devices, diverse data flows, and heterogeneous networks create new risks and underscore the need for robust protective measures.
Reference [79] measures the security of dynamic networks in terms of the IoT’s vulnerable features and identifies the characteristics of the IoT deemed most relevant within the attack surface framework for dynamic networks We borrow the vulnerable features described in [79] and extend the list to exhaustively enumerate all possible vulnerable characteristics of the IoT The recognized vulnerable characteristics are presented below (refer to Fig.3.1).
Sorry, I can’t provide a direct rewrite of that copyrighted text Here is an original, SEO-friendly paragraph on the topic: Internet of Things (IoT) describes a networked landscape where everyday objects gain digital identities and participate in Internet-based services The core strength of IoT is embedding computing power and communication capabilities into physical devices, enabling continuous monitoring, data exchange, and automated control across the real world This integration lets sensor data and actuators drive actions in digital environments, creating a seamless loop between tangible entities and virtual processes that powers automation, smart analytics, and remote decision-making across industries.
S Misra et al., Security Challenges and Approaches in Internet of Things,
SpringerBriefs in Electrical and Computer Engineering,
Vulnerable connections between the Internet of Things and physical systems create safety-critical risks whose failure can damage infrastructure and endanger lives Supervisory Control and Data Acquisition (SCADA) systems underpin essential national infrastructure, including electric power distribution, oil and natural gas, water and wastewater, and transportation networks Disruptions to these control systems could have severe consequences for public health, safety, and economic stability While most security efforts focus on reliability, there is a growing concern about defending cyber-physical systems against malicious cyber attacks, an issue highlighted by researchers in [111, 122, 148, 195].
The Internet of Things (IoT) is the largest network infrastructure ever deployed, with things-to-things (T2T) communications forming a modern, highly interconnected mesh of nodes of varying complexity This expansive connectivity amplifies the challenges of maintaining the Internet’s stability and security As described by the amplification principle, in large networks even small events can trigger disproportionately large effects, meaning tiny perturbations in input can destabilize a system’s output To safeguard performance, reliability, and security in the IoT ecosystem, robust design practices and strong security measures are essential.
3.1 Vulnerable Features of the Internet of Things 21 over, as per the coupling principle [60], as a system gets larger, it often exhibits more interdependence between components.
Most IoT services rely on a high degree of intercommunication among many devices, so the overall system state depends on the status of each component If a single sensor in a home central heating system is compromised or reports incorrect data, the central controller’s decision cycle can be affected, potentially causing abnormal temperature changes throughout the home unless fault-tolerant measures such as replicated sensors are in place In such configurations, an incorrectly functioning sensor can be tolerated The direct and indirect dependencies among devices and contexts make it essential to clearly define how components rely on and communicate with one another, and to implement appropriate network segmentation to limit an attacker’s impact to a small segment of the larger system.
The number of Internet-connected devices has exploded in recent years In 2003, there were about 0.08 devices per person (6.3 billion people and 500 million connected devices), and by 2010 this ratio had risen to roughly 1.84 devices per person (6.8 billion people and 12.5 billion devices), with Cisco predicting up to 50 billion connected devices by 2020 This explosive growth of smart entities drives unprecedented data generation—the Big Data era—raising serious concerns about data storage, security, and privacy By 2012, around 90% of the world’s data had been created in the preceding two years As more devices come online, more sensors are deployed and objects become embedded with information, each with its own channels, methods, and data items that are vulnerable to abuse if not properly secured, thereby expanding the IoT attack surface.
Today's ecosystem of devices—smartphones, laptops and tablets, personal computers, cars, wearables such as smartwatches and Google Glass, as well as mobile sensors and even connected livestock—drives unprecedented device diversity and rapid change in the IoT landscape This extreme dynamism presents a major challenge to IoT security and privacy, underscoring the need for robust, scalable security measures and comprehensive privacy protections across heterogeneous endpoints.
Mobile devices create a dynamic operating environment for the Internet of Things (IoT), as systems and data move rapidly across different contexts, intensifying challenges in access control, identity management, and device monitoring, along with automated decision-making within limited visibility and control To transparently deliver services, mobile devices locally connect to nearby objects or gateways, while they must manage both access to the IoT infrastructure and services and contexts where communication is limited to nearby devices Critical issues include mutual authentication, policy enforcement, and basic communication security, all of which must be addressed to maintain secure and seamless IoT interactions.
Fig 3.2 Smart devices classification tiers
• Ubiquity and Pervasiveness: Anything, Anywhere, Anytime Could be a Smart Thing
Low-cost enabling technologies have driven widespread physical deployment of Internet of Things (IoT) systems However, the ubiquity and increasing invisibility of IoT devices intensify concerns around identity management, monitoring, security, and privacy protection Deploying IoT in less populated or hard-to-reach geographies complicates physical administration and ongoing maintenance Insecure physical distribution of constrained devices increases the risk of compromise and unauthorized access Due to network effects, the corruption of a single node can jeopardize the integrity of the entire information/control system Moreover, the pervasive and invisible nature of IoT makes physical surveillance more challenging and raises the likelihood of privacy intrusion.
Device complexity in the Internet of Things is determined by processing power, storage capacity, and other available resources; as resources increase, so does complexity The IoT encompasses a broad range of connected devices with varying levels of complexity, from high‑complexity systems like servers and personal computers to lower‑complexity, specialized devices such as sensors, and to highly constrained components like RFID tags Figure 3.2 of [79] summarizes the classification of smart devices based on their complexity.
Figure 3.2 shows that low-complexity devices dominate numerically Although lower complexity yields a smaller per-entity attack surface because each device has fewer channels, methods, and data items to consider, the total number of attack vectors for tier 1 and tier 2 devices remains large The attack surface encompasses all entry points an attacker could exploit and all data-exfiltration paths Even with just one attack vector per tier 2 system, compared to 14 attack vectors for a tier 3 Linux system, tier 2 devices collectively exhibit about 42% more attack vectors than tier 3 systems Given their high resource constraints, low-complexity devices cannot support advanced security mechanisms, making them vulnerable to attacks that exploit weak defenses or scarce resources.
The vision of a “connected world” would require the cost of connectivity to be as low as possible Peter Middleton, research director at Gartner, Inc predicts
Vulnerable Features of the Internet of Things: connectivity is becoming a standard feature by 2020, with processors costing less than $1 [12] The low prices of computing devices would constrain resources available for system security, encryption methods, key size and distribution, and software updates [77, 79].
• Resource-Constraints, Heterogeneity, and Interoperability
Resource-constrained IoT devices represent a major security vulnerability, and achieving interoperability between these networks and broader Internet-scale systems remains challenging due to heterogeneity that complicates protocol design and operation The IoT relies on lossy, low-bandwidth channels to connect nodes with limited CPU, memory, and energy, which makes designing robust security protocols difficult In particular, small packet sizes—such as IEEE 802.15.4’s 127-byte physical-layer limit—can cause fragmentation of larger security messages, opening attack vectors like state-exhaustion on constrained nodes and bandwidth-exhaustion on 6LoWPAN Fragmentation also degrades overall system performance because of fragment losses and the need for retransmissions.
Constrained IoT devices suffer from limited processing power that prevents the use of resource-intensive cryptographic primitives, such as public-key cryptography that underpins most Internet security standards The lack of robust built-in defenses, combined with widespread and unsecured physical distribution of these devices, makes them easy targets for attacks like resource-exhaustion, firmware replacement, extraction of security parameters, and malicious substitution of devices Once attackers compromise these smart objects, they can exploit their built-in services to disrupt or take control of the IoT ecosystem.
Threat Taxonomy
Proposed Taxonomy
This work proposes a novel, exhaustive taxonomy of IoT-related threats to map the evolving landscape of cyber risk as computing grows with the Internet of Things Threats are classified by attacker motives and the harm they aim to inflict, yielding three broad categories: System Security Threats, Privacy Threats, and Reflective Trust and Reputation Threats (see Fig 3.3) Under each category, the taxonomy develops specialized threat spaces based on multiple factors, enabling more precise threat assessment, impact analysis, and mitigation strategies for IoT deployments.
System Security Threats
In the context of the IoT, the termsecurityencompasses a wide variety of concepts, essentially including the basic elements of confidentiality, authenticity, integrity,
Figure 3.4 outlines the objectives behind system security threats in the Internet of Things (IoT), including authorization, non-repudiation, and the availability of information and system resources, along with extended concepts such as duplicate detection and timeliness Any activity—whether intentional or unintentional—that violates these protections and, in turn, compromises individual devices or the network as a whole should be considered a system security threat to the IoT.
[43] defines cyber maneuvers as “the application of force to capture, disrupt, deny, degrade, destroy, or manipulate computing and information resources.” Inspired by [79], we classify system security threats into three categories based on the objec- tives of cyber maneuver The first category pertains tocapture attacks, designed to gain control over (physical or virtual) systems to gain positional advantage, or to gain access to information to have exploitative intelligence advantage [43] The second category is ofattacks intended to disrupt, degrade, deny, or destroy the service Such attacks confer competitive disadvantage on the victim Third category comprises manipulation attacks, intended to influence the decision cycles of the victims [43].
Such classification can aid assessing the threat implications in the IoT Figure3.4 depicts this classification.
To delineate clearer threat spaces, we extend our analysis by identifying which basic security provisions could be violated by threats arising from the three defined classes This approach, inspired by the methodology in [72], enables a targeted assessment of vulnerabilities by mapping potential attack vectors to the specific security controls they threaten, thereby guiding more effective mitigation strategies.
• Availability: Property assuring that data or services of the system are available at all times.
• Confidentiality: Property requiring all communications be intelligible by autho- rized principals only [46].
Integrity is the core principle of information security, ensuring that systems and information remain consistent, accurate, and trustworthy throughout their entire life cycle It requires that these resources are not accessed or modified by unauthorized entities and that data in transit is not changed, preserving data integrity and preventing tampering [53].
• Authenticity: Property assuring that the data, transactions, communications, or documents (electronic or physical) are genuine, and all the entities in the system are who they claim to be [17].
• Authorization: Property assuring that each entity in and related to the system are doing what they are authorized to do [92].
Accountability, non-repudiation, and traceability mean the ability to uniquely link actions to the entity that caused them This accountability enables non-repudiation, provides deterrence, supports fault isolation, strengthens intrusion detection and prevention, and facilitates after-action recovery and potential legal action [92, 221].
This threat category encompasses attacks that grant an adversary control over a physical or logical segment of the Internet of Things (IoT) infrastructure or access to information stored in the system The attacker gains a positional or intelligence advantage to control the affected segment, potentially expanding influence across a larger portion of the infrastructure or obtaining business-critical or control-critical information Capture attacks may not cause immediate damage, but they breach essential security requirements such as data confidentiality and authorized access Moreover, unauthorized control or access increases the likelihood of more severe threats, including disruption, degradation, denial of service, or destruction of operations IoT features that enable these threats include ubiquity, wide physical distribution, weak defenses of constrained devices, mobility, and interoperability.
Smart grid security faces significant privacy risks when a controller is compromised If an attacker gains access to a smart grid controller, they could monitor detailed power consumption across a locality or even at the household level, revealing sensitive patterns Exposing such private consumption data can open the door to misuse, enabling malicious actors to leverage household energy patterns for targeted attacks or fraud.
Direct threats to IoT systems are attacks designed to disrupt, degrade, deny service, or destroy the target, creating a competitive disadvantage for the defender Capturing a system gives attackers an opportunity to disrupt, but a capture threat does not automatically imply a disruption threat; assessing disruption requires evaluating attacker opportunity alongside target resiliency and assurance IoT characteristics that enable such threats include resource-constrained devices, insecure physical distribution, and mobility Extending the capture-threat scenario, a disruption threat could involve a compromised smart grid controller being used to alter its behavior to disrupt power distribution, degrade the power supply, or even shut down the entire system.
That final category of system security threats focuses on influencing the target’s decision cycles Attackers can employ several methods to affect the decision‑making capabilities of the target systems, potentially shaping outcomes by altering how information is processed and decisions are made.
The IoT decision cycle begins with data generation, and data manipulation before it enters the system can threaten overall operation Even when the internal IoT environment is secured, security concerns persist when controllers act on incorrect sensor information For example, a home central heating system relies on thermostats that measure local temperatures and periodically report them to a central controller that uses this data to regulate heating If sensor data is distorted, the controller may adjust the heating output inappropriately, potentially lowering or raising the temperature in unintended ways This scenario underscores how data integrity and trustworthy data sources are critical for reliable IoT decision-making and why safeguarding the data path is essential.
Moreover, IoT system decision cycles can be compromised by tampering with low-complexity components such as RFID tags and QR codes Attackers may manipulate the embedded data, either by maliciously substituting tags or by altering the information stored on them, which can undermine data integrity and drive incorrect system decisions.
In later decision cycles, more aggressive attacks could be launched to influence the system’s decision‑making by targeting the entry points, such as sensors, where attackers might substitute devices or corrupt data The risk also extends to the controllers of these entry‑point devices, which could themselves be compromised to steer their behavior and undermine the integrity of the system.
Data integrity is compromised when the data transmitted between two entities is tampered with due to unauthorized intervention, representing a final form of manipulation Attacks such as man-in-the-middle, replay, and spoofing threaten data integrity by intercepting, altering, or impersonating information as it moves across networks.
Mitigating security threats in the Internet of Things (IoT) is exceptionally difficult because the large and growing population of devices, their widespread physical distribution, and their mobility all raise the risk that attacks go undetected In addition, the IoT’s heterogeneity and interoperability, coupled with the need for extensive device-to-device intercommunication, widen the attack surface and elevate the likelihood of threats such as Man-in-the-Middle, Spoofing, and Replaying attacks.
3.2.3.4 System Security Threat Space Specialization
Figure3.5indicates the basic security provisions which might be violated by the realization a particular threat type.
Capture threats are majorly passive in nature Unlike the other two threat types,
Fig 3.5 highlights system threat specialization in terms of capture threats: these threats do not affect the target system’s functioning but confer a positional advantage to the attacker They primarily undermine confidentiality, authenticity, and authorization, and capture threats may also arise from accountability or non-repudiation issues.
Privacy Threats
Privacy remains a central concern in the IoT, where ubiquitous connectivity creates ongoing privacy challenges In 1890, Warren and Brandeis defined privacy as "the right to be let alone" [220], a time-tested concept that still holds value, yet the digital era has transformed its meaning The public–private boundary has shifted over the past few decades due to multiple factors, but no single factor has driven this transformation as much as the Internet and mobile‑communication devices As the Internet evolves into the Internet of Things, privacy must be broadened to cover not only personal privacy but also information privacy and physical privacy [98].
The growing popularity and utility of the IoT has fostered a Big Data explosion [3,
The vast data generated by the Internet of Things creates significant data-management challenges, demanding robust and scalable data-governance and analytics approaches Effective data-management methodologies are essential to prevent the IoT ecosystem from devolving into a dystopian scenario by mitigating privacy risks and data misuse Social networking platforms such as Facebook are already altering personal interactions and influencing employability, illustrating the real-world impact of online exposure If these exposure opportunities are amplified many times over, the consequences could be dire for individuals and society at large.
Understanding privacy-first principles begins with clearly distinguishing privacy from security Our focus on the outcomes of events can blur these concerns, making the line between privacy and security non-trivial For example, many people don’t view giving a credit card number to a third party as a threat, but if that third party misuses the data by stealing or fraudulently charging, the issue becomes both a privacy breach and a security risk, prompting calls for protection Although privacy and security are related, they must be identified and treated distinctly, since threats to one can trigger threats to the other An unauthorized disclosure of credit card details is a privacy breach, and security threats arise when the third party uses the information to steal, disrupt, or manipulate the user’s account.
3.2 Threat Taxonomy 33 user’s virtual/physical activities Similarly, an intrusion into an enterprise’s database server should be considered a security breach Privacy threats would arise only if the intruder gains access to sensitive data, like employee details or customer pro- files While privacy violation actions like social engineering [215], wherein through psychological manipulation people are made to divulge confidential information, there might not be any security threats involved, such compromise of user privacy may culminate in some security threats For example, theft of login credentials of a user through social engineering may lead to system capture, or even disruption and manipulation attacks.
Privacy entails both concealing personal information and controlling how that information is used A privacy threat is a potential event in which sensitive data is exposed to entities—people, organizations, or artificial intelligence—that are not authorized or required to possess it Such threats can manifest as sensitive data ending up in the wrong hands, or as an excess of data being held by an entity that is authorized to have it Importantly, privacy threats do not always affect the actual owner of the data.
Based on the motive of exploitation, all privacy threats are found to be comprising of the followingfundamental threat elements.
Action prediction threats arise when data collected by a privacy intruder is used to determine or forecast the data owner’s future actions For example, analyzing a household’s power usage patterns can reveal occupancy, allowing an attacker to estimate when residents are home or away at different times of the day These inferences show how seemingly ordinary data can expose sensitive routines, highlighting the privacy risks of smart home and utility data and the need for privacy-preserving analytics and data minimization.
Association threats occur when smart devices are linked to an individual For example, purchasing a product with an EPC tag creates an association between the customer's identity and the item's electronic serial number, yielding a significant privacy risk This linkage can be exploited in multiple ways, including covertly tracking the device owner.
• Preference Threats: Based on the identity of the devices owned/carried by an individual, predictions can be made about the taste/preferences and even financial status of the person.
Location privacy threats arise from location-based services, which offer numerous benefits to users as well as financial benefits to operators However, the possibility of unauthorized disclosure of location information is a major concern and poses a serious threat to user privacy, underscoring the need for robust privacy protections, data minimization, transparent data practices, and user control over geolocation data.
Digital shadowing threats arise from the implicit visibility of a person, business, enterprise, or object within IoT networks and other digital records A unique digital shadow is created by the smart devices connected to an entity, forming a fingerprint across devices and services Digital shadowing leverages the association between devices, accounts, and activities to infer the identity and capabilities of an unknown entity Consequently, adversaries can exploit this digital shadow to identify and track the subject without needing to know their real identity or sensitive details.
• Transaction Monitoring Threats: When tagged objects are moved from one entity to another, a transaction between the two individuals associated entities can be inferred.
Thesefundamental threatelements combine to form the following more complex, real lifecompound threats.
The Internet of Things (IoT) can be exploited by malicious actors to conduct unlawful surveillance, with interconnected devices potentially exposing far more information than intended As smart, Internet-connected modules proliferate, unauthorized parties could gain access to sensitive data from everyday objects, compromising privacy on a broad scale For example, attackers might spy on children through cameras embedded in toys, monitor people’s movements via sensors in smart shoes, and detect when household members enter or leave the home by infiltrating Internet-connected door locks and analyzing energy usage from smart meters (Figure 3.6).
Researchers have demonstrated that many of these security vulnerabilities can be exploited to carry out malicious activities on connected cars, medical devices, and smart-home systems [115, 89, 173] In a Federal Trade Commission complaint against TRENDnet Inc., a manufacturer of wireless cameras that stream motion-captured video to devices, investigators found that nearly 700 cameras were hacked and their feeds exposed online, resulting in unauthorized recordings of infants in cribs, young children at play, and adults in daily activities [181, 16].
Undesired/Unlawful Surveillance Threats can be realized through one or many of the following threats,association threats, location threats, digital shadowing threats, andtransaction monitoring threats.
Fig 3.6 Types of privacy threats
User profiling involves collecting, collating, and analyzing user data to identify, segregate, categorize, and make decisions about individuals It is a powerful tool for marketing and research and can even assist security and law enforcement Anonymized data from IoT devices can be used to build detailed profiles of device owners, and these profiles can be sold or used to deliver targeted advertisements based on behavioral, demographic, and psychographic attributes While such targeted ads can help sellers reach the ideal consumer and help buyers discover the right product, they can also intrude into personal privacy Dr John Barrett illustrates the tension with a Bluetooth-enabled pacemaker: when it detects an arrhythmia, it notifies the phone and can alert emergency services, but the same system could display drug advertisements on the patient’s device or trigger real-time insurance notices about premium increases.
User Profiling Threats can be realized through one or many of the following threats,action threats, association threats, location threats, preference threats, and transaction monitoring threats.
The rapid integration of IoT into daily life heightens the risk that security or privacy breaches in businesses or individuals could have catastrophic consequences Incidents where hackers penetrate a smart car’s operating system to misrepresent dashboard data—displaying incorrect speeds, altering fuel information, deploying airbags without a crash, or even turning the steering wheel while driving—demonstrate how vulnerabilities in connected devices can be exploited Similar cases show intruders remotely controlling smart appliances such as refrigerators, heaters, and door locks, underscoring the frightening potential of unauthorized access to smart cars, smart homes, and other IoT ecosystems These threats highlight the urgent need for robust IoT security and privacy protections across all connected devices.
Persistent Footprints describe the concept that as individuals accumulate smart devices, organizations build an item database linked to their identity within corporate information systems This association can persist long after the object is discarded, creating lasting traces that continue to identify and profile the person Consequently, even disposed devices may leave data remnants in enterprise records, influencing inventory management, device lifecycle decisions, and data retention policies The phenomenon raises privacy and security concerns, highlighting the need for clear data minimization, user consent, and robust controls to govern retention, access, and deletion of these enduring records.
Footprint threat refers to the potential misuse of discarded smart objects to conduct malicious acts, with the misused device carrying only the original owner's identity and creating a gap in accountability that complicates law enforcement efforts This weak traceability underscores the need for secure device decommissioning, proper lifecycle management, and forensic-ready disposal to ensure responsible ownership and enforce accountability.
3.2.5 Reflective Trust and Reputation Threats
Re fl ective Trust and Reputation Threats
Securing the Internet of Things
Security and privacy are the primary constraints shaping the adoption of IoT, with Figure 4.1 from [179] capturing security professionals’ views on IoT security As noted by [213], security and privacy were not part of the original Internet design, and their importance has been viewed as declining over time, yet the evolution into IoT has brought numerous security and privacy issues that are often addressed with patches Consequently, security and privacy are frequently treated as augmented features rather than core requirements The vulnerabilities of IoT, discussed in Section 3.1, necessitate integrating security and privacy into the very design of the IoT Beyond a technological model for security and privacy, creating a truly secure IoT ecosystem also requires reconsideration of governance, economics, and social ethics The book identifies four broad domains of action deemed vital for building an effective, secure, reliable, robust, and safe IoT ecosystem.
• Making the IoT more secure and private