A Systematic Literature Review on the Security Challenges of Internet of Things and their Classification

Khadija Fazal


Internet of things (IoT) is an emerging technology. IoT aims at interconnecting devices and people to the internet, but in meanwhile there are some security and privacy threats as security is always critical to software products. The paper focuses on conducting a systematic literature review (SLR) to find out the security challenges in three different aspects of IoT i.e. Devices/Hardware, Networks and Cloud/Server-side, available solutions to address such challenges, limitations to those solutions, existing solutions to address such limitations and the results are then categorized to efficiently and effectively use the existing solutions as well as to pave way for future researches to propose new solutions.

Full Text:



Gan, G., Lu, Z., & Jiang, J. (2011, August). Internet of things security analysis. In Internet Technology and Applications (iTAP), 2011 International Conference on (pp. 1-4). IEEE.

Madakam, S., Ramaswamy, R., & Tripathi, S. (2015). Internet of Things (IoT): A literature review. Journal of Computer and Communications, 3(05), 164.

Mattern, F., & Floerkemeier, C. (2010). From the Internet of Computers to the Internet of Things. In From active data management to event-based systems and more (pp. 242-259). Springer Berlin Heidelberg.

Farooq, M. U., Waseem, M., Khairi, A., & Mazhar, S. (2015). A critical analysis on the security concerns of internet of things (IoT). International Journal of Computer Applications, 111(7).

Farooq, M. U., Waseem, M., Khairi, A., & Mazhar, S. (2015). A critical analysis on the security concerns of internet of things (IoT). International Journal of Computer Applications, 111(7).

Surie, D., Laguionie, O., & Pederson, T. (2008, December). Wireless sensor networking of everyday objects in a smart home environment. In Intelligent Sensors, Sensor Networks and Information Processing, 2008. ISSNIP 2008. International Conference on (pp. 189-194). IEEE.

Sundmaeker, H., Guillemin, P., Friess, P., & Woelfflé, S. (2010). Vision and challenges for realising the Internet of Things. Cluster of European Research Projects on the Internet of Things, European Commision.

Atzori, L., Iera, A., & Morabito, G. (2010). The internet of things: A survey. Computer networks, 54(15), 2787-2805.

Kelly, S. D. T., Suryadevara, N. K., & Mukhopadhyay, S. C. (2013). Towards the implementation of IoT for environmental condition monitoring in homes. IEEE Sensors Journal, 13(10), 3846-3853.

Eisenhauer, M., Rosengren, P., & Antolin, P. (2009, June). A development platform for integrating wireless devices and sensors into ambient intelligence systems. In 2009 6th IEEE Annual Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks Workshops.

Weber, R. H. (2010). Internet of Things–New security and privacy challenges. Computer Law & Security Review, 26(1), 23-30.

Feng, H., & Fu, W. (2010, October). Study of recent development about privacy and security of the internet of things. In Web Information Systems and Mining (WISM), 2010 International Conference on (Vol. 2, pp. 91-95). IEEE.

Wang, K., Bao, J., Wu, M., & Lu, W. (2010, October). Research on security management for Internet of things. In 2010 International Conference on Computer Application and System Modeling (ICCASM 2010).

Oleshchuk, V. (2009). Internet of things and privacy preserving technologies. In 2009 1st International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace&Electronic Systems Technology.

Suo, H., Wan, J., Zou, C., & Liu, J. (2012, March). Security in the internet of things: a review. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 3, pp. 648-651). IEEE.

Zhang, Y. (2011, September). Technology Framework of the Internet of Things and its Application. In 2011 International Conference on Electrical and Control Engineering.

Gan, G., Lu, Z., & Jiang, J. (2011, August). Internet of things security analysis. In Internet Technology and Applications (iTAP), 2011 International Conference on (pp. 1-4). IEEE.

Yang, X., Li, Z., Geng, Z., & Zhang, H. (2012). A multi-layer security model for internet of things. In Internet of Things (pp. 388-393). Springer Berlin Heidelberg.

Khan, R., Khan, S. U., Zaheer, R., & Khan, S. (2012, December). Future internet: the internet of things architecture, possible applications and key challenges. In Frontiers of Information Technology (FIT), 2012 10th International Conference on (pp. 257-260). IEEE.


Gebotys, C. H., Tiu, C. C., & Chen, X. (2005, April). A countermeasure for EM attack of a wireless PDA. In International Conference on Information Technology: Coding and Computing (ITCC'05)-Volume II (Vol. 1, pp. 544-549). IEEE.

Tiri, K., & Verbauwhede, I. (2005, March). Design method for constant power consumption of differential logic circuits. In Design, Automation and Test in Europe (pp. 628-633). IEEE.

Kerins, T., Popovici, E. M., & Marnane, W. P. (2005). An FPGA implementation of a flexible secure elliptic curve cryptography processor. Applied Reconfigurable Computing-ARC, 22-30.

Murphy, G., Keeshan, A., Agarwal, R., & Popovici, E. (2006, June). Hardware-software implementation of public-key cryptography for wireless sensor networks. In Irish Signals and Systems Conference, 2006. IET (pp. 463-468). IET..

Heer, T., Garcia-Morchon, O., Hummen, R., Keoh, S. L., Kumar, S. S., & Wehrle, K. (2011). Security Challenges in the IP-based Internet of Things. Wireless Personal Communications, 61(3), 527-542.

Gubbi, J., Buyya, R., Marusic, S., & Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems, 29(7), 1645-1660.

House, W. (2014). Big data: Seizing opportunities, preserving values. Washington, DC: Exceutive Office of the President..

Paul, S., Pan, J., & Jain, R. (2011). Architectures for the future networks and the next generation Internet: A survey. Computer Communications, 34(1), 2-42.

Junaid, M., Akbar, M., & Mufti, M. (2008, December). Per Packet Authentication for IEEE 802.11 wireless LAN. In Multitopic Conference, 2008. INMIC 2008. IEEE International (pp. 207-212). IEEE.

Uckelmann, D., Harrison, M., & Michahelles, F. (2011). An architectural approach towards the future internet of things. In Architecting the internet of things (pp. 1-24). Springer Berlin Heidelberg.

Santucci, G. (2009, September). Internet of the future and internet of things: what is at stake and how are we getting prepared for them. In eMatch conference, Oslo.

Bernat Vercher, J., Perez Marin, S., Gonzalez Lucas, A., Sorribas Mollon, R., Villarrubia Grande, L., Campoy Cervera, L. M., & Hernández Gómez, L. A. (2008). Ubiquitous Sensor Networks in IMS: An Ambient Intelligence Telco Platform..

Korzun, D. G., Balandin, S. I., & Gurtov, A. V. (2013). Deployment of Smart Spaces in Internet of Things: Overview of the design challenges. In Internet of Things, Smart Spaces, and Next Generation Networking (pp. 48-59). Springer Berlin Heidelberg.

Cardone, G., Corradi, A., & Foschini, L. (2011). Cross-network opportunistic collection of urgent data in wireless sensor networks. The Computer Journal, bxr043.

Lin, H., Wang, L., & Kong, R. (2015). Energy Efficient Clustering Protocol for Large-Scale Sensor Networks. IEEE Sensors Journal, 15(12), 7150-7160.

Ye, W., Heidemann, J., & Estrin, D. (2004). Medium access control with coordinated adaptive sleeping for wireless sensor networks. IEEE/ACM Transactions on networking, 12(3), 493-506.

Li, F., & Xiong, P. (2013). Practical secure communication for integrating wireless sensor networks into the internet of things. IEEE Sensors Journal, 13(10), 3677-3684.

Bluetooth, S. I. G. (2010). The bluetooth core specification, v4. 0. Bluetooth SIG: San Jose, CA, USA.

Schulcz, R., & Varga, G. (2011). Radio frequency identification. Advanced Communication Protocol Technologies: Solutions, Methods, and Applications, 502-526.

Herberg, U., & Clausen, T. (2011). Study of multipoint-to-point and broadcast traffic performance in the “IPv6 Routing Protocol for Low Power and Lossy Networks”. Journal of Ambient Intelligence and Humanized Computing, 2(4), 293-305.

Specification, Z. v1. 0: ZigBee Specification (2005). San Ramon, CA, USA: ZigBee Alliance.

Cardone, G., Corradi, A., & Foschini, L. (2011). Cross-network opportunistic collection of urgent data in wireless sensor networks. The Computer Journal, bxr043.

Gnawali, O., Fonseca, R., Jamieson, K., Moss, D., & Levis, P. (2009, November). Collection tree protocol. In Proceedings of the 7th ACM conference on embedded networked sensor systems (pp. 1-14). ACM.

Jun, Z., Simplot-Ryl, D., Bisdikian, C., & Mouftah, H. T. (2011). The internet of things. IEEE Commun. Mag, 49(11), 30-31.

Yarvis, M., Kushalnagar, N., Singh, H., Rangarajan, A., Liu, Y., & Singh, S. (2005, March). Exploiting heterogeneity in sensor networks. In Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies. (Vol. 2, pp. 878-890). IEEE.

Fremantle, P., & Scott, P. (2015). A security survey of middleware for the Internet of Things. PeerJ PrePrints, 3, e1521.

Vieira, M. A. M., Coelho, C. N., da Silva, D. C., & da Mata, J. M. (2003, September). Survey on wireless sensor network devices. In Emerging Technologies and Factory Automation, 2003. Proceedings. ETFA'03. IEEE Conference (Vol. 1, pp. 537-544). IEEE.

Chakravorty, R., Cartwright, J., & Pratt, I. (2002, November). Practical experience with TCP over GPRS. In Global Telecommunications Conference, 2002. GLOBECOM'02. IEEE (Vol. 2, pp. 1678-1682). IEEE.

Miorandi, D., Sicari, S., De Pellegrini, F., & Chlamtac, I. (2012). Internet of things: Vision, applications and research challenges. Ad Hoc Networks, 10(7), 1497-1516.

Wainer, J., Campos, C. J. R., Salinas, M. D. U., & Sigulem, D. (2008). Security requirements for a lifelong electronic health record system: An opinion. The open medical informatics journal, 2, 160.

Dehling, T., & Sunyaev, A. (2014, January). Information Security and Privacy of Patient-Centered Health IT Services: What Needs to Be Done?. In 2014 47th Hawaii International Conference on System Sciences (pp. 2984-2993). IEEE.

Kitchenham, B., Brereton, O. P., Budgen, D., Turner, M., Bailey, J., & Linkman, S. (2009). Systematic literature reviews in software engineering–a systematic literature review. Information and software technology, 51(1), 7-15.

de Almeida Biolchini, J. C., Mian, P. G., Natali, A. C. C., Conte, T. U., & Travassos, G. H. (2007). Scientific research ontology to support systematic review in software engineering. Advanced Engineering Informatics, 21(2), 133-151.

Bogale, H. Y., & Ahmed, Z. (2011). A Framework for Security Requirements: Security Requirements Categorization and Misuse Cases.

Hannay, J. E., Sjoberg, D. I., & Dyba, T. (2007). A systematic review of theory use in software engineering experiments. IEEE transactions on Software Engineering, 33(2), 87-107.

Glaser, B. G., & Strauss, A. L. (2009). The discovery of grounded theory: Strategies for qualitative research. Transaction publishers.

Creswell, J. W. (2013). Qualitative inquiry and research design: Choosing among five approaches. Sage.

Carver, J. (2007). The use of grounded theory in empirical software engineering. In Empirical Software Engineering Issues. Critical Assessment and Future Directions (pp. 42-42). Springer Berlin Heidelberg.

Corbin, J., & Strauss, A. (2014). Basics of qualitative research: Techniques and procedures for developing grounded theory. Sage publications.

Charmaz, K. (2006). Constructing grounded theory: A practical guide through qualitative analysis (Introducing Qualitative Methods Series).

Bamasag, O. O., & Youcef-Toumi, K. (2015, October). Towards Continuous Authentication in Internet of Things Based on Secret Sharing Scheme. In Proceedings of the WESS'15: Workshop on Embedded Systems Security (p. 1). ACM.

Greensmith, J. (2015, July). Securing the Internet of Things with Responsive Artificial Immune Systems. In Proceedings of the 2015 Annual Conference on Genetic and Evolutionary Computation (pp. 113-120). ACM.

Horrow, S., & Sardana, A. (2012, August). Identity management framework for cloud based internet of things. In Proceedings of the First International Conference on Security of Internet of Things (pp. 200-203). ACM.

Hwang, Y. H. (2015, April). Iot security & privacy: threats and challenges. In Proceedings of the 1st ACM Workshop on IoT Privacy, Trust, and Security (pp. 1-1). ACM.

Kanuparthi, A., Karri, R., & Addepalli, S. (2013, November). Hardware and embedded security in the context of internet of things. In Proceedings of the 2013 ACM workshop on Security, privacy & dependability for cyber vehicles (pp. 61-64). ACM..

Young Kim, J. Secure and Efficient Management Architecture for the Internet of Things.

Yang, K., Forte, D., & Tehranipoor, M. M. (2015, November). Protecting Endpoint Devices in IoT Supply Chain. In Proceedings of the IEEE/ACM International Conference on Computer-Aided Design (pp. 351-356). IEEE Press.

Christin, D., Reinhardt, A., Mogre, P. S., & Steinmetz, R. (2009). Wireless sensor networks and the internet of things: selected challenges. Proceedings of the 8th GI/ITG KuVS Fachgespräch Drahtlose Sensornetze, 31-34.

Ziegeldorf, J. H., Morchon, O. G., & Wehrle, K. (2014). Privacy in the Internet of Things: threats and challenges. Security and Communication Networks, 7(12), 2728-2742..

Jing, Q., Vasilakos, A. V., Wan, J., Lu, J., & Qiu, D. (2014). Security of the internet of things: Perspectives and challenges. Wireless Networks, 20(8), 2481-2501.

Van Kranenburg, R., & Bassi, A. (2012). IoT challenges. Communications in Mobile Computing, 1(1), 1.

Whitmore, A., Agarwal, A., & Da Xu, L. (2015). The Internet of Things—A survey of topics and trends. Information Systems Frontiers, 17(2), 261-274.

Polk, T., & Turner, S. (2011, February). Security challenges for the internet of things. In Workshop on Interconnecting Smart Objects with the Internet, Prague.

Keoh, S. L., Kumar, S. S., & Tschofenig, H. (2014). Securing the internet of things: A standardization perspective. IEEE Internet of Things Journal, 1(3), 265-275.

Sicari, S., Rizzardi, A., Grieco, L. A., & Coen-Porisini, A. (2015). Security, privacy and trust in Internet of Things: The road ahead. Computer Networks, 76, 146-164.

de Leusse, P., Periorellis, P., Dimitrakos, T., & Nair, S. K. (2009, June). Self Managed Security Cell, a security model for the Internet of Things and Services. In Advances in Future Internet, 2009 First International Conference on (pp. 47-52). IEEE.

Hancke, G. P., Markantonakis, K., & Mayes, K. E. (2010). Security Challenges for User-Oriented RFID Applications within the" Internet of Things". 網際網路技術學刊, 11(3), 307-313.

Chaqfeh, M. A., & Mohamed, N. (2012, May). Challenges in middleware solutions for the internet of things. In Collaboration Technologies and Systems (CTS), 2012 International Conference on (pp. 21-26). IEEE.

Coetzee, L., & Eksteen, J. (2011, May). The Internet of Things-promise for the future? An introduction. In IST-Africa Conference Proceedings, 2011 (pp. 1-9). IEEE.

Vermesan, O., & Friess, P. (Eds.). (2015). Building the hyperconnected society: Internet of things research and innovation value chains, ecosystems and markets (Vol. 43). River Publishers.

Zorzi, M., Gluhak, A., Lange, S., & Bassi, A. (2010). From today's intranet of things to a future internet of things: a wireless-and mobility-related view. IEEE Wireless Communications, 17(6), 44-51.

Sundmaeker, H., Guillemin, P., Friess, P., & Woelfflé, S. (2010). Vision and challenges for realising the Internet of Things. Cluster of European Research Projects on the Internet of Things, European Commision.

Gusmeroli, S., Piccione, S., & Rotondi, D. (2012, September). IoT@ Work automation middleware system design and architecture. In Proceedings of 2012 IEEE 17th International Conference on Emerging Technologies & Factory Automation (ETFA 2012) (pp. 1-8). IEEE.

Chen, S., Xu, H., Liu, D., Hu, B., & Wang, H. (2014). A vision of IoT: Applications, challenges, and opportunities with china perspective. IEEE Internet of Things journal, 1(4), 349-359.

Mell, P., & Grance, T. (2011). The NIST definition of cloud computing.

Atzori, L., Iera, A., & Morabito, G. (2010). The internet of things: A survey. Computer networks, 54(15), 2787-2805..

Ma, J., Wen, J., Huang, R., & Huang, B. (2011). Cyber-individual meets brain informatics. IEEE Intelligent Systems, 26(5), 30-37.

Malakooti, M. V., & Mansourzadeh, N. (2015). A Two Level-Security Model for Cloud Computing based on the Biometric Features and Multi-Level Encryption. In Islamic Azad University, The Proceedings of the International Conference on Digital Information Processing, Data Mining, and Wireless Communications, Dubai, UAE.

Bassi, A., Clarke, J., Charles de Couessin, F., Ioannidis, S., Kosta, E., McCarthy, P., ... & Rotter, P. (2010). Flying 2.0 Enabling automated air travel by identifying and addressing the challenges of IoT & RFID technology.

Wu, G., Talwar, S., Johnsson, K., Himayat, N., & Johnson, K. D. (2011). M2M: From mobile to embedded internet. IEEE Communications Magazine, 49(4), 36-43.

Moses, L. B. (2007). Recurring dilemmas: The law's race to keep up with technological change. U. Ill. JL Tech. & Pol'y, 239.

Council, the N. I., Nic, N., & Intelligence, S. C. B. (2008). Disruptive Civil Technologies Six Technologies With Potential Impacts on US Interests Out to 2025.

Jensen, M., Schwenk, J., Gruschka, N., & Iacono, L. L. (2009, September). On technical security issues in cloud computing. In 2009 IEEE International Conference on Cloud Computing (pp. 109-116).

Ning, H., & Liu, H. (2012). Cyber-physical-social based security architecture for future internet of things. Advances in Internet of Things, 2(01), 1.


  • There are currently no refbacks.