2018 International Conference on Advanced Science and Engineering (ICOASE), Kurdistan Region, Iraq

Internet of Things Security: A Survey

Riyadh Qashi
Mohammed A.M.Sadeeq Subhi R. M. Zeebaree
Leipzig University
Quality assurance Technical Informatics College
Leipzig, Germany
Duhok Polytechnic University Duhok Polytechnic University
riyadh.qashi@htwk-leipzig.de
Duhok, Iraq Duhok, Iraq
mohammed.abdulrazaq@dpu.edu.krd subhizebari.akre@gmail.com

Sarkar Hasan Ahmed Karwan Jacksi

Sulaimany Polytechnic University Computer Science Dept.
University of Human Development Univesrity of Zakho
Sulaimni, Iraq Zakho, Iraq
sarkar.ahmed@spu.edu.iq Karwan.Jacksi@uoz.edu.krd

Abstract— Internet of Things (IoT) is a huge number of objects (RFID), sensors, and etc. In addition, each IoT devices has a
which communicate over a network or the Internet. These objects unique identifier that allows these devices to communicate with
are a combination of electronics, sensors, and a software to control each other over the Internet automatically, they can make
the way of working other parts of the object. Each object generates decisions without the human assistant[3].
and collects data from its environment using sensors and transfers
them to other objects or a central database through a channel. IoT Technology can be seen in many different applications
Keeping this generated data and its transformation is one of the and it makes networking smarter and more sophisticated. With
biggest challenges in IoT today and it is one of the biggest concerns the growth of the number of IoT devices and applications, a
of all organizations that they use the IoT technology. In this paper, variety of security approaches should be used to make them
the most crucial researches related to security in the IoT field have more robust and resistant against different attacks. On the other
been reviewed and discussed while taking account of the great hand, because of the limitation of the resources within the IoT
power of the Quantum Computers. Significant attributes of these devices such as processing power, energy limitation, and
studies are compared. IoT security ranges from the software layer memory limitations, it is challenging to implement an
security, board and chip, vulnerable cryptography algorithm, encryption algorithm in the IoT system. The challenging part is
protocol and network security, social engineering, malware like implementing a light and quick cryptography algorithm with the
(viruses, ransomware, trojan horses). Due to a variety of IoT provision of the highest level of security. Furthermore, the
devices and the rapid emergence of new devices, it is difficult to
optimization on the algorithms should not degrade the
measure the security of IoT systems and identify risks and
robustness of the system like previous versions of algorithms on
vulnerabilities.
a computer with more resource[4, 5]. The IoT dominated the
Keywords— Internet of Things, IoT attacks, Cyber privacy, data world of technology more than only data exchange, it also plays
security, security safeguards. an important role in the physical world. In a near future, there
will not be any place for marketing devices that are not
connected to the Internet. Also, it is predicted that IoT devices
I. INTRODUCTION will dominate several trillions of world’s economies by 2020.
The fast growth of various electronic devices connected to However, the IoT security issues are remaining unsolved. As the
the Internet is way a good enough proof of the Internet of Things father of security, Bruce Schneider from Harvard University and
technology. Thermostats and HCAC (Heating, Ventilation, and chief technology officer of IBM Resilient, said that, IoT device
Air Conditioning) that controls and monitors the heating/cooling manufacturers are continuing with producing cheap devices
systems of smart houses are instances of such technology. IoT without thinking about enhancing their security. The attacks of
has major roles in human life that can solve and facilitate many the Ukraine power grid, where the IoT technology has been used
other situations of humanity, and it helps us to live a better life. to control lightings, clearly tell us that it could make human
These applications embrace smart car, to nature ruins that may being life darker by malicious users. Even from the researchers’
cause by nature itself or man-made[1]. IERC defines IoT as a perspectives, they only tried to show the vulnerabilities of IoT
dynamic worldwide network infrastructure that able to configure security without taking care of the great power of quantum
themselves automatically depending on ordinary computing that should be taken as a consideration[5].
communication protocols whereas virtual and real objects are In this era, many types of researches have been done on the
identified, physical peroperties, and virtual features, use smart security of embedded systems, such as Wireless Sensor
interfaces and are seamlessly integrated into the information Networks (WSNs), since it is widely used in the quickly growing
network[2]. IoT systems. Using asymmetric cryptography is essential to
IoT combines different technologies, for instance, secure data communication, but it is difficult to apply it on IoT
smartphones, home appliances, Radio Frequency IDentification systems since it requires too many resources. Using complex

978-1-5386-6696-8/18/$31.00 ©2018 IEEE 162

 2018 International Conference on Advanced Science and Engineering (ICOASE), Kurdistan Region, Iraq

encryption algorithms in IoT systems lead to overheating the microcontrollers that are AVR-based and MSP430. The speed
hardware, slow processing, time consuming, and extreme power of the execution of the algorithm can be aligned by changing the
consumption, therefore, these algorithms are not suitable for values of (meticulous optimization) and (hybrid selection of
such systems. A state-of-the-art specification of the WSNs is an curve models) and its group arithmetic. Their proposed system
8-bit or 16-bit microcontroller with the frequency of up to 10 can accept both Montgomery and twisted Edwards curves on
MHz, few kilobytes of RAM, and a 256-kilobytes of secondary two different versions that are high-speed and memory-efficient,
memory to hold the executable program. Besides, the processing that can be chosen based on energy consumption or memory
power limitations in IoT systems and the constraint of energy consumption. However, their work is inspired by an early
are other challenging points that should be considered during research on AsiaCCS 2015[9], but they added some
cryptography algorithms’ implementation. Usually, WSNs run contributions in their work. The following are their summarized
on two AA sized batteries for months or years without contributions:
recharging or replacement[6].
• an efficient MoTE curves algorithm in the microcontroller
In recent years, working practically on a quantum computer for IoT purposes is used. This idea comes from the new
is one of the ten innovation technologies. The well-known cohort of ECC standards curves, Curve P159, P191, P223
companies like Google, IBM, Intel, Microsoft, and NTT invest and P255 are selected as a lightweight EC, for different
to produce the first general-purpose quantum computer that has levels of security in IoT applications. This algorithm got
the highest specification of 72 qubits, and specialized processor benefits from emerging Montgomery and twisted Edwards
with the specification of 2048 qubits[7]. Simultaneously, too curves. Then two versions of this algorithm are generated
much effort has been put to create a language for programming
to tune the required performance and security using
quantum computers and some of the projects currently exist for
instance (OpenQASM by IBM), (Q# by Microsoft)[8], software (compact curve parameters).
development kits (SDKs) like (QISKit by IBM), quantum • The proposed algorithm solved the biggest problem in IoT
computing simulator like (QuTip and Open Fermion), cloud- systems that is resource limitation. Two different types of
based quantum computing services like (IBM Q Experience) this algorithm are implemented: high-speed program and
that allows programmers to run their code over the Internet using memory efficient program. The first one requires more
quantum processor for scientific experiments and educational program code and more resources for the execution, while
purpose. However, there are many unsolved problems in the second one is slower and requires fewer resources. Both
quantum computers, but it can be assumed as a revolutionary era algorithms are real-time and can defense against SPA and
of processing power. It also burst many vulnerabilities in Timings attacks. The ECC algorithm is re-developed and
cybersecurity and more precisely for IoT systems with all its optimized on MICAz and Tmote Sky nodes. It accepts the
resource limitation[7]. verification of ECDSA and ephemeral ECDH.
The idea of decentralized data processing and storage is a • Finding a better approach to measure energy consumption
new subject for researchers. Blockchain plays a great role in this in IoT System. There are a few research on the assessment
way. Internet of Things can take advantages of the benefits of of energy consumption for cryptographic algorithms. But
blockchain to provide a better security in general and data in their work, they developed a new approach for energy
integrity in specific. Usually, connecting this blockchain to IoT consumption evaluation for encryption processing cost
systems require implementing of smart contracts, edge depending on performance, communication cost between
blockchain nodes and the IoT System configurations[8]. objects in the IoT environment. That could be useful for
further researches and readers of this paper.
The objectives and motivations of this prepare are
introducing the IoT, showing its importance in this era, doing a
survey on IoT security, reviewing the latest important researches Zhou, R., et al, [10], they produced an industrial system in a
related to IoT Security. form of a file-centric framework, and it dramatically reduces the
cost of data encryption by avoiding pairing computations. The
The rest of this work is organized as the following. IOT and summarization of their contributions is shown below:
IOT security is revised in section two. In section three all
mentioned and reviewed researches are compared and • A new technique is proposed for attacking Cui’s Multi-key
discussed. Finally, in section four the conclusion of this work is aggregate searchable encryption. In this attack, the
presented. malicious user can find an authorized users’ passkey from
the unauthorized internal user’s passkey.
II. IOT AND IOT SECURITY SURVEY
To reduce the disadvantages of Cui’s Scheme, a new
In the last few years, many researchers addressed the formalized definition is introduced for file-centric aggregate
security problems and their solutions in IoT systems. In this keyword searchable encryption (Fc-MKA-KSE) that is possible
section of this paper, the crucial points of some of the newest to be implemented in IoT System for data sharing purpose and
researches will be addressed. authenticated searching for data. They generated two different
Liu, Z., et al, [6], in their research implemented a light security algorithms for Fc-MKA-KSE system, the first one can
version of the elliptic curves suitable algorithm that is continent record the key cyphertext i.e. the indistinguishability against
for IoT systems, they could maintain the high performance with selective file chosen keyword attack (IND-sF-CKA), and the
robustness in the algorithm and tested on two different

163
 2018 International Conference on Advanced Science and Engineering (ICOASE), Kurdistan Region, Iraq

other records the trapdoor privacy, i.e. the indistinguishability

against selective-file keyword guessing attack (IND-sFKGA).
• A keyword was created in IoT Systems for searchable
encryption scheme in the file-centric framework. After
that, the proposed algorithm assesses the performance.
Based on the assessment, the system will decide
whether it can compute the ciphertext and trapdoor on
the sensor or not.

Fig. 1. shows the smart IoT applications.

El-Latif, A.A.A., et al, [7], represented a framework for

quantum steganography with considering the complexity of a
quantum computer, XOR Operations, gray code, hashing to
protect data in fog cloud IoT Technology. It is because the
security of confidential data requires more attention in the
current data communication, especially in both technologies
cloud and IoT technologies. As a result, choosing security
schemes to be applied in such systems needs more attention and
care. Quantum networking and/or quantum states are not used in
this proposed protocol, it is only to convey confidential data or
to the verification purpose. To make sure that the proposed
protocol is secure, hash functions are applied. Finally, after
Fig. 2. Shows the design of the framework applying the most well-known attacks on the proposed quantum
steganography algorithm, results declared that the performance
Cheng, C., et al, [11], they tried to concentrate on the state- and the security of it are robust.
of-the-art of the latest improvement in the field of quantum
cryptography for protecting the IoT System. The great Elhoseny, M., et al, [12], represented the combination of
improvement that happened in the resent years in the quantum cloud computing and IoT model in ehealth area can create many
computing cause to alert of needs to generate an approach for opportunities to medical IT, specialists who think that will help
protecting communications between IoT Devices. They healthcare sector improvement and this will help in new
described the influence of the quantum computer power on inventions related to big data, for example, industry 4.0
cybersecurity and especially on cryptography algorithms that are programs. In their work, a new paradigm is explained for
currently common to use, then they proposed suggestions for optimizing virtual machines in IoT-cloud health care systems to
having better cryptography algorithms that can resist against competently handle a huge data in this application. Big data is
both quantum and classical computer power. Finally, they processed and analyzed using the Industry 4.0 program, this
proposed and implemented a quantum-resistant algorithm for huge amount of data is generated from a variety of sources, for
IoT Devices with their resource limitations. In conclusion, instance, sensors, without human interaction.
however, they implemented a quantum-resistant cryptographic The proposed paradigm decreased the execution time for
scheme for IoT devices, but more challenges on the way of IoT stakeholders, reduced and reorganized the patients’ bigdata
Technology to start working with the quantum power. storage, and a mechanism for real-time data retrieval for the sake
Xu, R., et al, [5], started by introducing the data security and of performance enhancement in the healthcare field. They
the influence of the quantum processor. Then they recommend divided their proposed IoT-cloud architecture into four major
implementing a lattice-based algorithm for IoT Systems and elements, that are: the devices of the stakeholders, the tasks of
resist against quantum power. Then, they went deeper and the stakeholders, cloud broker and the administrator of the
represented a comprehensive analysis of the state-of-the-art network. Three optimizers have been used for implementing the
implementations of the lattice-based algorithm on resource virtual machines of the proposed paradigm which are (Particle
limited devices like IoT Devices, following a high-level of swarm optimizer (PSO), Genetic Algorithm (GA), and Parallel
analysis of the lattice-based algorithm. In conclusion, opinions Particle swarm optimization (PPSO). A fitness function is
are shared based on current contests and future findings proposed to compute the stakeholders’ request execution time,
regarding the uses of the mentioned algorithm in IoT Systems. and it is based on three criteria that are CPU utilization, turn-
The following diagram shows the different applications of IoT. around time and waiting time. In conclusion, the result of this

164
 2018 International Conference on Advanced Science and Engineering (ICOASE), Kurdistan Region, Iraq

this work is saving time, saving cost, shorter time for application existing models. Finally, the results confirmed that the proposed
development. model is more efficient than the existing models.
Yi, H., et al, [13], in this work an effectual scheme is
proposed depending on side channel analysis of Unbalanced Oil III. COMPARISON AND DISCUSSION
and Vinegar (UOV) with a security level of more than 80 bits. From the previous section, it can be concluded that
The Xilinx ISE software is used with Verilog-HDL code on researchers have worked in different fields using various tools
Sakura-G FPGA board for UOV signature implementation, and algorithms. Researchers illustrated significant points related
hence, 350 MHz Keysight’s oscilloscope (DSOX3034T) is used to the valuation of their proposed approaches.
as the power collection. They attacked the model using side
channel attacks that implemented on a cloud-based IoT system, Table I represents a comparison among the researches explained
as the result, all the UOV secret keys have been recovered in section II. The comparison includes four main features that
successfully. satisfy their trends in order to verify the aims drawn through
their approaches in IoT security field. From the table, it is clear
Qiu, L., et al, [14], they concentrated on access control of that references [5, 6, 12, 17]depended directly on security
confidential information in healthcare based on uses of quantum algorithms without using specific tools. While reference [14]
signature. And their proposed scheme is more representative used tools without the need for famous algorithms. In another
then previous schemes of the same area. The security of the hand, the rest six references used both tools and security
proposed model is absolute also can be simply by using current algorithms to illustrate their works.
resource and technologies. It is observed that designing and
creating a quantum protocol is much simpler than producing a Zhou, R., et al, [10], approach highlighted an Fc-MKA-KSE
quantum computer. Nowadays, devices for quantum key system for IIoT data sharing and authorized data searching by
distribution are sold by profitable companies and they should applying Keygen algorithm that used IND-sF-CKA and IND-
develop models of technologies that are the same as the sF-KGA tools in Industrial field.
technologies required for quantum key distribution. Finally, they Cheng, C., et al, [11], provided a Cryptosystem algorithm
suggest concentrating on the applications of the new model on that utilizes quantum resistant for securing communication in
confidential data communication and take it to a new step in this the IoT depending on Public and private key in the commercial
field. field.
Yi, H., et al, [15], they worked on a security level greater El-Latif, A.A.A., et al, [7], depended on XOR gray code with
than 80 bits of the rainbow, and MQ cryptographic schemes by hash function tools that been built based on Fog cloud IoT
doing the physical analysis. They performed the attack by using model. They proposed a new approach for IoT security in the
the combination of differential and fault analysis. Xilinx ISE industrial field and produced a new framework for secure
software and Verilog-HDL code are used to implement the quantum steganography in fog cloud IoT.
rainbow signature schemes on SAKURA-G FPGA. 350 MHz
Keysights oscilloscope (DSOX3034T) used as an accumulated Yi, H., et al, [13], addressed an efficient algorithm based on
power. The result of this work shows the significant of securing side channel analysis of (UOV) using on Sakura-G, FPGA
multivariate signature on medical systems as secret keys of the board, Xilinx ISE software tools.
rainbow signature could be hacked successfully. Yi, H., et al, [15], based on Sakura-G, FPGA board and
Yan, Y., et al, [16], discussed the research literature of Xilinx ISE software tools for a security of MQ cryptographic
signature summarized and cloud storage, they also done some system. This system has been modeled using ECC and RSA
enhancement in these models. This new model, the lattice-based algorithms. The validity related to presenting a physical analysis
signature is used for the cloud storage application that can resist of Rainbow with a security level equal to and greater than 80
better against attacks from quantum computers, and its bits. Yan, Y., et al, [16], used an oracle tool to produce a new
algorithm is enhanced to be even stronger. Then, a third-party scheme for efficiency improvement and maintaining data
audit verification is created by joining the first application with security.
Bloom Filter, that does not require the confirmation of a A novel lattice-based secure cryptosystem been proposed by
collection, but to confirm the vector, as a result, it enhances the Chaudhary, R., et al, [17], for smart healthcare (LSCSH) using
efficiency much better. In their research, they combined cryptography algorithm applied in the healthcare field.
different techniques like cloud storage, related to basic
knowledge, and lattice signature. The output of this work is
investigating security and correctness of the model and its TABLE I. AN OVERVIEW OF SECURITY OF INTERNET OF THINGS

performance. The integrity of data in this model is verified and Researcher Applied Used Security Significant Satisfied
introduced in detail. Field Tools algorithms Aims

A model of lattice-based cryptosystem is proposed by MOTE-ECC,

emerging family of
Chaudhary, R., et al, [17] for an intelligent healthcare (LSCSH) Liu, Z., et al, Health lightweight elliptic
----------- cryptography-
[6] Care curves suitable
system that works with intelligent cities. An authentication RSA
for IoT
mechanism and a lightweight key exchange are used multiple
times in LSCSH. This new model was assessed based on
computation cost and communication cost and compare to other

165
 2018 International Conference on Advanced Science and Engineering (ICOASE), Kurdistan Region, Iraq

Fc-MKA-KSE system steganography in fog cloud IoT, algorithm based on side channel
IND-sF- analysis of (UOV), and novel lattice-based secure cryptosystem
for
Zhou, R., et CKA,
al,[10]
Industrial
IND-sF-
Keygen IIoT data sharing and for smart healthcare (LSCSH).
authorized data
KGA
searching
REFERENCES
quantum [1] Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., and Ayyash,
resistant algorithms M.: ‘Internet of things: A survey on enabling technologies, protocols, and
Cheng, C., Public &
Commercial Cryptosystem for securing applications’, IEEE Communications Surveys & Tutorials, 2015, 17, (4),
et al,[11] private key
communication pp. 2347-2376
in the IoT
[2] Shinde, G., and Olesen, H.: ‘Interaction between users and IoT clusters:
Moving towards an Internet of People, Things and Services (IoPTS)’, in
lattice-based
Cryptography, Editor (Ed.)^(Eds.): ‘Book Interaction between users and IoT clusters:
Xu, R., et al, cryptography is a
Industrial ---- quantum Moving towards an Internet of People, Things and Services (IoPTS)’
[5] proper choice for
computers (2015, edn.), pp.
smart IoT
[3] Liu, Z., Großschädl, J., Hu, Z., Järvinen, K., Wang, H., and Verbauwhede,
I.: ‘Elliptic curve cryptography with efficiently computable
(XOR), a new framework for endomorphisms and its hardware implementations for the internet of
El-Latif,
gray code, secure quantum things’, IEEE Transactions on Computers, 2017, 66, (5), pp. 773-785
A.A.A., et Industrial Fog clout IoT
the hash steganography in fog
al, [7]
function cloud IoT [4] Zeebaree, S.R., and Jacksi, K.: ‘Effects of Processes Forcing on CPU and
Total Execution-Time Using Multiprocessor Shared Memory System’
proposes a new model [5] Xu, R., Cheng, C., Qin, Y., and Jiang, T.: ‘Lighting the Way to a Smart
for Cloud-IoT based World: Lattice-Based Cryptography for Internet of Things’, arXiv
Elhoseny, preprint arXiv:1805.04880, 2018
Health (GA), (PSO), health
M., et al, ---------- [6] Liu, Z., Huang, X., Hu, Z., Khan, M.K., Seo, H., and Zhou, L.: ‘On
services (PPSO) service applications in
[12] emerging family of elliptic curves to secure internet of things: ECC comes
integrated industry
4.0 environment of age’, IEEE Transactions on Dependable and Secure Computing, 2017,
14, (3), pp. 237-248
Sakura-G, [7] El-Latif, A.A.A., Abd-El-Atty, B., Hossain, M.S., Elmougy, S., and
present an efficient Ghoneim, A.: ‘Secure quantum steganography protocol for fog cloud
FPGA
Yi, H., et al, algorithm based on Internet of Things’, IEEE Access, 2018, 6, pp. 10332-10340
Industrial board, (UOV)
[13] side channel analysis
Xilinx ISE [8] Gaj, K.: ‘Challenges and Rewards of Implementing and Benchmarking
of (UOV)
software Post-Quantum Cryptography in Hardware’, in Editor (Ed.)^(Eds.): ‘Book
Challenges and Rewards of Implementing and Benchmarking Post-
Quantum Cryptography in Hardware’ (ACM, 2018, edn.), pp. 359-364
Qiu, L., et quantum propose quantum [9] Atzori, M.: ‘Blockchain-based architectures for the internet of things: a
Healthcare -----
al, [14] signature signature protocols survey’, 2017
[10] Zhou, R., Zhang, X., Du, X., Wang, X., Yang, G., and Guizani, M.: ‘File-
centric Multi-Key Aggregate Keyword Searchable Encryption for
Sakura-G, present a physical Industrial Internet of Things’, IEEE Transactions on Industrial
FPGA analysis of Rainbow Informatics, 2018
Yi, H., et al,
Healthcare board, ECC, RSA which has a security [11] Cheng, C., Lu, R., Petzoldt, A., and Takagi, T.: ‘Securing the Internet of
[15]
Xilinx ISE level of not smaller Things in a quantum world’, IEEE Communications Magazine, 2017, 55,
software than 80 bits (2), pp. 116-120
[12] Elhoseny, M., Abdelaziz, A., Salama, A.S., Riad, A., Muhammad, K., and
New scheme Sangaiah, A.K.: ‘A hybrid model of internet of things and cloud
cloud storage,
proposed efficiency computing to manage big data in health services applications’, Future
Yan, Y., et Bloom Filter,
Industrial oracle improved, Generation Computer Systems, 2018
al, [16] lattice
maintaining data [13] Yi, H., and Nie, Z.: ‘Side-channel security analysis of UOV signature for
signature
security cloud-based Internet of Things’, Future Generation Computer Systems,
propose a novel 2018
Chaudhary, lattice-based secure [14] Qiu, L., Cai, F., and Xu, G.: ‘Quantum digital signature for the access
R., et al, Healthcare ----- Cryptography cryptosystem for control of sensitive data in the big data era’, Future Generation Computer
[17] smart healthcare Systems, 2018
(LSCSH)
[15] Yi, H., and Nie, Z.: ‘On the security of MQ cryptographic systems for
constructing secure Internet of medical things’, Personal and Ubiquitous
IV. CONCLUSION Computing, 2018, pp. 1-7
From the comparison step applied in section III, we can [16] Yan, Y., Wu, L., Gao, G., Wang, H., and Xu, W.: ‘A dynamic integrity
investigate that active approaches have been produced and verification scheme of cloud storage data based on lattice and Bloom
significant of these works extracted from the style of problem filter’, Journal of information security and applications, 2018, 39, pp. 10-
18
manipulation. There is a number of active algorithms that have
[17] Chaudhary, R., Jindal, A., Aujla, G.S., Kumar, N., Das, A.K., and Saxena,
an important role in the security of IoT fields such as RSA N.: ‘LSCSH: Lattice-Based Secure Cryptosystem for Smart Healthcare in
cryptography, quantum computers, MOTE-ECC, and Fog clout Smart Cities Environment’, IEEE Communications Magazine, 2018, 56,
IoT. Also, there are powerful tools used in this field such as (4), pp. 24-32
IND-sF-CKA, Oracle, hash function, and FPGA board. Hence,
efficient IoT security algorithms, or systems been produced such
as Fc-MKA-KSE system, new framework for secure quantum

166