{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,29]],"date-time":"2025-11-29T07:53:12Z","timestamp":1764402792294,"version":"build-2065373602"},"reference-count":90,"publisher":"Institute of Electronics, Information and Communications Engineers (IEICE)","issue":"8","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEICE Trans. Inf. & Syst."],"published-print":{"date-parts":[[2017]]},"DOI":"10.1587\/transinf.2016ici0001","type":"journal-article","created":{"date-parts":[[2017,7,31]],"date-time":"2017-07-31T22:19:37Z","timestamp":1501539577000},"page":"1649-1662","source":"Crossref","is-referenced-by-count":9,"title":["An Overview of Security and Privacy Issues for Internet of Things"],"prefix":"10.1587","volume":"E100.D","author":[{"given":"Heung Youl","family":"YOUM","sequence":"first","affiliation":[{"name":"Department of Information Security Engineering, Soonchunhyang University"}]}],"member":"532","reference":[{"key":"1","unstructured":"[1] N. Eddy, \u201cGartner: 21 Billion IoT devices to invade by 2020,\u201d InformationWeek, Nov. 2015. Available at http:\/\/www.informationweek.com\/mobile\/mobile-devices\/gartner-21-billion-iot-devices-to-invade-by-2020\/d\/d-id\/1323081"},{"key":"2","unstructured":"[2] E. Kovacs, \u201c70% of Internet Of Things Devices Reveal Vulnerabilities,\u201d Hewlett Packard, July 2014. Available at http:\/\/www8.hp.com\/us\/en\/hp-news\/press-release.html?id=1744676#.V-e1I7Wa1fA"},{"key":"3","unstructured":"[3] WIND White Paper, Managing the IoT Lifecycle From Design Through End-of-Life, Nov. 2015."},{"key":"4","doi-asserted-by":"crossref","unstructured":"[4] C. Perera, A. Zaslavsky, P. Christen, and D. Georgakopoulos, \u201cContext Aware Computing for The Internet of Things: A Survey,\u201d IEEE, vol.16, no.1, pp.414-454, 2014.","DOI":"10.1109\/SURV.2013.042313.00197"},{"key":"5","doi-asserted-by":"publisher","unstructured":"[5] J. Sathish Kumar and D.R. Patel, \u201cA Survey on Internet of Things: Security and Privacy Issues,\u201d International Journal of Computer Applications, vol.90, no.11, pp.20-26, March 2014. 10.5120\/15764-4454","DOI":"10.5120\/15764-4454"},{"key":"6","unstructured":"[6] J. Granjal, E. Monteiro, and J.S. Silva, \u201cSecurity for the Internet of Things: A Survey of Existing Protocols and Open Research Issues,\u201d IEEE Commun. Surveys Tuts., vol.17, no.3, pp.1294-1312, Jan. 2015."},{"key":"7","unstructured":"[7] C. Lu, \u201cAn Overview of Privacy and Security Issues in the Internet of Things,\u201d Springer, May 2014. Available at http:\/\/www.cse.wustl.edu\/~jain\/cse574-14\/ftp\/security.pdf"},{"key":"8","unstructured":"[8] T. Borgohain, U. Kumar, and S. Sanyal, \u201cSurvey of Security and Privacy Issues of Internet of Things,\u201d Jan. 2015. available at https:\/\/www.researchgate.net\/publication\/270763270_Survey_of_Security_and_Privacy_Issues_of_Internet_of_Things"},{"key":"9","doi-asserted-by":"crossref","unstructured":"[9] I. Butun, S.D. Morgera, and R. Sankar, \u201cA Survey of Intrusion Detection Systems in Wireless Sensor Networks,\u201d IEEE Commun. Surveys Tuts., vol.16, no.1, pp.266-282, 2014.","DOI":"10.1109\/SURV.2013.050113.00191"},{"key":"10","unstructured":"[10] ITU Telecommunication Standardization Sector (ITU-T), http:\/\/www.itu.int\/en\/ITU-T\/Pages\/default.aspx"},{"key":"11","unstructured":"[11] ISO\/IEC JTC 1\/SC 27 IT Security techniques, http:\/\/www.din.de\/en\/meta\/jtc1sc27"},{"key":"12","unstructured":"[12] IEEE SA (standards association), http:\/\/standards.ieee.org\/"},{"key":"13","unstructured":"[13] Internet Engineering Task Force (IETF), https:\/\/www.ietf.org\/"},{"key":"14","unstructured":"[14] K.L. Lueth, \u201cThe 10 most popular Internet of Things applications right now,\u201d IoT Analytics, Feb. 2015. available at https:\/\/iot-analytics.com\/10-internet-of-things-applications\/"},{"key":"15","unstructured":"[15] K. Ashton, \u201cThat \u2018internet of things\u2019 thing in the real world, things matter more than ideas,\u201d RFID Journal, June 2009, http:\/\/www.rfidjournal.com\/article\/print\/4986"},{"key":"16","unstructured":"[16] Wikipedia, https:\/\/en.wikipedia.org\/wiki\/Internet_of_things"},{"key":"17","unstructured":"[17] GSMA, IoT Security Guidelines Overview Document, version 1.0, Feb. 2016."},{"key":"18","unstructured":"[18] P. Guillemin and P. Friess, \u201cInternet of things strategic research roadmap,\u201d The Cluster of European Research Projects, Tech. Rep., Sept. 2009, available at http:\/\/www.internet-of-things-research.eu\/pdf\/IoT_Cluster_Strategic_Research_Agenda_2011.pdf"},{"key":"19","unstructured":"[19] European Commission, \u201cInternet of things in 2020 road map for the future,\u201d Working Group RFID of the ETP EPOSS, Tech. Rep., May 2008, available at http:\/\/ec.europa.eu\/informationsociety\/policy\/rfid\/documents\/iotprague2009.pdf [Accessed on: 2011-06-12]."},{"key":"20","unstructured":"[20] Recommendation ITU-T Y.2060, Overview of the Internet of things, June 2012."},{"key":"21","unstructured":"[21] Recommendation ITU-T X.iotsec-1, Simple encryption procedure for Internet of things (IoT) environments, Sept. 2016."},{"key":"22","unstructured":"[22] ITU WTSA-12, Resolution 1-Rules of procedure of the ITU Telecommunication Standardization Sector, 2012."},{"key":"23","unstructured":"[23] Recommendation ITU-T X.iotsec-2, Security Framework forInternet of Things, Sept. 2016."},{"key":"24","unstructured":"[24] Recommendation X.itssec-1, Secure software update capability for intelligent transportation system communication devices, Sept. 2016."},{"key":"25","unstructured":"[25] Recommendation X.itssec-2, Security Guidelines for V2X Communication Systems, Sept. 2016."},{"key":"26","unstructured":"[26] Recommendation ITU-T Y.4100\/Y.2066, Common requirements of the Internet of things, June 2014."},{"key":"27","unstructured":"[27] Recommendation ITU-T Y.4401\/Y.2068, Functional framework and capabilities of the Internet of things, March 2015."},{"key":"28","unstructured":"[28] WIND white paper, Security in the Internet of Things: Lessons from the Past for the Connected Future, Jan. 2015."},{"key":"29","unstructured":"[29] WIKI sensor node, available at https:\/\/en.wikipedia.org\/wiki\/Sensor_node Recommendation."},{"key":"30","unstructured":"[30] ITU-T X.1311, Information technology-Security framework for ubiquitous sensor networks, Feb. 2011."},{"key":"31","unstructured":"[31] ITU-T SG17 (Security), http:\/\/www.itu.int\/en\/ITU-T\/studygroups\/2013-2016\/17\/Pages\/default.aspx"},{"key":"32","unstructured":"[32] ITU-T SG 20 (IoT and its applications including smart cities and communities), available at http:\/\/www.itu.int\/en\/ITU-T\/studygroups\/2013-2016\/20\/Pages\/default.aspx"},{"key":"33","unstructured":"[33] M. Cohodas, \u201cThe Internet of Things: 7 Scary Security Scenarios,\u201d Oct. 2016. (http:\/\/www.darkreading.com\/perimeter\/the-internet-of-things-7-scary-security-scenarios\/d\/d-id\/1316659?image_number=1<\/i>)"},{"key":"34","unstructured":"[34] A. Ross, \u201cPrivacy In All Things Includes the Internet of Things,\u201d The online privacy blog, July 2014."},{"key":"35","unstructured":"[35] O. Garcia-Morchon, S. Kumar, et al., \u201cSecurity Considerations in the IP-based Internet of Things,\u201d IETF Internet Draft, Sept. 2013. http:\/\/tools.ietf.org\/html\/draft-garcia-core-security-06"},{"key":"36","doi-asserted-by":"crossref","unstructured":"[36] E. Liu, Z. Liu, and F. Shao, \u201cDigital Rights Management and Access Control in Multimedia Social Networks,\u201d In Genetic and Evolutionary Computing, Springer International Publishing, pp.257-266, 2014. 10.1007\/978-3-319-01796-9_27","DOI":"10.1007\/978-3-319-01796-9_27"},{"key":"37","unstructured":"[37] ISO\/IEC 20889, Information technology-Security techniques-Privacy enhancing data de-identification techniques, Oct. 2016."},{"key":"38","unstructured":"[38] OWASP Internet of Things Project, (online available at https:\/\/www.owasp.org\/index.php\/OWASP_Internet_of_Things_Project#tab=IoT_Vulnerabilities<\/i>)"},{"key":"39","doi-asserted-by":"crossref","unstructured":"[39] S. Turne and T. Polk, Prohibiting Secure Sockets Layer (SSL) Version 2.0, IETF 6176, March 2011.","DOI":"10.17487\/rfc6176"},{"key":"40","unstructured":"[40] T. Dierks and E. Rescorla, \u201cThe Transport Layer Security (TLS) Protocol Version 1.2,\u201d RFC 5246, DOI 10.17487\/RFC5246, Aug. 2008."},{"key":"41","doi-asserted-by":"crossref","unstructured":"[41] Z. Shelby, K. Hartke, and C. Bormann, \u201cThe Constrained Application Protocol (CoAP),\u201d IETF RFC 7252, June 2014.","DOI":"10.17487\/rfc7252"},{"key":"42","doi-asserted-by":"crossref","unstructured":"[42] E. Rescorla and N. Modadugu, \u201cDTLS: Datagram Transport Layer Security,\u201d IETF RFC 4347, 2006.","DOI":"10.17487\/rfc4347"},{"key":"43","unstructured":"[43] T. Winter, Ed. and P. Thubert, Ed., A. Brandt, J. Hui, R. Kelsey, P. Levis, K. Pister, R. Struik, J.P. Vasseur, and R. Alexander, \u201cRPL: IPv6 Routing Protocol for Low-Power and Lossy Networks,\u201d IETF RFC 6550, March 2012."},{"key":"44","doi-asserted-by":"crossref","unstructured":"[44] G. Montenegro, N. Kushalnagar, J. Hui, and D. Culler, Transmission of IPv6 Packets Over IEEE 802.15.4 Networks, IETF RFC 4944, 2007.","DOI":"10.17487\/rfc4944"},{"key":"45","doi-asserted-by":"crossref","unstructured":"[45] J. Hui and P. Thubert, Compression Format for IPv6 Datagrams Over IEEE 802.15.4-Based Networks, IETF RFC 6282, 2011.","DOI":"10.17487\/rfc6282"},{"key":"46","unstructured":"[46] IEEE Standard for Local and metropolitan area networks \u2014 Part 15.4: Low-Rate Wireless Personal Area Networks (LR-WPANs), 2011."},{"key":"47","doi-asserted-by":"crossref","unstructured":"[47] R. Shirey, Internet Security Glossary, Version 2 IETF RFC 4849, Aug. 2007.","DOI":"10.17487\/rfc4949"},{"key":"48","unstructured":"[48] Open Web Application Security Project (OWASP), available at https:\/\/www.owasp.org\/index.php\/Main_Page"},{"key":"49","unstructured":"[49] Recommendation ITU-T Y.4100\/Y.2066, Common requirements of the Internet of things, June 2016."},{"key":"50","doi-asserted-by":"crossref","unstructured":"[50] E. Rescorla and N. Modadugu, Datagram Transport Layer Security Version 1.2, IETF RFC 6347, Jan. 2012.","DOI":"10.17487\/rfc6347"},{"key":"51","unstructured":"[51] Recommendation ITU-T X.509, Information technology-Open Systems Interconnection-The Directory: Public-key and attribute certificate frameworks, Oct. 2012."},{"key":"52","doi-asserted-by":"crossref","unstructured":"[52] D. Whiting, R. Housley, and N. Ferguson, \u201cCounter with CBC-MAC (CCM),\u201d IETF RFC 3610, Sept. 2003.","DOI":"10.17487\/rfc3610"},{"key":"53","doi-asserted-by":"crossref","unstructured":"[53] J. Jonsson and B. Kaliski, Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1, IETF RFC 3447, Feb. 2003.","DOI":"10.17487\/rfc3447"},{"key":"54","doi-asserted-by":"crossref","unstructured":"[54] D. Eastlake 3rd and T. Hansen, US Secure Hash Algorithms (SHA and HMAC-SHA), IETF 4634, July 2006.","DOI":"10.17487\/rfc4634"},{"key":"55","doi-asserted-by":"crossref","unstructured":"[55] R. Housley, \u201cUsing Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP),\u201d IETF RFC 3686, Jan. 2004.","DOI":"10.17487\/rfc3686"},{"key":"56","doi-asserted-by":"crossref","unstructured":"[56] S. Frankel, R. Glenn, and S. Kelly, \u201cThe AES-CBC Cipher Algorithm and Its Use with IPsec,\u201d IETF RFC 3602, Sept. 2003.","DOI":"10.17487\/rfc3602"},{"key":"57","unstructured":"[57] A. Grau, IoT Security Standards-Paving the Way for Customer Confidence, IEEE Standard University, Feb. 2016."},{"key":"58","unstructured":"[58] M. Palattella, N. Accettura, X. Vilajosana, T. Watteyne, L. Grieco, G. Boggia, and M. Dohler, \u201cStandardized protocol stack for the internet of (important) things,\u201d Proc. IEEE, pp.1-18, 2012."},{"key":"59","unstructured":"[59] WIKI protocol stacks, available at https:\/\/en.wikipedia.org\/wiki\/Protocol_stack"},{"key":"60","doi-asserted-by":"crossref","unstructured":"[60] B. Kaliski, PKCS #1: RSA Encryption Version 1.5, IETF RFC 2437, March 1998.","DOI":"10.17487\/rfc2313"},{"key":"61","doi-asserted-by":"crossref","unstructured":"[61] E. Rescorla, Diffie-Hellman Key Agreement Method, IETF RFC 2631, June 1999.","DOI":"10.17487\/rfc2631"},{"key":"62","unstructured":"[62] National Institute of Standards, FIPS Pub 197, Advanced Encryption Standard (AES), Nov. 2001."},{"key":"63","doi-asserted-by":"crossref","unstructured":"[63] D. McGrew, K. Igoe, and M. Salter, Fundamental Elliptic Curve Cryptography Algorithms, IETF RFC 6090, Feb. 2011.","DOI":"10.17487\/rfc6090"},{"key":"64","doi-asserted-by":"crossref","unstructured":"[64] J. Salowey, A. Choudhury, and D. McGrew, AES Galois Counter Mode (GCM) Cipher Suites for TLS, IETF, RFC 5288, Aug. 2008.","DOI":"10.17487\/rfc5288"},{"key":"65","unstructured":"[65] T. Polk and S. Turner, Security Challenges For the Internet Of Things, Feb. 2011, available at https:\/\/www.iab.org\/wp-content\/IAB-uploads\/2011\/03\/Turner.pdf"},{"key":"66","unstructured":"[66] ISO\/IEC JTC 1\/SC 27 N16051, Summary of NB contributions to the SC 27 Study Group on Security and Privacy Issues on Internet of Things (IoT) (in response to SC 27 N15885), March 2016."},{"key":"67","unstructured":"[67] ISO\/IEC JTC 1\/SC 27 N15298, Draft meeting report of SC 27\/SG Security and Privacy Issues on IoT, Kuching, Malaysia, 3rd May 2015, June 2015."},{"key":"68","unstructured":"[68] ISO\/IEC 27033-4:2014, Information technology-Security techniques-Network security-Part 4: Securing communications between networks using security gateways"},{"key":"69","unstructured":"[69] What is NFV-Network Functions Virtualization-Definition? available at https:\/\/www.sdxcentral.com\/nfv\/definitions\/whats-network-functions-virtualization-nfv\/"},{"key":"70","unstructured":"[70] Software-Defined Networking (SDN) Definition, available at https:\/\/www.opennetworking.org\/sdn-resources\/sdn-definition"},{"key":"71","unstructured":"[71] OpenFlow, available at https:\/\/www.opennetworking.org\/sdn-resources\/openflow"},{"key":"72","unstructured":"[72] OpenStack, available at https:\/\/openvirtualizationalliance.org\/what-kvm\/openstack"},{"key":"73","unstructured":"[73] What Is Apache Hadoop?, available at http:\/\/hadoop.apache.org\/"},{"key":"74","unstructured":"[74] ISO\/IEC 27005:2011, Information technology-Security techniques-Information security risk management"},{"key":"75","unstructured":"[75] ISO\/IEC 29100:2011, Information technology-Security techniques-Privacy framework"},{"key":"76","unstructured":"[76] ISO\/IEC 27034:2011+ Information technology \u2014 Security techniques \u2014 Application security, available at http:\/\/www.iso27001security.com\/html\/27034.html"},{"key":"77","unstructured":"[77] ISO\/IEC 27035-2, Information technology-Security techniques-Information security incident management-Part 2: Guidelines to plan and prepare for incident response"},{"key":"78","unstructured":"[78] ISO\/IEC JTC 1\/SC 27\/WG 4 N 1500, SoC SP IoT-Comments and contributions received on the call for contributions to the six month Study period in the area of Guidelines for security in Internet of Things (IoT), Aug. 2016."},{"key":"79","unstructured":"[79] ISO\/IEC JTC 1\/SC 27\/WG 5 N 1502, WG 5 SoC SP Privacy IoT-Contributions received to the SC 27\/WG 5 Study Period on Guidelines for privacy in Internet of Things, Aug. 2016."},{"key":"80","unstructured":"[80] ITU-T SG17 TD 2637, Summary of agreements between ITU-T Study Groups 17 and 20 on IoT security studies, Sept. 2016."},{"key":"81","unstructured":"[81] Recommendation ITU-T A.1, Working methods for study groups of the ITU Telecommunication Standardization Sector, Nov. 2012."},{"key":"82","unstructured":"[82] GSMA, http:\/\/www.gsma.com\/aboutus\/"},{"key":"83","unstructured":"[83] Recommendation A.23 (2000) Annex A, Guide for ITU-T and ISO\/IEC JTC 1 cooperation, June 2014."},{"key":"84","doi-asserted-by":"crossref","unstructured":"[84] T. Kothmayr, C. Schmitt, W. Hu, M. Brunig, and G. Carle, \u201cA DTLS based end-to-end security architecture for the Internet of Things with two way authentication,\u201d Proc. 37th IEEE Conf. LCN Workshops, pp.956-963, 2012. 10.1109\/lcnw.2012.6424088","DOI":"10.1109\/LCNW.2012.6424088"},{"key":"85","unstructured":"[85] A.A. Chavan and M.K. Nighot, \u201cSecure CoAP Using Enhanced DTLS for Internet of Things,\u201d International Journal of Innovative Research in Computer and Communication Engineering, vol.2, no.12, pp.7601-7608, Dec. 2014."},{"key":"86","unstructured":"[86] J. Granjal, E. Monteiro, and J.S. Silva, \u201cEnd-to-end transport-layer security for Internet-integrated sensing applications with mutual and delegated ECC public-key authentication,\u201d Proc. IFIP Network, pp.1-9, 2013."},{"key":"87","doi-asserted-by":"crossref","unstructured":"[87] R. Hummen, J.H. Ziegeldorf, H. Shafagh, S. Raza, and K. Wehrle, \u201cTowards viable certificate-based authentication for the Internet of things,\u201d Proc. 2nd ACM Workshop Hot Topics Wireless Netw. Security Privacy, pp.37-42, 2013. 10.1145\/2463183.2463193","DOI":"10.1145\/2463183.2463193"},{"key":"88","doi-asserted-by":"publisher","unstructured":"[88] A. Le, J. Loo, A. Lasebae, A. Vinel, Y. Chen, and M. Chai, \u201cThe impact of rank attack on network topology of routing protocol for low-power and lossy networks,\u201d IEEE Sensors J., vol.13, no.10, pp.3685-3692, Oct. 2013. 10.1109\/jsen.2013.2266399","DOI":"10.1109\/JSEN.2013.2266399"},{"key":"89","unstructured":"[89] S. Raza, S. Duquennoy, J. H\u00f6glund, and T. Voigt, \u201cSecure communication for the Internet of Things \u2014 a comparison of link-layer security and IPsec for 6LoWPAN,\u201d Security and Communication Networks, vol.7, no.12, pp.2654-2668, Dec. 2014."},{"key":"90","unstructured":"[90] ITU-T WTSA Resolution 7-Collaboration with the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), Oct. 2012."}],"container-title":["IEICE Transactions on Information and Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E100.D\/8\/E100.D_2016ICI0001\/_pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,1]],"date-time":"2019-10-01T21:37:34Z","timestamp":1569965854000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E100.D\/8\/E100.D_2016ICI0001\/_article"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"references-count":90,"journal-issue":{"issue":"8","published-print":{"date-parts":[[2017]]}},"URL":"https:\/\/doi.org\/10.1587\/transinf.2016ici0001","relation":{},"ISSN":["0916-8532","1745-1361"],"issn-type":[{"type":"print","value":"0916-8532"},{"type":"electronic","value":"1745-1361"}],"subject":[],"published":{"date-parts":[[2017]]}}}