Information Systems

Internet of Things 11 (2020) 100227

Contents lists available at ScienceDirect

Internet of Things

journal homepage: www.elsevier.com/locate/iot

Review article

Survey on IoT security: Challenges and solution using

machine learning, artificial intelligence and blockchain

technology

Bhabendu Kumar Mohanta a , ∗, Debasish Jena a , Utkalika Satapathy a , Srikanta Patnaik b

a Department of Computer Science & Engineering, IIIT Bhubaneswar, Odisha 751003, India b Department of Computer Science and Engineering, SOA University, Bhubaneswar 751030, India

a r t i c l e i n f o

Article history:

Received 24 January 2020

Revised 8 May 2020

Accepted 12 May 2020

Available online 20 May 2020

Keywords:

IoT

Security

Machine learning

Artificial intelligence

Blockchain technology

a b s t r a c t

Internet of Things (IoT) is one of the most rapidly used technologies in the last decade

in various applications. The smart things are connected in wireless or wired for commu-

nication, processing, computing, and monitoring different real-time scenarios. The things

are heterogeneous and have low memory, less processing power. The implementation of

the IoT system comes with security and privacy challenges because traditional based ex-

isting security protocols do not suitable for IoT devices. In this survey, the authors initially

described an overview of the IoT technology and the area of its application. The primary

security issue CIA (confidentially, Integrity, Availability) and layer-wise issues are identi-

fied. Then the authors systematically study the three primary technology Machine learn-

ing(ML), Artificial intelligence (AI), and Blockchain for addressing the security issue in IoT.

In the end, an analysis of this survey, security issues solved by the ML, AI, and Blockchain

with research challenges are mention.

© 2020 Elsevier B.V. All rights reserved.

1. Introduction

Internet of Things (IoT) is a network of smart things that share information over the internet. The smart things are used

to deploy in a different environment to capture the information, and some events are triggered. The applications of IoT is a

smart city, smart home, Intelligent transportation system, agriculture, hospital, supply chain system, earthquake detection, a

smart grid system. As per CISCO estimated, the IoT devices connected will be 50 billion at the end of 2020. The grown of IoT

devices is rapidly changing as it crosses the total world population. The data generated by the IoT devices are enormous. In

traditional IoT, architecture is three types physical, network, and application layer. In the physical layer, devices are embed-

ded with some technology which way they sense the environment and also able to connect in wired or wireless to the other

device. Like in the smart home system fridge can place an order automatically to the registered retailer whenever the fruits

chamber empty it, and notification will be sent to the home users. The similarity in smart hospital patients can monitor in

an emergency through sensors and corresponding computing devices. As the sensors are low-end devices, less computation

power, and have heterogeneous properties. Implementation of IoT comes with lots of challenges. The standardization, inter-

operability, data storage, processing, trust management, identity, confidentiality, integrity, availability, security, and privacy

∗ Corresponding author. E-mail addresses: [email protected] (B.K. Mohanta), [email protected] (D. Jena), [email protected] (U. Satapathy).

https://doi.org/10.1016/j.iot.2020.100227

2542-6605/© 2020 Elsevier B.V. All rights reserved.

2 B.K. Mohanta, D. Jena and U. Satapathy et al. / Internet of Things 11 (2020) 100227

Table 1

Related surveys work on IoT security.

Reference paper Year Contribution

Jing et al. [3] 2014 The security issue of three layers of IoT and its corresponding solution are surveyed in this paper.

Ngu et al. [4] 2016 The IoT middleware based architecture is proposed and explained each layer details. The authors also described

the adaptability and security issues in the IoT middleware system.

Mosenia et al. [5] 2016 The authors in this survey explained the reference model and security threads present on the edge side of the

model. The paper also reviewed the countermeasure to address the possible solutions.

Lin et al. [6] 2017 The paper initially described the IoT and Cyber-Physical Systems (CPS) integration. The security and privacy

issues survey in detail. The edge/fog computing integration with IoT is also explained in this survey paper.

Yang et al. [7] 2017 The paper has done a survey on security and privacy issue on IoT applications and systems. The authors

reviewed the authentication protocol in the IoT system. The challenging security issue in four-layer architecture

based IoT application are explained in details.

Alaba et al. [8] 2017 The authors in this survey investigated the state of art security issues in IoT applications. The threats and

vulnerability of the system in terms of communications, architecture, and applications are extensively reviewed.

the paper concludes with the solution approach for different security issues.

Grammatikis et al. [9] 2018 The paper provides a detailed study of IoT security layer-wise. The suitable countermeasure and potential

threats model are discussed in detail.

Das et al. [10] 2018 The authors in this paper investigate the security and threat model in IoT applications. The paper mentioned

some of the issues in IoT systems like authentication, trust management, and access control. Some solution

approach was also addressed.

Di Martino et al. [11] 2018 This paper reviewed the different standardized architecture of IoT systems and the current solution approach in

terms of Security and Interoperability are explained.

Hassija et al. [12] 2019 The authors of this paper reviewed the security and threat in IoT applications. The different solution approach

using machine learning, fog computing, edge computing, and Blockchain was proposed.

Proposed paper 2020 The authors in this paper initially identified the necessary Infrastructure, Protocol, Application of the IoT

system. Then security issue is identified in the IoT model. Some emerging technique which can be used to solve

the security issues in IoT is identified. After a rigorous survey, the authors found that machine learning,

Blockchain, and Artificial intelligence are the current solution approach to solve the Security issue in IoT.

are some of the open challenges in various IoT applications [1] . The IoT is one of the most emerging technologies in the last

decade and its uses in numerous applications area. Security and privacy are still challenges in many applications area. Some

research work addressing security and privacy issue in IoT is already done. But as the new technology comes, which can ad-

dress so of the security issue in IoT. So in this work, authors have identified three leading technologies like ML, Blockchain,

and AI, which address different security issues.

1.1. Objective and contribution

The main objective of this survey is to find out the security and privacy challenges that exist in IoT applications. The

authors also identified some emerging technology that can address security issues present in the system. Here the main

goal is to find the research challenges and corresponding solution approach in IoT security.

The following are the contribution of the paper:

• The paper explained the IoT architecture and its enabling technology with challenges. • The security issues in the IoT system are identified as in-depth layer-wise. • An extensive survey on similar technologies like machine learning, artificial intelligence, and Blockchain technology inte-

gration with IoT security are performed.

• The research challenges and corresponding solution approach with emerging technology (ML, AI, Blockchain) are also explained.

1.2. Paper organization

The rest of the paper organized as in Section 2 related work of security and privacy issues of IoT are identified, and

comparison was also made. The IoT architecture details and associated technology are described in Section 3 . The security

issues are explained in Section 4 . The different security issues address in IoT applications using Machine Learning, Artificial

intelligence, and Blockchain technology are explained in detail in Sections 5 –7 sequentially. An analysis of the entire survey

and future challenges are summarized in Section 8 . The paper concludes with a summary of the work done in Section 9 .

2. Related work

The authors explain the underlying system architecture and security issues in paper [2] . Previously some works related

to a security issue in IoT applications, infrastructure are already done. In Table 1 , a summary of some of the survey works

is mentioned. Although several works already exist in this regard from different perspectives, for implementation purposes,

there is no such study done. So in this survey, authors have identified the recent emerging technology (ML, AI, Blockchain),

which can be addressed security issues in IoT. Some of the work integration with recent technology and IoT has already

B.K. Mohanta, D. Jena and U. Satapathy et al. / Internet of Things 11 (2020) 100227 3

Fig. 1. Internet of things infrastructure.

been done. In this survey, the authors tried to give the details about the insight of that technology how it will solve security

challenges in IoT. This will helps the reader to understand the IoT infrastructure creation and implementing it securely.

3. Internet of things (IoT) infrastructure,protocol, application

Internet of Things (IoT) has lots of potentials to apply in different real-time applications. It integrates sensors, smart de-

vices, radiofrequency identification (RFID), and the Internet to build an intelligent system. As per Goldman Sachs estimated

28 billion smart things would be connected to a different network by 2020. The growth of IoT in the last decade in such

a way that it incorporates everything from sensors to cloud computing intermediate with fog/edge computing. The IoT has

different types of a network like a distributed, ubiquitous, grid, and vehicular. The applications of IoT made a huge impact

in day to day life like sensors deploy in the patient body to monitoring in critical condition, monitoring gas leakage in smart

kitchen, agriculture field, smart car parking, smart transportation, tracking goods details in supply chain system using sen-

sors in the vehicle. The sensors are resource constraint devices connected through wired or wirelessly across heterogeneous

networks. The IoT networks are possessed different security, privacy, and vulnerable to the attacker.

3.1. IoT infrastructure

IoT application consists of different smart things that collect, process, compute and communicate with other smart things.

IoT has three layers physical, network, and application layer. Recently industries are developed many things which are em-

bedded with intelligent things. As shown in Fig. 1 IoT infrastructure consists of not only sensors, but it also integrates with

some emerging technology. The IoT application is based on either IoT-Cloud or IoT-Fog-Cloud. The security issue like data

privacy [13] , machine to machine communication [14] , real-time monitoring [15] and IoT testbed [16] are need to be ad-

dressed for efficient IoT applications. The architecture of IoT may be centralized, distributed, decentralized structure. In IoT

application processing and computing in real-time is one of the most challenging issues. Cloud computing provides more

storage and assures security to the data. But recently, most of the real-time monitoring IoT application demand processing

and computing in the edge of the network. So that quick action can be taken like monitoring the health condition of the

serious patient, fire detection. When processing and computing are done on the edge of the network using fog devices, it

becomes more vulnerable to the attacker as their devices are lightweight device traditional security is not applicable. During

analytic data, a technique like a machine learning is recently used to make the IoT system more intelligent and independent

to make a decision. The different smart devices are connected to make an application using some standard protocols. The

security issue exists in IoT infrastructure, which needs to be addressed to build trust among end-users and make the system

temper-proof. The data interoperability [17] in the IoT system works using an intelligent algorithm.

3.2. Standard protocol

The basic IoT architecture is a four layer network. Each of these layer consists of some standard protocol as shown in

Table 2 .

3.2.1. MQTT

MQTT stands for transportation of MQ Telemetry. It is a straightforward and lightweight messaging protocol for pub-

lishing / subscribe, designed for restricted devices and low bandwidth, high latency, or unreliable networks. The design

principles are to minimize the requirements for network bandwidth and device resources while also trying to ensure reli-

ability and some degree of delivery assurance. These principles also result in making the protocol ideal for the emerging

world of low end connected devices “machine-to-machine” (M2 M) or “Internet of Things.”

4 B.K. Mohanta, D. Jena and U. Satapathy et al. / Internet of Things 11 (2020) 100227

Table 2

Protocols & attacks on IoT layers.

Protocols & possible attacks in IoT layers

Layer Protocol name Possible security attack

Application MQTT, CoAP, REST, AMQP Repudiation Attack, DDoS Attack, HTTP Flood Attack, SQL Injection

Attack, Cross-Site Scripting, Parameter Tampering, Slowloris Attack

Transport TCP, UDP, DCCP, SCTP, RSVP, QUIC SYN Flood, Smruf Attack,Injection Attack, Mitnick Attack, Opt-ack Attack

Network CLNS, DDP, EIGRP, ICMP, IGMP,

IPsec, IPv4, IPv6, OSPF, RIM

IP Address Spoofing, DoS Attack, Black Hole Attack, Worm Hole Attack,

Byzantine Attack, Resource Consumption Attack.

Pysical DSL, ISDN, IDA, USB, Bluetooth,

CAN, Ethernet

Access Control Attack, Physical damage 0r Destruction, Disconnection of

Physical Links

3.2.2. CoAP

Constrained Application Protocol (CoAP), as defined in RFC 7252, is a specialized Internet Application Protocol for re-

stricted devices. It allows those restricted devices called “nodes” to use similar protocols to communicate with the broader

Internet. CoAP is designed to be used by devices on the same network.

3.2.3. REST

REST stands for State Transfer Member. REST is an architecture based on web standards and uses the HTTP protocol.

It revolves around resources where each element is a resource, and a resource is accessed using standard HTTP methods

through a specific interface. Roy Fielding introduced REST in 20 0 0. A REST server offers access to resources in REST archi-

tecture, and REST user accesses and modifies resources. Here, URIs / global IDs classify each asset. REST uses a variety of

representations to describe a resource such as text, JSON, XML.

3.2.4. AMQP

An open standard for transferring business messages between applications or organizations is the Advanced Message

Queuing Protocol (AMQP). It connects systems, feeds business processes with the information they need, and transmits the

instructions that achieve their goals reliably forward.

3.2.5. TCP

Transmission Control Protocol (TCP) is a connection-oriented communications protocol that provides the facility to ex-

change messages in a network between computer devices.

3.2.6. UDP

A Transport Layer protocol is the User Datagram Protocol (UDP). UDP is part of the Internet Protocol suite, known as UDP

/ IP. Like TCP, this protocol is unstable and unconnected. There is thus no need to create a link before transferring data.

3.2.7. DCCP

DCCP provides a way for congestion-control mechanisms to be accessed without having to implement them at the ap-

plication layer. It allows flow-based semiconducting, as in the Transmission Control Protocol (TCP), but does not provide

reliable delivery on-order. Sequenced transmission across multiple streams is not possible in DCCP, as in the Stream Control

Transmission Protocol (SCTP). A DCCP link requires both the network acknowledgment and data traffic. Acknowledgments

notify a sender that their packets have arrived and whether they have been labeled with an Explicit Notification of Conges-

tion (ECN).

3.2.8. SCTP

The Stream Control Transmission Protocol (SCTP) is a computer networking communication protocol that operates at the

transportation layer and serves a similar role to the popular TCP and UDP protocols. It is defined in RFC 4960 by IETF.SCTP

incorporates some of the features of both UDP and TCP: it is message-oriented like UDP and ensures secure, in-sequence

congestion-controlled transmission of messages like TCP. It differs from those protocols by providing multi-homing and

redundant paths to increase resilience and reliability.

3.2.9. RSVP

The Resource Reservation Protocol (RSVP) is a transport layer [1] protocol designed to use the distributed infrastructure

model to reserve resources across a network. RSVP works over an IPv4 or IPv6 and sets up resource reservations for multi-

cast or unicast data flows, initiated by the recipient. It does not transmit data from applications but is similar to a control

protocol, such as the Internet Control Message Protocol (ICMP) or the Internet Group Management Protocol (IGMP). RSVP is

set out in RFC 2205.

B.K. Mohanta, D. Jena and U. Satapathy et al. / Internet of Things 11 (2020) 100227 5

3.2.10. QUIC

QUIC (pronounced’ quick’) is a general-purpose network layer protocol initially designed by Google’s Jim Roskind, intro-

duced and deployed in 2012, publicly announced in 2013 as an extended experiment and defined by the IETF. While still an

Internet-Draft, more than half of all Chrome web browser connections to Google’s servers use QUIC.[citation needed] Most

other web browsers don’t follow the protocol.

3.2.11. CLNS

Connectionless mode Network Service (CLNS) or simply Connectionless Network Service is an OSI Network Layer data-

gram service that does not require a circuit to be set up before data is transmitted, and routes messages to their destinations

independently of any other messages. CLNS is not an Internet service but offers f eatures similar to those offered by the In-

ternet Protocol (IP) and User Datagram Protocol (UDP) in an OSI Network environment.

3.2.12. DDP

Distributed Data Protocol (or DDP) is a client-server protocol designed to query and update a server-side database and

to synchronize such updates between clients. It uses a messaging pattern for publish-subscribe. The Meteor JavaScript ap-

plication was developed for use.

3.2.13. ICMP

Connectionless-mode Network Service (CLNS) or simply Connectionless Network Service is an OSI Network Layer data-

gram service that does not allow a circuit to be set up before data is transmitted and routes messages to their destinations

independently of any other messages. As such, it is a best-effort rather than a “reliable” delivery service. CLNS is not an

Internet service but offers f eatures similar to those offered by the Internet Protocol (IP) and User Datagram Protocol (UDP)

in an OSI Network environment.

3.2.14. DSI

Digital Serial Interface (DSI) is a protocol for regulating lighting (initially electrical ballast) in buildings. It is based on

Manchester-coded 8-bit protocol, 1200 baud data rate, 1 start bit, 8 data bits (dim value), 4 stop bits, and is the basis

for the more advanced Digital Addressable Lighting Interface (DALI) protocol. The technology uses a single byte (0–255 or

0x00-0xFF) to communicate the lighting level. DSI was the first use of digital communication to control lighting and was

the precursor to DALI.

3.2.15. ISDN

Integrated Services Digital Network (ISDN) is a set of communication standards for simultaneous digital transmission of

voice, video, data, and other network services over the traditional circuits of the public switched telephone network. The

key feature of ISDN is that it integrates speech and data on the same lines, adding features that were not available in the

classic telephone system. In the emergency mode of IoT devices, the ISDN facility can be useful.

3.3. Application

IoT applications are nowadays developed in many fields. The development of many open-source platforms like Azure

IoT Suite, IBM Watson, Amazon Web Services (AWS), Oracle IoT, Kaa, Bevywise IoT platform used for industrial IoT, IoTIFY

cloud-based platform used to build scalable IoT applications. Most of the opensource platform is enabled with AI and ML

technology for intelligent processing and computing the information. The manufacture of smart devices that can read, pro-

cess, and computing the things makes the IoT as one of the emerging fields. There are many application areas where IoT

is used, as shown in Fig. 2 . In these eight different application fields, IoT has already made an impact on enhancing and

increasing the efficiency of the system.

3.3.1. Smart home

The IoT makes the traditional home system into an intelligent one. The refrigerator, smart television, security camera, gas

sensors, temperature sensor, light system all can sense the home environment, communicate and connect to the internet

through wired or wireless. Even the refrigerator can place an order to the registered retail shop and give notification to

the user. Due to the development of smart things, the living standard becomes more comfortable. In paper [18] , authors

design a smart home system based on IoT technology. Using technology like IoT and Fog computing home converted into an

intelligent home system where monitoring of the home can be done remotely as well as processing can be done instantly.

The authentication of devices is essential to prevent unwanted access to the IoT network. The authors in Satapathy et al.

[19] and Panda et al. [20] proposed different authentication schemes for a smart home network. Still, some security issues

[21] , are exist in IoT based smart home systems.

6 B.K. Mohanta, D. Jena and U. Satapathy et al. / Internet of Things 11 (2020) 100227

Fig. 2. Internet of things applications.

3.3.2. Smart hospital

Since the development of IoT patient monitoring in real-time is possible with the use of sensors and fog/edge computing,

the paper [22] , authors have proposed an IoT-cloud based framework for data collection in the healthcare system. Similarly,

in Moosavi et al. [23] , authors performed the authentication and authorization of the smart devices in the healthcare system.

In the healthcare system, privacy is one of the main issues, so proper security and privacy protocol need to be developed to

secure the system.

3.3.3. Smart city

The ever-growing city has lots of problems like traffic management, waste management, waste management, and en-

vironmental management. The city needs a solution to monitor and control the problem exist. In papers [24,25] , authors

explained the challenges that exist in implementing smart cities and done a survey in detail about how IoT can solve an

existing problem. Using IoT and associated technology, a smart city can be developed to enhance the living standard of the

city, maintaining the security and privacy issue of the citizen.

3.3.4. Smart transportation

In recent times traffic is one of the major problems in a city. The intelligent transportation system is the need of the

hour. The IoT enables vehicles can collect information from the roadside unit and process to get the details about journey

path, time, and traffic details. Some of the research work [26,27] addressed the smart transportation issue using IoT. In

paper [28] , the authors proposed the IoT-ITS system for the transportation system. The authors in Dey et al. [29] proposed

a “Magtrack” to detect condition of the road surface using in-build mobile sensors and machine learning concepts.

3.3.5. Smart grid

The smart grid is one of the application areas of IoT, where a grid system can be made automation using IoT. The elec-

tric power generation and distribution among consumers can be monitor in real-time. The cybersecurity solution approach

[30] is explained in detail. The architecture of the IoT-Cloud based system proposed by the authors in paper [31] . The effi-

cient, economical and distribution can be improved using the IoT technology in the smart grid system.

B.K. Mohanta, D. Jena and U. Satapathy et al. / Internet of Things 11 (2020) 100227 7

Table 3

The different security attacks in IoT.

Different attacks cases and relevant research papers

Attacks type Paper

IoT

Attacks

Jamming attacks [43]

DoS attacks [44]

Intrusion detection System [45]

Malicious node [46]

Power analysis attack [47,48]

Internal attacks [49]

Access control [50]

Wormhole attack [51]

Side channel security [52]

Distributed Dos [53]

Man in the Middle attack [54]

Active attacks [55]

Routing attacks [56]

Sybil attacks [57,58]

Deceptive attack [59]

Spoofing [60]

Buffer overflow attack [61]

Impersonation attack [62]

3.3.6. Supply chain system

The IoT smart devices, once used in a supply chain management system, can fundamentally change the traditional way

to monitor the transport system. By using the IoT technique, the material is easily located, their current condition, packing

details, and it is easy to track how goods are a move through the supply chain. It increases to maintain the demand-supply

of good, easy to monitor the material movement, real-time tracking, efficient storage, energy efficient [32] , and distribution.

The authors in Li et al. [33] , explained how tracking and tracing could be done in real-time using the IoT system. Similarly,

in paper [34,35] authors, discussed the IoT based architecture and risk management in the supply chain system. In paper

[34] , authors have proposed artificial intelligent integration with IoT for the retail shop supply chain system.

3.3.7. Smart retails

The retail sector also using IoT services along with artificial intelligent [36] to enhance productivity, improve store opera-

tion, and to take the decision in real-time to manage the inventory system.

3.3.8. Agriculture

Agriculture is one of the promising application areas in IoT. In a smart agriculture system by deploying the sensors to

monitor the soil

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.