{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T21:36:08Z","timestamp":1773092168388,"version":"3.50.1"},"reference-count":63,"publisher":"Emerald","issue":"2","license":[{"start":{"date-parts":[[2019,6,12]],"date-time":"2019-06-12T00:00:00Z","timestamp":1560297600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2019,6,12]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>Internet of Things (IoT) is a challenging and promising system concept and requires new types of architectures and protocols compared to traditional networks. Security is an extremely critical issue for IoT that needs to be addressed efficiently. Heterogeneity being an inherent characteristic of IoT gives rise to many security issues that need to be addressed from the perspective of new architectures such as software defined networking, cryptographic algorithms, federated cloud and edge computing.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>The paper analyzes the IoT security from three perspectives: three-layer security architecture, security issues at each layer and security countermeasures. The paper reviews the current state of the art, protocols and technologies used at each layer of security architecture. The paper focuses on various types of attacks that occur at each layer and provides the various approaches used to countermeasure such type of attacks.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>The data exchanged between the different devices or applications in the IoT environment are quite sensitive; thus, the security aspect plays a key role and needs to be addressed efficiently. This indicates the urgent needs of developing general security policy and standards for IoT products. The efficient security architecture needs to be imposed but not at the cost of efficiency and scalability. The paper provides empirical insights about how the different security threats at each layer can be mitigated.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>The paper fulfills the need of having an extensive and elaborated survey in the field of IoT security, along with suggesting the countermeasures to mitigate the threats occurring at each level of IoT protocol stack.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-07-2018-0084","type":"journal-article","created":{"date-parts":[[2019,5,28]],"date-time":"2019-05-28T04:39:25Z","timestamp":1559018365000},"page":"292-323","source":"Crossref","is-referenced-by-count":52,"title":["A survey on the Internet of Things security"],"prefix":"10.1108","volume":"27","author":[{"given":"Omerah","family":"Yousuf","sequence":"first","affiliation":[]},{"given":"Roohie Naaz","family":"Mir","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2020092311253597300_ref001","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/PRISMS.2014.6970594","article-title":"Security and privacy in the internet of things: current status and open issues","volume-title":"2014 International Conference on Privacy and Security in Mobile Systems (PRISMS)","year":"2014"},{"key":"key2020092311253597300_ref002","doi-asserted-by":"crossref","first-page":"395","DOI":"10.1016\/j.future.2017.11.022","article-title":"IoT security: review, blockchain solutions, and open challenges","volume":"82","year":"2018","journal-title":"Future Generation Computer Systems"},{"key":"key2020092311253597300_ref003","first-page":"491","article-title":"Software-defined network as solution to overcome security challenges in IoT","volume-title":"2016 5th International Conference on Reliability, Infocom Technologies and Optimization, ICRITO 2016: Trends and Future Directions","year":"2016"},{"key":"key2020092311253597300_ref004","first-page":"10","article-title":"Internet of things security: a survey","volume-title":"Journal of Network and Computer Applications","year":"2017"},{"key":"key2020092311253597300_ref005","first-page":"2347","article-title":"Internet of things: a survey on enabling","year":"2015"},{"key":"key2020092311253597300_ref006","first-page":"604","article-title":"Capability-based access control delegation model on the federated IoT network","volume-title":"The 15th International Symposium on Wireless Personal Multimedia Communications, IEEE","year":"2012"},{"issue":"16","key":"key2020092311253597300_ref007","doi-asserted-by":"crossref","first-page":"3594","DOI":"10.1016\/j.comnet.2012.07.010","article-title":"The social internet of things (SIoT) \u2013 when social networks meet the internet of things: concept, architecture and network characterization","volume":"56","year":"2012","journal-title":"Computer Networks"},{"issue":"4","key":"key2020092311253597300_ref008","first-page":"450","article-title":"Security issues in internet of things (IoT): a survey","volume":"5","year":"2015","journal-title":"International Journal of Advanced Research in Computer Science and Software Engineering"},{"issue":"2","key":"key2020092311253597300_ref009","doi-asserted-by":"crossref","first-page":"86","DOI":"10.1016\/j.ijcip.2012.04.001","article-title":"Design and implementation of a mediation system enabling secure communication among critical infrastructures","volume":"5","year":"2012","journal-title":"International Journal of Critical Infrastructure Protection"},{"issue":"4","key":"key2020092311253597300_ref010","doi-asserted-by":"crossref","first-page":"2319","DOI":"10.11591\/ijece.v8i4.pp2319-2326","article-title":"A comprehensive survey on exiting solution approaches towards security and privacy requirements of IoT","volume":"8","year":"2018","journal-title":"International Journal of Electrical and Computer Engineering (IJECE)"},{"issue":"3","key":"key2020092311253597300_ref011","doi-asserted-by":"crossref","first-page":"2027","DOI":"10.1109\/COMST.2016.2548426","article-title":"A survey of man in the middle attacks, (c)","volume":"18","year":"2016","journal-title":"IEEE Communications Surveys and Tutorials"},{"key":"key2020092311253597300_ref012","article-title":"Authentication protocols for internet of things: a comprehensive survey","volume":"2017","year":"2017","journal-title":"Security and Communication Networks"},{"key":"key2020092311253597300_ref013","first-page":"6","article-title":"An automata based intrusion detection method for internet of things","year":"2017"},{"key":"key2020092311253597300_ref014","article-title":"Security in internet of things: issues, challenges, taxonomy, and architecture","year":"2017","journal-title":"Telecommunication Systems"},{"key":"key2020092311253597300_ref015","first-page":"21","article-title":"Towards an analysis of security issues","year":"2015","journal-title":"Challenges, and Open Problems in the Internet of Things. 2015 IEEE World Congress on Services"},{"key":"key2020092311253597300_ref016","article-title":"Towards an analysis of security issues","year":"2015","journal-title":"Challenges, and Open Problems in the Internet of Things"},{"key":"key2020092311253597300_ref017","article-title":"Gartner research vice president","volume-title":"Leading the IoT, Gartner Insights on How to Lead in a Connected World","year":"2017"},{"issue":"1","key":"key2020092311253597300_ref018","first-page":"159","article-title":"A modified RSA algorithm for security enhancement and redundant messages elimination using K-nearest neighbor algorithm","volume":"2","year":"2015","journal-title":"IJISET \u2013 International Journal of Innovative Science, Engineering and Technology"},{"key":"key2020092311253597300_ref019","first-page":"61","article-title":"Hardware and embedded security in the context of internet of things","year":"2013","journal-title":"Proceedings of the 2013 ACM Workshop on Security, Privacy and Dependability for Cyber Vehicles"},{"key":"key2020092311253597300_ref020","first-page":"7","volume-title":"Lightweight Cryptography for the Internet of Things","year":"2008"},{"key":"key2020092311253597300_ref021","unstructured":"Kibirige, G.W. and Sanga, C. (2015), \u201cA survey on detection of sinkhole attack in wireless sensor network\u201d, arXiv preprint arXiv:1505.01941."},{"issue":"3","key":"key2020092311253597300_ref022","doi-asserted-by":"crossref","first-page":"1002","DOI":"10.11591\/ijece.v6i3.pp1002-1010","article-title":"Secure digital signature scheme based on elliptic curves for internet of things","volume":"6","year":"2016","journal-title":"International Journal of Electrical and Computer Engineering (IJECE)"},{"key":"key2020092311253597300_ref022a","year":"2017","journal-title":"Building the Internet of Things: Implement New Business Models, Disrupt Competitors, Transform Your Industry"},{"key":"key2020092311253597300_ref023","first-page":"5772","article-title":"Security in internet of things: challenges, solutions and future directions","volume-title":"Proceedings of the Annual HI International Conference on System Sciences, 2016\u2013March","year":"2016"},{"issue":"4","key":"key2020092311253597300_ref024","doi-asserted-by":"crossref","first-page":"431","DOI":"10.1016\/j.bushor.2015.03.008","article-title":"The internet of things (IoT) : applications, investments, and challenges for enterprises","volume":"58","year":"2015","journal-title":"Business Horizons"},{"key":"key2020092311253597300_ref025","first-page":"291","article-title":"Securing RFID systems by detecting tag cloning","year":"2009"},{"key":"key2020092311253597300_ref026","article-title":"A federated architecture approach for internet of things security","volume-title":"2014 Euro Med Telco Conference \u2013 From Network Infrastructures to Network Fabric: Revolution at the Edges, EMTC 2014","year":"2014"},{"issue":"4","key":"key2020092311253597300_ref027","first-page":"309","article-title":"Identity authentication and capability based access control (IACAC) for the internet of things","volume":"1","year":"2013","journal-title":"Journal of Cyber Security and Mobility"},{"key":"key2020092311253597300_ref028","doi-asserted-by":"crossref","unstructured":"Matharu, G.S. (2014), \u201cThe internet of things: challenges and security issues\u201d, pp. 54-59, available at: https:\/\/doi.org\/10.1109\/ICET.2014.7021016","DOI":"10.1109\/ICET.2014.7021016"},{"issue":"4","key":"key2020092311253597300_ref030","doi-asserted-by":"crossref","first-page":"586","DOI":"10.1109\/TETC.2016.2606384","article-title":"A comprehensive study of security of internet-of-things","volume":"5","year":"2017","journal-title":"IEEE Transactions on Emerging Topics in Computing"},{"key":"key2020092311253597300_ref031","first-page":"208","article-title":"Comparison of attacks on wireless sensor networks","year":"2014"},{"key":"key2020092311253597300_ref032","first-page":"321","article-title":"Internet of things (IoT) : taxonomy of security attacks","year":"2016"},{"key":"key2020092311253597300_ref033","doi-asserted-by":"crossref","unstructured":"Patton, M. Gross, E. Chinn, R. Forbis, S. Walker, L. and Chen, H. (2014), \u201cUninvited connections a study of vulnerable devices on the internet of things (IoT)\u201d, pp. 1-4, available at: https:\/\/doi.org\/10.1109\/JISIC.2014.43","DOI":"10.1109\/JISIC.2014.43"},{"key":"key2020092311253597300_ref034","first-page":"294","article-title":"A survey on IoT applications, security challenges and counter measures","volume-title":"2016 International Conference on Computing, Analytics and Security Trends (CAST), IEEE","year":"2016"},{"key":"key2020092311253597300_ref035","first-page":"267","article-title":"The sleep deprivation attack in sensor networks: analysis and methods of defense","year":"2006"},{"key":"key2020092311253597300_ref029","first-page":"49","article-title":"Security issues and countermeaaures of three tier architecture of IOT \u2013 a survey","volume-title":"International Journal of Pure and Applied Mathematics","year":"2017"},{"key":"key2020092311253597300_ref037","doi-asserted-by":"crossref","first-page":"699","DOI":"10.23919\/ICACT.2017.7890183","article-title":"Survey on security in internet of things: state of the art and challenges","volume-title":"2017 19th International Conference on Advanced Communication Technology (ICACT)","year":"2017"},{"issue":"19","key":"key2020092311253597300_ref038","doi-asserted-by":"crossref","first-page":"33","DOI":"10.5120\/11507-7224","article-title":"A study of encryption algorithms (RSA, DES, 3DES and AES) for information security","volume":"67","year":"2013","journal-title":"International Journal of Computer Applications"},{"key":"key2020092311253597300_ref039","first-page":"648","article-title":"Security in the internet of things: a review\u201d, Proceedings \u2013 2012","volume-title":"International Conference on Computer Science and Electronics Engineering, ICCSEE 2012, 3","year":"2012"},{"issue":"5","key":"key2020092311253597300_ref040","doi-asserted-by":"crossref","first-page":"2396","DOI":"10.11591\/ijece.v6i5.pp2396-2402","article-title":"Trust-based privacy for internet of things","volume":"6","year":"2016","journal-title":"International Journal of Electrical and Computer Engineering (IJECE)"},{"issue":"18","key":"key2020092311253597300_ref041","first-page":"8","volume":"45","year":"2012","journal-title":"Detection of Malicious Code-Injection Attack Using Two Phase Analysis Technique"},{"key":"key2020092311253597300_ref042","first-page":"104","article-title":"Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems","year":"1996","journal-title":"Annual International Cryptology Conference"},{"key":"key2020092311253597300_ref043","article-title":"Network protocols, schemes, and mechanisms for internet of things (iot): features, open challenges, and trends","volume-title":"Wireless Communications and Mobile Computing","year":"2018"},{"issue":"7","key":"key2020092311253597300_ref044","doi-asserted-by":"crossref","first-page":"1","DOI":"10.5120\/19547-1280","article-title":"A critical analysis on the security concerns of internet of things (IoT)","volume":"111","year":"2015","journal-title":"International Journal of Computer Applications"},{"key":"key2020092311253597300_ref045","article-title":"Security threats and issues in automation IoT","volume-title":"IEEE International Workshop on Factory Communication Systems \u2013 Proceedings, WFCS, available at:","year":"2017"},{"key":"key2020092311253597300_ref046","article-title":"Security of the internet of things: perspectives and challenges security of the internet of things: perspectives and challenges","year":"2015"},{"key":"key2020092311253597300_ref047","first-page":"355","article-title":"A literature review on internet of things (IoT)","year":"2015"},{"key":"key2020092311253597300_ref048","article-title":"Security and privacy threats in IoT architectures","volume-title":"Proceedings of the 7th International Conference on Body Area Networks","year":"2012"},{"key":"key2020092311253597300_ref049","first-page":"725","article-title":"Performance evaluation of attribute-based encryption: toward data privacy in the IoT","year":"2014"},{"key":"key2020092311253597300_ref050","first-page":"638","article-title":"Security challenges of the internet of things","year":"2016"},{"key":"key2020092311253597300_ref051","first-page":"1062","article-title":"Application of dynamic variable cipher security certificate in internet of things","volume-title":"Proceedings \u2013 2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems, IEEE CCIS 2012","year":"2013"},{"key":"key2020092311253597300_ref035a","article-title":"IDC\u2019s worldwide internet of things security products taxonomy","year":"2017"},{"key":"key2020092311253597300_ref052","doi-asserted-by":"crossref","first-page":"407","DOI":"10.1109\/ICCIS.2013.114","article-title":"Study on security problems and key technologies of the internet of things","volume-title":"2013 International Conference on Computational and Information Sciences","year":"2013"},{"key":"key2020092311253597300_ref053","first-page":"1","article-title":"A survey on security and privacy issues in internet-of-things","year":"2017"},{"key":"key2020092311253597300_ref054","first-page":"1","article-title":"Randomizing RFID private authentication","year":"2009"},{"key":"key2020092311253597300_ref055","first-page":"1430","article-title":"An item-level access control framework for inter-system security in the internet of things","year":"2014","journal-title":"Applied Mechanics and Materials, 548-549"},{"issue":"4","key":"key2020092311253597300_ref056","doi-asserted-by":"crossref","first-page":"608","DOI":"10.20533\/ijisr.2042.4639.2015.0070","article-title":"Internet of things (IoT) security: current status","volume":"5","year":"2015","journal-title":"International Journal for Information Security Research"},{"key":"key2020092311253597300_ref057","first-page":"272","article-title":"A framework of machine learning based intrusion detection for wireless sensor networks 2","year":"2008","journal-title":"Challenges on Intrusion Detection in 3. Our Framework of Machine Learning Based ID for WSNs"},{"key":"key2020092311253597300_ref058","first-page":"224","article-title":"A secure data exchange protocol for the internet of things","year":"2012"},{"key":"key2020092311253597300_ref059","article-title":"Communication security in internet of thing: preventive measure and avoid DDoS attack over IoT network","year":"2015"},{"key":"key2020092311253597300_ref060","first-page":"563","article-title":"A novel mutual authentication scheme for internet of things","year":"2011"},{"key":"key2020092311253597300_ref061","year":"2013"},{"issue":"2","key":"key2020092311253597300_ref062","first-page":"819","article-title":"An IOT security risk autonomic assessment algorithm","volume":"11","year":"2013","journal-title":"Indonesian Journal of Electrical Engineering and Computer Science"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-07-2018-0084\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-07-2018-0084\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:02Z","timestamp":1753406582000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/27\/2\/292-323\/106508"}},"subtitle":["State-of-art, architecture, issues and countermeasures"],"short-title":[],"issued":{"date-parts":[[2019,6,12]]},"references-count":63,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2019,6,12]]}},"alternative-id":["10.1108\/ICS-07-2018-0084"],"URL":"https:\/\/doi.org\/10.1108\/ics-07-2018-0084","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"},{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2019,6,12]]}}}