Today, the Internet of Things (IoT) is regarded as one of the most advanced technologies in the world [1]. The IoT is a term used to refer to the network of all physical devices connected to the Internet. It refers to computer devices that are web-enabled and capable of detecting, collecting, and
transmitting data. There are a variety of applications for IoT, including the ability to remotely control appliances [2]. Through IoT, everything is connected to the Internet. The IoT is set to revolutionize the way we live. It is now a booming industry. According to analysts, the growth of IoT products and services is expected to accelerate in the next few years. IoT entails networked objects
that can communicate their data across systems and servers, and their data can be controlled. In IoT, objects, networks, and humans communicate using conscious and/or unconscious actions. By automating and reducing human input, IoT differs from the Internet, which relies on human input to run. In a wide range of areas, such as supply chain management, social media, medicine, and energy consumption (for example, smart health devices), the IoT has created opportunities for social and
economic interaction. The IoT has become an integral part of society; therefore, it is essential that these devices provide adequate security. With the increase in digitization, much of a user’s data is available on these devices, making the development of a secure device more important than ever. As internet-enabled devices are easier to hack, securing data is the paramount concern in any system
[2]. IoT systems are unique when it comes to security vulnerabilities because of their complexity and heterogeneity of technology and data [3]. Addressing IoT security concerns is therefore critical. Data and services provided in the IoT environment need to be protected with features such as
confidentiality, accuracy, comprehensiveness, authentication, access control, availability, and privacy. In terms of cyber security threats, the IoT has unique characteristics and limitations. Due to this, a variety of attacks and threats are emerging every day in relation to IoT [4]. Therefore, we must learn about the threats posed by this technology and find solutions to mitigate its risks.
Knowing the types of attacks that can be made, as well as the techniques used to defend against them, is important [3]. People and organizations are experiencing a wide range of problems due to widespread and ever-increasing cybersecurity attacks against IoT systems. Cyberattacks have grown rapidly, in part due to the proliferation of IoT technologies in areas such as smart grids,
environmental monitoring, patient monitoring systems, smart manufacturing, and logistics. The IoT presents security challenges due to the dynamic and transient nature of the connections between devices, the variety of actors capable of interacting within IoT systems, and the limited resources available [5]. As a result, we require special cyber security techniques to protect our systems and
devices to ensure that our information is secure. Therefore, this study aimed: To review the recent threats and risks that have been associated with IoT. To classify threats on each layer of IoT architecture. To review the most recent mitigation techniques on IoT risks and identify the common methods that individuals and organizations can use to protect themselves from cyber-attacks that occur via IoT. To identify the suitable
countermeasures for the IoT risks. Several literature reviews have been conducted in the context of cybersecurity in IoT networks to identify the security vulnerabilities in IoT technologies and suggest solutions to mitigate them. For instance, Obaidat et al. [6] provided an overview of IoT application areas, security architecture frameworks, and security concerns, as well as reviewing recent security and privacy studies. Additionally, Elbekali [7] conducted a systematic literature review, which presents an in-depth analysis of the security of IoT, considering the generic architecture with layers and their security issues and solutions. In a recent study conducted by Albalawi and Almaiah [8], they assessed and identified the major cybersecurity attacks in IoT environments, as well as presenting the most important mitigation techniques that could be useful in IoT networks. In addition, Ghazal et al. [9] highlighted the core IoT security systems by identifying the main issues and countermeasures that need to be considered in IoT systems. The study focused on analyzing the different countermeasures for the cybersecurity for the different type’s threats to protect the data loss in IoT-based systems to ensure information security. In a different literature review study, Abdullahi et al. [10] classified the types of cybersecurity attacks in IoT based on Artificial Intelligence techniques. The researchers found that two types of AI algorithms, namely support vector machines (SVM) and random forest (RF), are among the most used methods, due to high-accuracy detection. Nevertheless, our review paper differs from other papers in this area because it covers a wide range of topics related to IoT security. This study will define the overall architecture of IoT system. Additionally, this paper will explore the threats associated with the IoT environment as well as classify the threats on each of the three layers of the IoT architecture. As well as analyzing the popular application layer protocols employed in IoT environments and their security risks and challenges. Moreover, this study discusses the countermeasures methods that can be applied to such environments. Additionally, it outlines and discusses some techniques for mitigating risks in the IoT. This study aims to increase awareness about IoT security and to improve it. Additionally, this paper will help to raise awareness among individuals and organizations who have been or may become victims on cybercrime due to their usage of IoT technologies. Table 1 presents a comparison of details of other related studies with our study in the context of IoT. Our systematic review will provide an in-depth analysis with future recommendations regarding cybersecurity risks and challenges and countermeasures in IoT networks and different security concerns in IoT application-layer protocols. The paper is organized as follows: Section 2 presents IoT’s three-layer architecture. Section 3 analyzes security issues in IoT application-layer protocols. Section 4 describes the research methodology. In Section 5, related works are discussed. Section 6 summarizes the results. Section 7 concludes and discusses future research. 2. IoT ArchitectureThere is no universally accepted IoT architecture. Researchers have proposed different architectures. Several authors have proposed that the IoT architecture can be divided into three layers [8], as shown in Figure 1, which is the most basic architecture. 2.1. Perception LayerAlso known as the physical layer, this layer includes sensors that gather and provide information about the environment [9]. As a part of this layer, information is detected, gathered, and processed, and then transmitted to the network layer. Additionally, this layer enables IoT nodes to collaborate within a local or short-range network. In security terms, the IoT perception layer has three security issues. Firstly, the signal strength of wireless signals. The majority of signals transmitted between IoT sensors are transmitted via wireless technologies, whose efficiency can be compromised by disturbances. Secondly, the sensor node in IoT devices can be intercepted not only by the owner, but by the attackers as well, because IoT nodes usually operate in external and outdoor environments. This can lead to physical attacks on IoT sensors and devices aimed at tampering with their hardware components. The third aspect is that IoT nodes are often moved around due to the dynamic nature of network topology. As sensors and RFIDs make up most of the IoT perception layer, their storage capacity, power consumption, and computation capability are very limited, making them vulnerable to attacks and threats [9]. A replay attack, timing attack, node capture attack or a DoS attack can easily compromise the confidentiality of this layer. To address these security issues at the perception layer, encryption can be used (from point-to-point or end-to-end), authentication can be used (to verify the identity of the sender) and access control can be implemented. 2.2. Network LayerThis is for the transmission of data. Connections to other smart things, network devices, and servers are handled by it. This layer includes cloud computing platforms, Internet gateways, switches, and routing devices that employ very recent technologies, such as WIFI, LTE, Bluetooth, 3G, Zigbee, etc. [8]. There is a risk of DoS attacks at the network layer of the IoT. As well as DoS attacks, the adversary can also attack the confidentiality and privacy of network traffic by eavesdropping, passive monitoring, and traffic analysis. Since remote access and data exchange are common features of electronic devices, these attacks have a high likelihood of occurring. Man-in-the-middle attacks are also highly susceptible to eavesdropping on the network layer. The secure communication channel will be compromised if the keying material is intercepted. IoT key exchange mechanisms must be secure enough to prevent intruders from eavesdropping and committing identity theft. It is important to protect the network as well as the objects in the IoT [9]. A network object should be able to monitor the network’s state and protect itself from attacks. It is possible to achieve this by having good protocols and software that enable objects to respond to situations and behaviors that may be considered abnormal or potentially dangerous. 2.3. Application LayerProvides application-specific services to the user. The application layer ensures the data’s integrity, authenticity, and confidentiality. This layer is where the smart environment or purpose of IoT is realized. It describes a range of applications into which the IoT can be deployed, such as smart homes, smart cities, and smart health. Each layer has a set of threats and vulnerabilities associated with it. In terms of application layer security, there are many issues. Data privacy and identity authentication can be very difficult to ensure due to the different authentication mechanisms used by different applications. Applications that analyze the data will have a lot of overhead due to the large amount of connected devices sharing data, which can have a big impact on availability. Additionally, when designing IoT applications, it is important to consider how different users will interact with them, how much data will be revealed, and who will manage them. Data should be controlled by the users, and they should be aware of how the data will be used, who will use them, and when. An architecture can also consist of five layers, adding the processing and business layers. Figure 2 shows the five layers: perception, transport, processing, application, and business. The role of the perception and application layers is the same as in the architecture with three layers. We outline the functions and security issues of the remaining three layers. 2.4. The Transport LayerTransmits sensor data from the perception layer to the processing layer, and vice versa, through wireless, 3G, LAN, Bluetooth, RFID, and NFC networks. Among the threats at this layer are: De-Synchronization, where control flags are sent to synchronize endpoints. Another threat is SYN-flooding, where a system flood occurs during the SYN handshaking phase. For the MQTT protocol, data Transit Attacks and Scalable Key Management are also possible. Message authentication, optimizations in the transport layer, network filtering, Secure MQTT, and the ABE algorithm can be used to mitigate these threats [10]. 2.5. The Processing LayerThis is also called the middleware layer. The transport layer stores, analyzes, and processes huge amounts of data. As well as managing and providing a wide range of services, it can also integrate with the lower layers. Various technologies are used, including databases, cloud computing, and big data processing. 2.6. The Business LayerManages the entire IoT system, including applications, business models, and user privacy. 3. Security Services in IoT Application-Layer protocolsIn this section, we present the IoT application-layer protocols, which are considered the main component of the IoT environment as shown in Figure 3. In addition, these protocols are the backbone for all communications between IoT devices and between IoT devices and network infrastructure [10]. The two key functions of these protocols included (1) exchanging the messages and sharing data between IoT devices and (2) offering the service discovery by detecting IoT devices. Based on this, these protocols were divided into two categories as follows: - Messaging protocols, including five protocols, namely: MQTT, CoAP, AMQP, DDS and XMPP. -Service discovery protocols, including two protocols, namely: mDNS and SSDP. Regarding security services provided by IoT application protocols, there are several mechanisms and functions that help in mitigating attacks, such as encryption, authentication, authorization and confidentiality. However, some of protocols, like MQTT, CoAP, AMQP, DDS and XMPP, support encryption, authentication, authorization and confidentiality. Meanwhile, mDNS and SSDP do not offer any kind of security mechanism. Table 2 presents security services provided by IoT protocols for mitigating attacks. 3.1. Messaging ProtocolsA discussion of messaging protocols in IoT environments is presented in this section. IoT environments prefer MQTT and CoAP, which are widely accepted, while AMQP, DDS, and XMPP can find uses in IoT despite not being considered typical IoT solutions. 3.1.1. Message Queuing Telemetry Transport Protocol (MQTT)MQTT is a lightweight (M2M) connectivity protocol from OASIS/ISO, a publish/subscribe protocol that manages messages between nodes, which is an alternative to traditional client/server protocols, which connect the client directly to the endpoint. Publishers, subscribers, and brokers are the fundamentals of MQTT. Brokers act as servers, while publishers and subscribers act as clients. Brokers are intermediary nodes that relay messages based on their topics. Hierarchical organization is used to organize the topics. Messages sent to all subscribers of a given topic can be deleted by the broker, as well as messages that do not have subscribers. A publisher, subscriber, or both can be embedded in an IoT device or network service or process [11]. The MQTT protocol supports a variety of authentication mechanisms as well as encryption based on TLS. These services, however, are not enough to protect MQTT-enabled devices, particularly brokers. MQTT can be used by any IoT platform for unconstrained devices. The upper layer is responsible for ensuring network availability and minimizing data transfer costs. Due to the infrequent transfer of short data, some constrained devices can support TCP and non-compressed messages. MQTT, however, is generally not a good choice for constrained devices. Data acquisition and notification/alarm analysis are possible with an IoT device that is only a publisher. IoT devices that are only subscribers can execute dispatched commands. IoT devices that act as both publishers and subscribers can be used for device discovery and configuration, data querying, and remote control. In the case of peer-to-peer communication between neighboring devices, MQTT may not be suitable. Many IoT applications use MQTT. Based on the identification of potentially vulnerable processes of MQTT-enabled devices, the following classifications are possible: Authentication, in which the MQTT broker does not properly verify publisher/subscriber identities. An attacker could exploit these vulnerabilities to take control of MQTT devices or overload the broker and eventually cause it to crash. Authorization, in which publisher and subscriber permissions are not properly set by the MQTT broker. Data or functions of MQTT devices can be controlled by an attacker through this vulnerability. The delivery of messages that cannot be delivered because there aren’t any subscribers [12]. A significant degradation of broker performance could result from this vulnerability. Message validation occurs when a publisher sends messages containing disallowed characters that broker and subscriber cannot correctly interpret. Many malicious attacks can be performed using this vulnerability. Message encryption, in which clients and servers exchange messages in plaintext, allowing attackers to eavesdrop and spoof them. Man-in-the-Middle (MiTM) attacks could be conducted using this vulnerability. There are also authentication and authorization security issues, such as clients who set their username to “#” and subscribe to all MQTT topics by bypassing access control mechanisms. An attacker can access sensitive data from all publishers with serious consequences for confidentiality as a result of this vulnerability [12]. There have been some proposals in the past for securing MQTT. Model-based Security Toolkit can be integrated with MQTT to meet security and privacy requirements, for example. In addition, Secure MQTT (SMQTT) was defined for MQTT and MQTT-SN. Based on lightweight Elliptic Curve Cryptography, this extension allows encrypted messages to be broadcast to multiple nodes at the same time. It is noteworthy, however, that the solutions mentioned above were not included in the most recent version of MQTT from 2019, which includes enhanced authentication methods, among others. In most cases, this method is used to carry SASL mechanisms, but it can also handle other mechanisms like Kerberos. Several mechanisms should be included in MQTT implementations in order to combat security threats, including authentication of users and devices, authorization of server resources, integrity of MQTT control packets and application data, and privacy of MQTT control packets and application data. Finally, we can conclude that, although MQTT supports a huge number of security services, the services in general do not fully mitigate all security risks. Thus, we classified the potential security vulnerabilities in MQTT protocol as follows:
3.1.2. Constrained-Application Protocol (CoAp)An application-layer protocol developed for constrained devices, it enables wireless sensor network nodes to communicate with the Internet. Data are transferred between clients/servers over the Internet using this protocol. The protocol is intended to be used between constrained nodes (low-power, loss networks, etc.), constrained nodes of different constrained networks, and constrained nodes and general Internet devices. Due to its simple design, it is ideal for (M2M) applications. It is possible to use CoAP with most devices that support UDP (user datagram protocol). A CoAP server will be added to end nodes (like sensors) from an architectural perspective. The CoAP client should be installed on the controller, where several end nodes will be managed by it. Sensors and actuators can communicate on the Internet of Things using CoAP, which is similar to HTTP for restricted devices [11]. CoAP, the Datagram Transport Layer Security (DTLS) protocol, which provides equivalent security assurances to TLS, is used. There are four security modes in the DTLS binding for the CoAP protocol, ranging from no security to certificate-based security. It is up to developers to find the best balance between performance/energy constraints and security requirements. Obviously, attackers could easily compromise CoAP environments if they lacked appropriate security services [13]. The following classifications are possible based on the identification of potentially vulnerable processes in CoAP-enabled devices: message parsing, where the logic behind the client and server parsers does not correctly handle incoming messages. Due to overload conditions, this vulnerability could affect CoAP node availability and even allow the attacker to remotely execute arbitrary code on the target node. A proxy or cache that does not properly implement access control mechanisms. By exploiting this vulnerability, CoAP messages could be compromised, resulting in a loss of confidentiality and integrity. Bootstrapping involves improperly setting up new CoAP nodes. A vulnerability such as this could allow unauthorized nodes to access a CoAP environment. Moreover, key generation, the generation of cryptographic keys, is not sufficiently robust. CoAP nodes could be compromised if these keys were used. In addition to spoofed response messages and acknowledgments, an attacker could perform reflection/amplification attacks by forging the IP addresses of CoAP nodes. A cross-protocol exchange occurs when an attacker sends a message to a node with a false IP address and a fake source port number; this node responds by forcing the target node to interpret the received message according to its rules. The CoAP protocol can be used by any IoT platform with constrained devices or unconstrained devices. For constrained devices, special consideration should be given to how the payload is coded in order to minimize the payload’s size and volume. An IoT device acting as a client can be used to collect data, monitor notifications and alarms, and discover and configure devices. Using an IoT device as a server, one can execute commands, query data, and control the device remotely. Using IoT devices both as clients and servers in any communication schema, including peer-to-peer networks, is possible. The CoAP protocol can be used in any application that is Web-of-Things based. The protocol is just as flexible as HTTP, but is best suited for device-to-device communication. When designed and programmed thoughtfully, it is effective for communicating with constrained devices. To ensure complete stability, the Constrained Application Protocol (CoAP) uses DTLS connectors with different protection modes. A particular RFC-7252 format is used for CoAP messages in order to protect correspondence. For CoAP multicast support, authentication and key management (AKM) are required [12]. DTLS is strongly recommended as a means of securing CoAP nodes. The literature has also discussed several mitigation measures for different scenarios, including access control mechanisms and secure communication mechanisms. 3.1.3. Advanced Message Queuing Protocol (AMQP)AMQP is an OASIS open standard binary middleware application-layer protocol for message-oriented middleware applications. It replaces existing proprietary messaging middleware. It offers queuing, routing, orientation, security, and reliability (SASL/TLS). Messages and communication patterns can be efficiently exchanged using AMQP. Because AMQP depends heavily on the messaging provider and client, different implementations of the protocol are interoperable. The data format description is sent across the network as a stream of bytes because AMQP is a wire level protocol. The ability of tools to manage messages confirms that data formats can be interoperable with other tools regardless of the programming language used [11]. AMQP can be used by any IoT platform for devices that are not constrained. Application programming is needed for pay-per-use devices connected to the Internet via AMQP to minimize communication costs. AMRQP does not define roles for communicating devices, but it specifies messages that simplify the design of a wide variety of complex application networks. It is possible to use AMQP to support all IoT communication schemas. It might not be very efficient, however, if peer-to-peer data exchange is opportunistic. Applications that can make use of AMQP’s rich functionality would be a good choice. The origins of this protocol are related to applications in distributed financial applications. Business applications mostly use this protocol. A key aspect of AMQP’s security is its support for Simple Authentication and Security Layer (SASL) and Transport Layer Security (TLS) to ensure the integrity and confidentiality of communications. Security services such as MQTT and CoAP, on the other hand, are generally enabled by default, thereby reducing security risks. However, the NVD database shows that a wide variety of vulnerabilities have been found in AMQP-based products and services over the past six years. As a result of these vulnerabilities, several processes are affected, such as access control, message and identity validation, as well as message queue management. Vulnerabilities such as these can be exploited to escalate privileges, reveal sensitive information, cause denial of service attacks, bypass authentication and authorization, execute remote code, or hijack traffic. As a result of several vulnerabilities involving hostname and certificate validation, attackers can spoof identities and intercept traffic for MiTM attacks. Likewise, attackers can execute privileged commands in message queues due to the lack of access control. In addition, broker configurations pose security risks in AMQP environments. Although AMQP brokers have a web user interface, they can be challenging to set up. It is possible for serious vulnerabilities to develop as a result of incorrect choices in the configuration of message queues, exchanges, producers, and consumers. Furthermore, the user interfaces may be vulnerable to vulnerabilities common to the web domain [12]. 3.1.4. Data Distribution Service (DDS)DDS is maintained by the Object Management Group (OMG). Despite being an open standard, some solutions in the standard are protected by US patents. The DDS communication service operates on a publish–subscribe paradigm, without a broker. By using terminal nodes, it performs its functions in a distributed manner. DDS works by publishing data to local caches associated with subscribers, and automatically propagating that data between caches. The node can only be a publisher or subscriber, or both. A defined QoS attribute governs the data transfer process. Furthermore, DDS automates the switch between the primary and backup nodes in case of a failure of the primary node. DDS can be used on any IoT platform. Additionally, DDS supports every communication schema used in IoT systems. When it comes to data queries, however, it is not very efficient. Direct peer-to-peer communication is possible with DDS, but discovery and authentication are carried out by a known server, making this difficult to implement. A machine-to-machine communication solution needs to be reliable, perform well, provide real-time operations support, and be scalable. Among the applications that DDS is intended to support are the industrial internet, cyber-physical systems, and mission-critical systems. In terms of security, the DDS protocol offers a wide range of mechanisms. Both TLS and DTLS are supported by DDS, as are other messaging protocols. A set of built-in plugins is used in the newest OMG DDS security specification to ensure confidentiality, integrity, and authenticity of the exchanges. DataWriters and DataReaders can be authenticated and authorized via plugins, thus preventing unauthorized publication and subscription. Despite this, both the specification and the plugins are vulnerable. Attackers can discover potentially sensitive reachability information by intercepting the handshake protocol used for permission attestation. Attackers are able to collect information that could be used for malicious purposes by exploiting this vulnerability. Furthermore, plugins per se do not guarantee the security of DDS environments. There were two vulnerabilities found in the Access Control plugin that could allow participants to connect unintentionally or unauthorizedly. Additionally, not every DDS product or service is compliant with the security specifications, and even compliant implementations can be vulnerable. It has been shown that node misconfiguration can be exploited in DDS to perform malicious activities. 3.1.5. Extensible Messaging Protocol (XMPP)This is an XML communication protocol designed for message-oriented middleware that supports a broad range of applications, such as presence and instant messaging collaboration. Data is exchanged between network nodes in close to real-time using extensible and structured formats. It allows instant messaging between applications and is extensible. In this protocol, XML elements are streamed over a network in near-real-time to exchange messages and presence data. Aside from that, it supports publish–subscribe systems over TCP, including VoIP signaling, video, file transfers, and IoT applications such as social services and smart grids. A key advantage of XMPP is that it is decentralized; it does not require a central server; anyone can run their own server. It is free to implement standards, and you do not have to pay royalties or permissions to do so. In terms of security, authentication, encryption, etc. Furthermore, it supports interoperability and it is easy to understand and implement the protocol. Using the XMPP protocol, Google-Talk can be accessed by any instant messaging provider. However, the disadvantages of XMPP include the fact that it does not support Quality of Service (QoS), text-based communications induce higher network overheads, and binary data must first be encoded in base64. Additionally, clients and servers for XMPP are not officially supported [13]. In terms of security, the XMPP protocol provides robust security services through SASL authentication and TLS data encryption. Due to the fact that these services are built into the core specifications of the protocol, they are enabled by default. Despite this, the protocol is vulnerable to various types of threat due to its lack of end-to-end encryption support. An attacker could, for example, modify, delete, or replay stanzas or gain unauthorized access to a server. In addition to its security issues, XMPP-based products and services have numerous vulnerabilities. It is possible to exploit these vulnerabilities in different ways, such as making the services unavailable, obtaining sensitive information, or gaining access to XMPP servers. There are also vulnerabilities associated with custom functionalities that can be built over XMPP [14]. The XEP series of XMPP incorporates several practices designed to mitigate security threats. For instance, measures aimed at discouraging DoS attacks focus on the proper use of certificates for SASL authentication. Despite this, several XEPs contain vulnerabilities as a result of incorrect implementations of the XEPs themselves. It is possible for attackers to exploit these vulnerabilities in order to gain access to private data or to impersonate users and carry out social engineering attacks. 3.2. Service Discovery ProtocolsThere are several Service Discovery Protocols (SDPs) for IoT environments that help clients find services available on the network. In this section, we will introduce the most commonly used SD protocols, including mDNS and SSDP. 3.2.1. Multicast Domain Name System (mDNS)This open protocol based on the Internet Protocol (IP) and the User Datagram Protocol (UDP) is defined by the Internet Engineering Task Force (IETF). An mDNS client can discover an endpoint’s IP address by resolving the hostname. mDNS clients send IP multicast query messages over the network. This message calls the host with that name for a reply and identification. It replies with a multi-cast message that contains its IP address once it receives the message. That multicast message updates the mDNS caches of all nodes in the network receiving it. A combination of this protocol with DNS-based Service Discovery (DNS-SD) enables environments to seamlessly integrate new devices and perform DNS-like functions without the need for conventional DNS servers. A major advantage of mDNS is the fact that it is designed for small networks and is intended to make them more user-friendly. The idea is to make it possible for users to connect devices to secret LANs without any problems. IP addresses allow all devices to communicate with one another, so there is no need to establish a server or directory. By doing so, additional devices can be imported quickly and dynamically. The disadvantages are as follows: the multicast process itself, although the protocol tries to keep network traffic low, requires constant monitoring of the network by the computers involved, and the allocation of host names is also problematic. Security-wise, mDNS does not include any built-in security features, unlike messaging protocols. Therefore, mDNS environments are vulnerable to security attacks, similar to DNS. DNSSEC and DNS over TLS are recent attempts to enhance DNS security, but they are generally too complex for self-configuring networked environments. The potential security threats of mDNS include: Denial of Service attacks, where attackers flood nodes with messages exploiting specific characteristics of the protocol. If these messages invalidate cache entries or block probing, nodes could become unresponsive or unavailable. Another threat involves spoofing mDNS response messages and advertising fake services, which are frequently exploited for further attacks against unaware targets. Using mDNS-enabled nodes, attackers can abuse services for various purposes, such as DDOS attacks and sensitive data collection. Additionally, the multicast nature of the communications and the lack of encryption mechanisms might result in security and privacy issues that are often undetected. Personal information, as well as sensitive information about the nodes of the network and the services provided, is frequently disclosed in messages. As already mentioned, mDNS does not include any security features. Due to the fact that the protocol is susceptible to a variety of threats, it is of paramount importance to develop effective mitigation measures. Solutions may be provided by simple measures offered by operating systems or by sophisticated solutions based on the mDNS protocol. Specific measures, mainly aimed at mitigating DDoS attacks, could include the following: Reducing the attack surface by disabling mDNS services whenever not needed, and blocking traffic from/to outside the local link by disabling mDNS UDP port 5353. 3.2.2. Simple Service Discovery Protocol (SSDP)The SSDP protocol is based on IP, UDP, and SOAP. When an SSDP client detects SSDP services, it multicasts a discovery request to the SSDP multicast channel and port. An SSDP service listens on that channel until a discovery request matches the service they provide, and then responds by unicasting. Plug-and-play devices can be transparently configured using this protocol as part of the Universal Plug-and-Play architecture (UPnP). Security-wise, SSDP is very weak, similar to mDNS, because no built-in mechanism is provided. SSDP-enabled devices are therefore subject to a variety of security risks. In general, these risks exploit the multicast nature of service discovery. Amplification/Reflection Distributed Denial of Service attacks are a major threat to SSDP nodes, which render devices unresponsive and services unavailable. In addition to exploiting the characteristics of UDP and SSDP, these attacks also take advantage of device misconfigurations. With a spoofed IP address, an attacker could send an M-SEARCH message to the target node. As a result of such attacks, a set of vulnerable SSDP devices will flood the node target of the attack with high-amplification response messages. Passive attacks by eavesdropping on multicast messages exchanged as plaintext over the network represent another security threat affecting SSDP-enabled nodes. Consequently, this threat could allow access to sensitive information without any warning, resulting in serious privacy and confidentiality concerns. The following security issues can also be exploited with SSDP-enabled nodes: Poisoning attacks, which use NOTIFY request messages to advertise fake services. It is common for these services to be exploited for further attacks against unaware systems. Additionally, attackers exploit vulnerabilities in misconfigured devices to gain access to internal network resources or use them to conduct further malicious activities through device reconfiguration. To mitigate these threats, SSDP-enabled nodes are exposed to threats and attacks due to the lack of built-in security services. It is, therefore, necessary to seek appropriate countermeasures. It is particularly important to consider SSDP’s peculiarities. This type of incoming traffic might need to be blocked as a mitigation measure against conventional DDoS attacks. Open SSDP is already known to be vulnerable. These measures, however, are not effective for mitigating DDoS attacks targeting SSDP nodes that use random ports. It is important to disable SSDP services on individual nodes whenever they are not needed, since they are often enabled by default. Due to the abnormal use of this type of message, unicast M-SEARCH request messages should also be handled carefully. Additionally, it is important to note that encryption mechanisms that ensure the authenticity and confidentiality of the exchanges and prevent possible abuse of the content must be implemented at the level of the SSDP services, not at the protocol level itself. 4. Research MethodologyTo conduct this study, we followed PRISMA as it progressed through four stages. For the identification stage, we searched the Saudi digital library database and the Google scholar database for papers describing cybersecurity threats and IoT, and for papers published between January 2016 and April 2022. Among the exclusion criteria were papers not written in English, papers not directly related to cybersecurity threats on IoT, and papers not available online. The source types were academic journals or conference papers. At the identification stage, 8695 papers were identified; after removing duplication, 6560 papers remained. Out of 250 papers screened for title and abstract, 150 were excluded for not fitting the criteria closely at the screening stage. At the eligibility stage, 100 studies were eligible to move on to the final stage. A total of 100 articles were included in the inclusion stage; of these, 65 were eliminated, leaving 35 for further review. Figure 4 illustrates the selection of previous studies. Table 3 lists the publication years of the selected papers from 2016 to 2022, and as shown in Figure 5, most of the selected papers were published in 2021. 5. Existing WorkIn this section, several research studies are reviewed that are related to cybersecurity threats associated with IoT technology. 5.1. Threats in IoTChoudhary et al. [2] explored threats, vulnerabilities and challenges posed by IoT technology. Then, the paper suggested several security controls that would protect against each vulnerability. Patel [15] discussed IoT architecture, threats in IoT devices, and solutions for each layer in the IoT architecture. The purpose of this paper was to define the architecture of the IoT devices, to categorize threats in the four-layer architecture, and to implement security techniques at each layer. Dange et al. [16] analyzed the recent major attacks targeting IoT systems, as well as a list of possible attacks targeting IoT systems at the physical and network layers. The evolution of IoT botnet is discussed, along with its architecture, lifecycle, and comparison with traditional botnets. A case study of the Mirai botnet is presented. Additionally, tools and techniques that can be used to detect botnets are discussed. In addition, they considered the importance of preventing IoT botnet proliferation. The paper aimed to enhance the security of this devices by studying recent attacks on IoT systems. There was more attention paid to the IoT botnet, which has become a major threat. Hasan Ali et al. [17] examined evolution sparse convolution network (ESCNN) intrusion and threat activities on the Internet of things (IoT). The study’s primary aim was to reliably detect threats and intrusions from data traffic presented on the network and on the host. Study limitations included fast computation, high reliability, and a reduced complexity of computation. Future work using big data approaches and deep learning CNN architecture models will improve the effectiveness of the system using a metaheuristic optimizer to estimate the global solution to attack prediction. The paper’s major contributions are that: In the IoT paradigm, threats and attacks have posed significant security and privacy concerns. Security and privacy concerns were raised by this IoT paradigm due to threats and attacks. Furthermore, training patterns are used in the network to classify the standard and the threat. Aamer [18] analyzed security threats related to IoT, and a three-dimensional security model for IoTs was proposed. Additionally, each layer’s safety-critical technologies were presented in the full model. The Internet has many security issues, as a large-scale integrated system with multiple layers. The purpose of this paper is to analyze the security situation of IoT based on real-life attack cases, analyze the security threats from the perspective of physical security, computing security, and data security, and lay out the technologies that should be prioritized in the security of IoT. A generic IoT architecture was discussed and presented in Gerodimos et al. [19], as well as communication protocols. They also discussed current security threats in IoT. Moreover, they examined current challenges and offers effective solutions. The purpose of this study was to review IoT fundamentals from a general standpoint by addressing issues such as standardization, security and use cases. Pahlevanzadeh et al. [5] presented a four-layered IoT security framework. Additionally, threats and vulnerabilities identified and analyzed for each IoT layer were discussed, along with security solutions and considerations that could improve security services. Having a secure system requires enhancing the basic security principles in network implementation, including making the network as safe and secure as possible, creating scalable protection, and ensuring data privacy. This study aimed to gain a deeper understanding of the emerging IoT security threats and appropriate approaches to protecting against them by studying the challenges and solutions associated with IoT security. Researchers pointed out that in future research, we need to pay attention to intelligence, active defense systems, and resource conservation capabilities, comprehensive prevention, improved information security, ongoing technological research, and ensuring IoT control capabilities. Tsiknas et al. [20] provided a review of literature on surveys on the threats associated with the industrial IoT systems. It also provided a comprehensive analysis of the most popular methods of attacking industrial applications. It outlined the major security risks and suggested possible countermeasures. The study began with an examination of related studies. A description of the key risks affecting industrial IoT, how they operate, and the effective solutions being offered in the most recent literature was then provided. Lastly, they summarized their findings. As part of the study, a detailed description of industrial IoT attacks and their associated vulnerabilities is provided, as well as a detailed analysis of indicative solutions against these vulnerabilities, which have been proposed in recently published literature. This study provides researchers, and organizations working with industrial IoT technologies in general, with a comprehensive study of threats related to cyber-attacks on industrial equipment. Ahmad et al. [21] elaborated on the different types of security attacks in relation to the different layers of IoT, including physical attacks, software attacks, network attacks, and encryption attacks. There was also a presentation of some IoT applications such as Smart Homes, Smart Cities, Smart Grids, Health Sector, and Security & Emergencies. Researchers and manufacturers will be able to use the results of this study to evaluate and decrease the attack range on IoT devices. The paper’s main contribution is examining a few different security issues associated with various IoT layer infrastructures. The study is designed to provide information to IoT researchers and manufacturers to help them improve the security of future devices. Ahlawat et al. [22] presented the architecture or model of IoT, as well as the challenges encountered by researchers like data mining problems and privacy issues. The study aimed to describe the architecture or model of the Internet of Things and the challenges faced by researchers, such as data mining challenges and privacy concerns. Furthermore, various security attacks have been described at various levels, including the perception, transportation, and application layers. A comparison of various security models and the techniques used was also presented. Several security issues were presented at the application layer, including data theft, service interruption, sniffing, access control, reprogramming, and malicious code injection attacks. Additionally, the paper presented four major IoT challenges, namely data management, privacy, security, and chaos. Wheelus et al. [23] considered the security risks related to IoT systems, and they proposed a machine-learning-based approach to categorize and detect IoT attacks. Two essential goals of the study were to provide practical insights into IoT network threats and risks, so researchers and practitioners could understand the commonalities and differences between IoT network security and general network security. Secondly, to create a data-driven reference framework as a mechanism for detecting attacks and security breaches in real-world IoT systems. As a platform, they used a real-world IoT system with secured gate access, and introduced the IoT system in detail, including features for capturing cybersecurity threats/attacks. They analyzed data collected over a nine-month period to evaluate the effectiveness of predictive models trained through machine learning and proposed design principles and a loose framework for implementing secure IoT systems. They analyzed IoT system and network characteristics as well as IoT threats and risks. Ben-Eid [24] introduced two basic IoT architectures, namely the three-layer architecture and the five-layer architecture, since these are the most recommended. The three-layer architecture includes the perception layer, the network layer, and the application layer. The five-layer IoT architecture includes the sensing (perception) layer, the network (communication) layer, the middleware layer, the application layer, and the business layer. The paper then outlined some of the features of the IoT, including intelligence, connectivity, its dynamic nature, sensing, heterogeneity, and security. Afterward, they listed reasons that IoT technology is vulnerable to specific kinds of security threats (attacks) and categorized them according to severity. Additionally, in this study, various possible threats were discussed for each of the layers of the IoT system. Kabulov et al. [25] discussed the security issues as well as operational requirements for the IoT automation system, including interoperable devices and systems, real-time operations, and engineering simplicity. Additionally, the study provided a layer-by-layer overview of potential security threats in industrial IoT and possible mitigations. The paper was written with the following sections: sensors, actuators, gateways and networking, data processing, and application layers. An important contribution of the study was a layered analysis of the security issues surrounding IoT automation, as well as a detailed development solution for mitigation measures. Haque et al. [26] discussed IoT architecture layer interpretations, the interplay of IoT elements, and IoT applications. The paper also critically analyzed recent literature on IoT security and privacy issues. IoT cybersecurity situations are presented in this paper in a state-of-the-art overview. Furthermore, a recent literature review revealed future research areas to address for this technology to reach its peak. As mentioned throughout the paper, an IoT system with limited resources presents many technological challenges. Additionally, as new technological innovations emerge, there will be challenges that need to be addressed. In the paper, some of the recommendations are mentioned, while others will be implemented in the future. Dhirani et al. [27] highlighted the cybersecurity challenges for IIoT/I4.0 and the risks to which the technology is vulnerable regardless of the cybersecurity standards and security protocols implemented. It also explained how to align different security and communication standards. Additionally, a review was provided of the author’s previous research published in journals, conferences, and white papers relevant to the topic. Additionally, the report examined IT/OT convergence issues in detail. Svotwa [28] examined IoT security and privacy concerns. It also discussed how insecure software impacts the IoT. In this study, the researchers assessed the security implications of IoT from both consumer and organizational perspectives and discussed possible solutions to these security issues. Data leaks that affect consumer privacy, unchanged default passwords by the consumer, and slow patches released by software developers are some of these security concerns. They mentioned that these security concerns can be addressed by establishing standards that describe which level of security and the conditions that must be met can be considered acceptable, by defining a framework for identifying defects, and by training developers on how to consider security during development. Kozlov et al. [29] discussed IoT architectures, particularly from the perspective of security, privacy, and trust. The purpose of the paper was to examine the security, privacy, and trust implications of IoT infrastructure built from the bottom up and the top down. An additional consideration is the relationship between energy consumption and SPT and IoT architecture. They started by proposing a layered architecture. Following that, they analyzed the threat at different levels of security and privacy. They also examined the latest EU legislation pertaining to privacy and security. Among the findings of this analysis is the fact that managing IoT architectures requires an understanding of the domains of management. Who controls which aspects at what level? Regulations imposed by the EU would require, for example, an individual to have control over data about them at all levels of the architecture, particularly if they receive the data. A special focus was given to IoT architecture issues, as well as security, privacy, and trust, which people would attach to IoT architectures. The SWT program was discussed, as well. The paper reflects the overall architecture and threat analysis, including the EU’s efforts to curb IoT threats. Cvitić et al. [30] examined IoT security as it relates to cloud computing, computer networks and AIDC technologies as part of the IoT architecture. During this research, the collected data were analyzed, and new findings and risk classifications were presented. These findings provided a research direction for further studies on the safety critical layers of IoT architecture. The risk classification of layers is based on a qualitative assessment due to the lack of precise data. Due to the lack of exact data, each layer’s risk classification is limited to a qualitative assessment. While the risk assessment can be affected by a variety of factors, classification of risk is primarily based on the growth of IoT applications in various environments during the period of 2013 and 2014. The study examined the problem from the perspective of a fundamental protection component of all information and communication environments: security risk. According to the results of the research, classification of security risks of architecture layers is proposed, as well as classification by type of usage of IoT. Cunningham et al. [31] examined the history and evolution of IoT devices through the review of related papers, then analyzed IoT devices and how they work. The paper also identified pros and cons of IoT devices. Then, it reviewed security and privacy concerns related to IoT. It also looked at threats and attacks against IoT devices. The article examines how smart homes can be used, and the evolution of the IoT, as well as the challenges they face and their prospects. The paper contributes to gaining insight on how dangerous and vulnerable IoT devices in the home can be, but also provides many positive aspects to a Smart home such as better security. Ikrissi et al. [32] investigated IoT security challenges and threats from multiple perspectives by reviewing related studies. In the study, different security issues were evaluated in the physical, network, platform, and application layers of the IoT architectural framework. The physical layer is the lowest level of the architecture. This layer contains a variety of devices, including actuators and sensors, that gather data and transmit it to the architecture’s upper layer. Examples of threats here include malicious code injection attacks and eavesdropping attacks. A network layer is composed of basic networks such as communications networks, the Internet, and wireless sensor networks. This layer is vulnerable to outing, sniffing, and traffic analysis attacks. Between the application layer and the network layer, the platform layer serves as an intermediary layer. The platform layer is vulnerable to cloud malware injections, SQL injections, storage attacks, and dodechannel attacks. The application layer, on the other hand, provides users with intelligent, smart applications and services that meet their individual needs. In this layer, security issues are specific to a variety of applications: they may relate to privacy violations, data theft, etc. Abdalla et al. [33] discussed the most critical IoT security threats and proposed a new method of classifying them using the AHP approach. Researchers found that DOS/DDOS attacks can be very severe for IoT services, especially if they target smart hospitals, smart vehicles, and security alarm systems. The IoT network can also be vulnerable to malware spreading very rapidly and compromising confidentiality and integrity. As a result of the experiment, different security countermeasures and resources should be available to IoT environments depending on the IoT context and users. Krishna et al. [34] discussed the comprehensive taxonomy of security and threats in the context of IoT. As well as detailed findings, presumptions, and outcomes of the challenges presented, they provide information on how IoT developers can better address risks and security flaws. In addition to the existing three-layer IoT architecture, five-layer and seven-layer models are presented. The threat and attack scenarios related to these three architectures, as well as the standards and protocols, are discussed. Additionally, a comprehensive discussion is presented of the impact of threats and attacks, and how to identify them, mitigate them, and prevent them. A recent case study presented by Shaikh et al. [35] demonstrated that Generational Adversarial Networks (GANs) can be effectively used to identify malicious IoT devices inside and outside networks to detect anomalous behavior. Loukas et al. [36] presented a Smart Home Behavior and Attitude Risk Model (SH-BARM), which is, to their knowledge, the first risk assessment model that focuses on the habits and attitudes of homeowners. In addition to their novel methodology for assessing smart home risks, they provide results that can be used to reduce and build awareness of smart home risks through an interconnected approach. In addition to their model, they presented a model for assessing risks within which their model can be applied, along with a small-scale case study on the findings. To evaluate risky WFH-RO networks in the home, this model identifies the human elements that can increase or decrease maximum expected loss. In an organization with remote workers, this model can be used to discover how to decrease risk while in a decentralized state, with the potential to be incorporated into risk management plans. In a time where many workers work from home, this model can help them determine how much risk they are exposed to based on their decisions. To close this gap, they attempt to standardize the way in which risk is accessed within the home, focusing on human factors that can affect this risk. Yoshioka et al. [37] examined the increasing threats to IoT devices. The authors show that Telnet-based attacks on IoT devices have risen dramatically since 2014. Moreover, at least five DDoS malware families attack IoT devices according to the paper. They also identified at least eight types of botnet architectures, including worm-type botnets, when analyzing the architectures of IoT botnets. Harbers et al. [38] addressed SPS threats by presenting a framework for addressing technological and non-technological challenges and obstacles. To minimize SPS threats, the framework advocates adopting SPS by design, and identifies four things that prevent this from happening: (1) IoT complexity, (2) lack of awareness, (3) lack of incentives, and (4) lack of monitoring and enforcement. In this contribution, non-technological challenges and measures are addressed at levels of policymaking, governance, and strategy. The proposed framework was designed to help policymakers make decisions that will positively influence others (such as service providers, manufacturers, and consumers) to develop, deploy, and use IoT systems in a secure, privacy-friendly, and safe manner. This study concludes that there is no one-size-fits-all solution to address SPS threats. Instead, multiple measures are needed to achieve an IoT that is SPS-friendly. Anjum et al. [39] provided a thorough overview of IoT security threats and attacks. The paper includes existing security measures and analysis. This paper analyzed threats to security in the IoT. IoT applications and challenges are discussed, including botnets, denial-of-service attacks, man-in-the-middle attacks, identity theft, ransomware, and remote recording. In addition, the report provided gaps and opportunities as well as future predictions. Haque et al. [40] provided a detailed discussion of the integration of blockchain technology with IoT. This paper presented a comprehensive analysis of how IoT can be integrated with blockchain after highlighting the foundations of IoT. The purpose of this paper was to examine the possible privacy and protection threats associated with IoT component activity and how this relates to distributed ledger-based blockchains (DL-BCs). The study examined blockchain implementations in several different sectors and categories. IoT-specific challenges and blockchain technology are also discussed in this paper. Alevizopoulou et al. [41] reviewed existing classification models used to classify vulnerabilities, as well as existing monitoring systems for Twitter. They then describe the data preprocessing phase and present the creation of training, evaluation, and testing datasets for evaluating different classification methods. With thousands of CVEs extracted from the NVD database, they created a large dataset (covering the period 2002–2019). They filtered the CVEs, since they wanted to develop a classifier for detecting IoT vulnerabilities. For the filtering mechanism, they took into account the fact that when a CVE has at least one hardware CPE descriptor, these records will be defined as IoT vulnerabilities, because the CVE is a component of the perception or network layer of an IoT device. In addition to those CVEs related to IoT device vulnerabilities, the remaining CVEs with application-related or software-related CPE descriptors were disregarded. Only 9,941 of the 140,380 CVE records are related to hardware. The ML algorithms were also evaluated to determine which classification model was best suited to their set-up, and a classification model was then used as the basis of the monitoring system. Schiller et al. [42] explored the characteristics of IoT devices, clearly indicating that traditional security measures cannot be directly applied one-to-one to these devices because of features like usability, limited resources, ubiquity, and short time to market. Security in the IoT domain requires special models and products. To reduce the number of attack vectors adversaries are likely to use to target IoT devices, manufacturers can use the list of IoT security objectives compiled and the threat taxonomy developed to specify, design, and implement secure devices. On the market, there exist several promising technologies and products that can secure the use of IoT technology. To complement these products, institutions and working groups pool their knowledge and efforts to develop guidelines that will allow manufacturers to design secure IoT devices in the first place. Nonetheless, there is room for more security products and services as the markets’ growth trajectory demands. Consequently, the security landscape of IoT is currently on the rise and moving in the right direction. Borcherding et al. [43] discussed various types of IoT threats, as well as shallow and deep (deep neural networks, deep belief networks, long short-term memory, and bidirectional LSTM)-based intrusion detection systems (IDS) for the IoT environment, including decision trees, random forests, and support vector machines [44]. Abbas et al. [45] proposed a threat-modeling approach to mitigate IoT device threats during the initial design phase. Two significant IoT use-cases, namely smart AVS and smart home, were considered as proofs of concept for the proposed threat-modeling approach. They described the applications of smart connected devices in daily life using different zones. To identify the threats in the system, they adopted STRIDE, a threat-modeling approach that uses all the system’s component details. So first, they performed a use-case reconnaissance to collect detailed information on each stakeholder in both use-cases. In a threat-modeling tool, they designed a DFD based on the information they collected. In addition, the DFDs of both use cases were subjected to the STRIDE threat-modeling approach to identify the potential threats in the underlying IoT devices. As a result of their investigation, they determined which of the identified threats could be leveraged to perform phishing attacks. Furthermore, this study provided threat-mitigation techniques that can be used to protect the IoT against phishing attacks in both systems. Prakash et al. [46] identified some issues related to internet of things security such as data integrity, encryption, and decryption capabilities, privacy issues, common frameworks, automation, and updating. Following that, the study outlined some IoT networks that have been proposed by many researchers. An IoT security model was proposed by the author, which includes six main layers: coding, perception, network, middleware, application, and business. There are a variety of communication protocols, standards, and components that make up an IoT security architecture. Podder et al. [47] analyzed the current state of security in IoT, and security threats relating to IoT were discussed in their study. They describe the applications of IoT in industrial and medical service scenarios and discuss the security threats associated with IoT healthcare architectures at various layers. In addition, different types of malware are discussed in relation to IoT, including spyware, viruses, worms, keyloggers, and trojan horses. Furthermore, some of the recent malware attacks, such as Mirai, echobot and reaper, are discussed. The paper analyzes existing security issues and open challenges. Based on the reviewed studies, Table 4 presents the key findings in terms of threats addressed in IoT environments, advantages, and limitations of each study. Every IoT architecture layer has its own set of security and infrastructure challenges that should be considered during the IoT creation and development process. As a result of analyzing the studies, Table 5 summarizes and classifies IoT threats based on three layers of its architecture, which are physical layer, network layer and application layer. 5.2. Countermeasures and Mitigation Techniques for the for IoT ThreatsChoudhary et al. [2] discussed several IoT security tools in order to assist organizations in limiting the vulnerabilities associated with IoT, thus protecting devices and networks from various types of cyberattacks. The purpose of the paper was to improve the security of IoT devices by spreading awareness. They also found that, given the wide scope of IoT, there is no single solution that defines security for IoT. The authors discovered that there is no single security solution that meets the needs of IoT due to its wide scope. In addition, they suggested that designers of IoT devices determine what security requirements apply to their products, considering the design objectives, deployment environments, and regulatory requirements. Keeping such devices secure for longer periods of time also requires timely updates and security patches. IoT devices can contribute to the development of society if they are developed responsibly. Patel [15] suggested some countermeasures in each layer of the IoT architecture. Sensing Layer: authenticity and data privacy. Network Layer: authenticity, routing security and data privacy. Middleware Layer: confidentiality and data storage. Application Layer: authenticity, intrusion detection and data security. The researcher discovered that to ensure the security and privacy of IoT devices, they should comply with the CIA triad, comprising confidentiality, integrity, and availability. Each of them is critical to the security of the devices. Dange [16] suggested that, in order to deal with IoT botnets, a different mechanism was required. Prevention represents the best long-term solution, and the network-based approach is the most efficient method. It would be helpful to develop a new hybrid approach that uses network-based botnet detection to identify the IoT botnet specifically so as to protect the IoT network from IoT botnet attacks. Hasan Ali et al. [17] presented an intrusion detection system based on the DDoS Evaluation Dataset. Data collected are divided into training, testing, and validation sets. As a result, attack detection accuracy is improved by training data according to multiple layers of long short-term networks. Based on the features extracted from the tested data and the training data, a sparse matrix is constructed. Thus, the overall accuracy of attack detection is improved, while the number of false alarms decreases. MATLAB’s implementation of the system achieved 98.98% detection rate, 99.29% accuracy, and 90.26% performance ratio, with a minimum computation complexity of 90.26%. Aamer [18] presented a technological solution for improving IoT security, including key security technologies for the perception layer, network-layer technological solutions, and application-layer technological solutions. Gerodimos [19] suggested that governments and engineers should collaborate to overcome the challenges of applying Internet of thing networks to traditional networks to make the phrase credible. Pahlevanzadeh et al. [5] described standardized global security mechanisms, effective and efficient lightweight encryption techniques, and consideration of the future of IoT security. Tsiknas et al. [20] provided the latest countermeasures for its protection, through a benchmarking and critical analysis framework. Among IIoT surveys, this one is unique, in that it provides a complete, up-to-date, and validated reference framework for identifying and assessing the risk associated with an ever-evolving industrial environment. Irfan Ahmad et al. [21] discussed four ways of securing IoT applications and their environment, including (1) edge computing, (2) fog computing, (3) blockchain, and (4) machine learning. Ahlawat et al. [22] provided various solutions like blockchain solutions, but mentioned that new protocols and algorithms could provide greater security and privacy. In addition, they reviewed various security models proposed by various authors, along with comparisons of the techniques used. Various techniques and algorithms can be used to mitigate IoT security attacks in order to increase its adaptability by users. Wheelus et al. [23] proposed a data-driven framework for implementing IoT systems and generalized principles for implementing, deploying, and managing IoT services. The researchers analyzed network traffic collected from IoT-based companies providing smartphone-enabled secure access solutions for commercial buildings, gated communities, parking garages, and storage facilities, as well as other related secure access solutions. Their analysis of raw packet data totaled 100 gigabytes. Ben-Eid [24] described several simple steps users can take to increase the security of the IoT system, as well as fog computing and blockchain. Kabulov et al. [25] mentioned that, in order to plan, implement, place, and process a secure and safe IoT system, the following steps must be taken: first, the right technologies, architectures, and tools must be selected. Second, the setting up, programming, and and verification of projects. The third step is to provide deployment and commissioning services. Operation and maintenance are the final steps. Haque et al. [26] provided recommendations of solutions by analyzing the state of the art of current cybersecurity situations of the IoT, including anti-jamming mechanisms, safe physical layer communication, detection of Sybil attacks and spoofing threats, inadequate physical protection, sleep deprivation attacks, high-level privacy/security solutions, and blockchain. Dhirani et al. [27] proposed a roadmap for implementing a unified standard framework for mitigating cyber threats and standardization challenges because of the IT/OT convergence gap. Through the study of cybersecurity standards and providing insights for designing/converging IT/OT security architectures, this research contributes to advanced knowledge in IIoT. Moreover, they emphasize the importance of implementing interoperable and hybrid standards for connecting multiple complex interfaces, as they ensure strategic alignment, and mitigate IT/OT cyber risks in IIoT/I4.0 by bridging the IT/OT divide. Svotwa [28] provided some recommendations on possible solutions or countermeasures, such as better understanding the potential effects of the IoT movement, developing policies for the handling of various types of data, and establishing policy implementation mechanisms. Developers should be trained on how to address security problems by integrating IoT security features into products that include firewalls and intrusion prevention systems and allowing users to access the IoT security features built into their devices. In addition, companies must do everything in their power to simplify connected systems, improve security and standardize apps, and ensure users’ privacy and protection on any computer, at anytime, anywhere. Additionally, an appropriate framework for designing privacy is one that gives users control over their own data, as it is right now. As well as forcing users to change their passwords after a specified period, developers can select a password that meets the strongest password requirements. Ikrissi et al. [32] presented countermeasures for IoT attacks that included lightweight cryptography, blockchains, machine learning, and biometrics. When designing and implementing new smart systems, it is important to take security and privacy threats into account. Abdalla et al. [33] proposed a new method of classifying them using the AHP approach. The new model is based on stakes pertaining to particular types of users. To gain user trust, IoT service providers should focus on both user security and user trust. For IoT systems to achieve this, precise security measures combine expert knowledge with the needs of regular users, thereby reducing cost and complexity. An AHP approach was applied in this study to propose a security classification for IoT threats. They divided 80 users into three classes (G1, G2, and G3): The first class consisted of 50 college students using IoT devices and possessing basic knowledge of security attributes including confidentiality, availability, and integrity. The second class G2 was comprised of 17 PhD holders who were working with IoT devices but did not have experience with information security. There were 13 PhD holders in class G3, who were established in the fields of cybersecurity, wireless networks, and IoT, and had published a wide range of papers on these areas. To start the survey, the participants were thoroughly explained the criteria, subcriteria, and IoT threats. There were two questionnaires completed to gather the data needed. To calculate the weight using the AHP algorithm, they collected data that represented the relationship between the sub-criteria. This was performed by G3 to ensure the weight calculations were as accurate as possible. A scale of 1–9 was used, with 1 representing “Extremely Important” and 9 representing “Extremely Important”. Secondly, the questionnaire tracked the relationship between the threat and the element of security, which affects system trust. A total of 80 users filled out the questionnaire. The risk value was measured as being between 0 and 5, with 0 being no impact and 5 being high impact. Krishna et al. [34] discussed how to enhance the security features in IoT devices using blockchain technology, fog computing, edge computing, and machine learning and state-of-the-art solutions. Shaikh et al. [35] presented two network-based solutions for detecting anomalies that make use of recently described models of generational adversarial networks (GANs) that can effectively identify malicious IoT devices inside and outside of networks. In GANs, a latent representation of the data is effectively presented, and it is possible to reconstruct a distribution from this representation. As part of their experimental setup, the first methodology trained GAN models on benign traffic generated by three widely deployed commercial IoT devices. Malware such as Mirai and Bashlite were then used to attack these devices, alongside the use of other exploitation techniques, using the Kali Linux operating system. To test the GAN model’s effectiveness, both benign and anomalous samples were used. It is important to note that these data were augmented with network traffic for 28 IoT devices that were made public. Moreover, they tested a second methodology that used GAN models to discover the distributions of anomalous samples in darknets or network telescopes. The algorithm was tested both with benign and malicious samples. Additionally, they evaluated a model trained on malicious samples using passive measurements (i.e., darknet data), as well as simulating real-world attack scenarios by including Nessus scanning and Mirai attack vectors. The results of the study showed that GAN-based models were able to effectively detect previously unknown IoT threats and capture the latent distributions of both benign and malicious samples. Furthermore, using feature matching loss in ALI GAN-based frameworks, trained on benign samples, their results demonstrated that the framework with the shortest inference time was the most effective. Models like this can be used in conjunction with IDS/IPS systems to aid in the proactive detection of unwanted activities directed towards or originating from IoT devices. Loukas et al. [36] proposed that a risk model for the smart home must factor in a user’s behavior and attitude towards IoT devices. It also considered human factors in the assessment of IoT risks. To discuss the importance of human behavior and attitudes within the home, they proposed the smart home behavior and attitude risk model (SH-BARM) to provide a solution that will assist smart home inhabitants and organizations. Yoshioka et al. [37] developed a sandbox to attract and analyze Telnet-based attacks against a variety of IoT devices running different CPU architectures such as ARM, MIPS, and PPC. This study is notable for its observations that telnet-based attacks have increased, as have IoT devices. To analyze the scope and variety of the attacks, the authors proposed a novel honeypot called IoTPOT, which simulates IoT devices and captures Telnet intrusions. The researchers then analyzed the threats further and proposed the IoTBOX, which would allow them to run the captured malware on eight different CPU architectures. Harbers et al. [38] provided a conceptual framework that models and captures the fundamental challenges that impede the deployment of solutions proposed in the literature, and it provides some suggestions for addressing these fundamental challenges. Anjum et al. [39] mentioned that it is possible to increase security and reliability by implementing blockchain technology. Haque et al. [40] discussed how blockchain could resolve the problems associated with IoT systems. In addition, the latest developments, along with the integration of blockchain with IoT, are discussed. It is then shown how blockchain can be used as a service for various IoT applications as a blockchain technology for the IoT. Alevizopoulou et al. [41] created a social media monitoring system specifically for IoT devices that identifies recent/trending vulnerabilities and exploits in IoT devices. In the proposed monitoring system, data are acquired in two phases (I) and a trained classification algorithm is used to classify the tweets collected. The researchers used binary classification in this study in order to categorize tweets into two distinct groups, namely related and unrelated to IoT vulnerabilities. To determine which traditional machine learning model would be most effective in their case, they experimented with logistic regression, multinomial naive bayes, decision tree classifiers, k-nearest neighbors classifiers, support vector machines, and random forest classifiers; the best-performing algorithm was then implemented in the monitoring system as the classification model. Furthermore, they released a new dataset consisting of security-related tweets annotated in terms of whether they contain IoT CTI; this dataset is expected to facilitate research in the area of security-oriented social media content classification as well as support reproducibility. In addition, they publicly release all annotated datasets created during this process in order to support research on the field and provide reproducibility of results. Schiller et al. [42] mentioned that, although many IoT devices and threats have been increasing exponentially these days, they need to increase their speed of development. Products well designed to determine the security requirements in detail will soon be developed by manufacturers. Resource-constrained IoT devices require more affordable security measures. Consumers should take responsibility for their privacy and security, along with regulations, guidelines, and governments who pay enough attention to this market. Manufacturers, consumers, and governments all have a role to play in leveraging the power and innovation that IoT offers, but they also have a role to play in making the world a safer place. Borcherding et al. [43] proposed an optimal attack detection model for IoT systems using a comprehensive workflow. This research has used three different datasets in addition to the most frequently used datasets (NSL-KDD and DS2OS), including IoTDevNet, IoTID20, and IoT Botnet. The principal target of the framework is to construct an IoT-based system that distinguishes its vulnerability, provides a secure firewall against all cyberattacks, and recovers from them. Therefore, this paper proposed a learning-based methodology that can be used to recognize anomalies and ensure the security of infrastructures. The errand was performed by deploying three shallow ML classifiers and five DL models. The paper also performs comparisons between simple models like DT and RF and complex networks like deep belief networks (DBN), long short-term memory (LSTM), bidirectional long short-term memory (Bi-LSTM) for anomaly detection. The researchers found that deep learning IDS outperformed shallow learning IDS in detecting IoT attacks. Kim-Hung Le et al. [44] introduced IMIDS, a powerful intrusion detection system that uses a CNN. The purpose of this study was to identify various cyberattacks accurately using an IDS and an artificial method for generating useful training data. A key component of IMIDS is the feature extractor, which extracts features from raw network packets and transforms them into network features, while the attack detection model identifies malicious behavior. Interestingly, IMIDS was able to distinguish between normal and abnormal activities, as well as to identify whether they were cyber-attacks. As part of enhancing IMIDS’s detection performance, the researchers proposed a conditionally generated adversarial network to generate attack data. It consists of conditional generators, which can learn conditional distributions from samples in a dataset. During the experiments, IMIDS detected nine cyber-attacks, on average, with an F-measure of 97.22 percent. Additionally, IMIDS’ detection performance was significantly improved after being trained with their attack data generator’s training data. Detections of worms and analysis attacks, for example, improved from 35.58% to 70.94% and 49.12% to 83.64%, respectively. Based on these results, IMIDS was found to be a viable IDS for IoT systems. Abbas et al. [45] proposed that a threat-modeling approach could be useful for security analysts, developers, and IoT device vendors to identify and design for IoT devices’ vulnerabilities during their initial design phase. Threat modeling is only able to identify threats during the design phase of a system. The researchers proposed threat-mitigation remedies to protect IoT systems from phishing attacks based on the identified threats. Prakash et al. [46] suggested a security model based on the security architecture of IoT might be able to offer protection from unwanted threats and attacks and un-authentication, while protecting private information. There were three stages of development involved in the proposed model, including layers of security, security protocols, and database servers. They identified protocols suitable for different layers of the proposed security architecture, including the IEEE 802.11 protocol at the perception layer, the 6LowPAN network protocol, and the SMQTT application protocol. The proposed model uses algorithms such as the hash algorithm and end-to-end authentication in order to guarantee IoT security layers such as access control, privacy, confidentiality, integrity, availability, and authorization. As a follow-up to step one, the security protocols and security control mechanisms for the different layers of IoT security architecture are described in step two. This model also includes database servers that store data and parameters of security concern for all security layers, client profiles, security component errors, log records of the IoT framework, and access control records. The process consists of collecting the data from physical media like sensors and converting them into digital signals for further processing. Users can also give their instructions via the user interface to control the system processes. The encryption of digital signals is achieved using appropriate key-generating algorithms. Data from encrypted signals is aggregated with that from users. Through the interface of an IoT gateway, data are transferred to a database via the web server, where it is decrypted and displayed to the user using the same encryption key. Additionally, the decrypted data are stored in the database for future use. As a result of using this model, IoT systems can be designed to perform better, saving both energy and time by selecting the appropriate security methods for the IoT layer. Podder et al. [47] used machine learning algorithms to defend against IoT threat. Researchers have found that the k-nearest neighbor (kNN) machine learning algorithm can detect malware with excellent accuracy. Various tools have also been reviewed to perform ransomware detection, classification, and analysis. In Table 6, we summarize and present the key findings of studies regarding countermeasures for IoT threats. Table 7 summarizes the mitigation techniques suggested in the reviewed studies to mitigate threats in IoT environments. 6. Results and DiscussionIn the previous section, the results showed common threats at each layer of the three-layer IoT architecture. The most common threats in the physical layer, as shown in Figure 6, are node capture, eavesdropping, side-channel attack, boot attack, and timing attacks, where node capture poses the greatest threat to the physical layer. A key component of these attacks is the control of key nodes, such as gates [48,49,50,51,52,53,54,55]. In this way, all data, including matching keys for data and group communication keys, are disclosed, posing a threat to the entire network. In the network layer, the main threats are DoS/DDOS attack, man-in-the-middle attack, traffic analysis attack, Sybil attack, and routing attack, as shown in Figure 7. In addition, the DDOS/DoS attack poses a major threat to the network layer according to the analyzed studies [56,57,58,59,60,61,62]. This attack aims to disrupt server availability through a flood of impersonated IoT requests on the communications channel [63,64,65,66,67,68,69]. Due to the complexity and heterogeneity of IoT networks, the network layer is vulnerable to them. It is common for IoT devices used in IoT applications to be poorly configured, making them easy targets for DoS and DDoS attacks in the target environment [70,71,72,73,74]. In the application layer, the common threats are malicious code injection, cross-site scripting attack (XSS), data theft, DoS and DDOS attack, sniffing attack, and reprogramming attack, as shown in Figure 8, where the malicious code injection attacks pose a major threat to the application layer according to the analyzed studies. The easiest or simplest way for an attacker to break into a device or network is usually the easiest one. The simplest and easiest methods are often used by attackers to gain access to a network or device. The device becomes the first point of entry for an attacker if it is vulnerable to spiteful scripts and misdirection caused by inadequate code testing [75,76]. Based on three layers of IoT architecture, Figure 9 illustrates the most common threats. The layers are the physical layer, the network layer, and the application layer. The common technologies used to address IoT threats according to analyzed studies are: blockchain, machine learning, fog computing, and edge computing. As shown in Figure 10, the most frequently suggested technology is blockchain. 7. Recommendations for Future Research DirectionsIn recent years, the security of IoT devices has attracted the attention of researchers in both industry and academia. In our paper, we offered a comprehensive review of the threats that target IoT networks. These threats can be classified into three categories based on IoT layers namely: node capture threat, DDoS attack and code injection. In this study, we summarize the following future directions: First, we recommend more future research investigation on the use of Artificial Intelligence techniques to enhance the IoT security and privacy. Second, despite the increasing interest in cybersecurity of IoT, little research has been performed on the security of IoT application-layer protocols. There are several challenges and security issues in IoT application-layer protocols still to be addressed. We recommend more future research investigating the security issues in IoT application-layer protocols. Third, our findings also identify the different types of cybersecurity threats in IoT, such as DDoS, man-in-the-middle attack, Sybil attack, routing attack, and others. Other researchers could explore other types of threats in IoT layers and identify the weaknesses in each layer. Fourth, one of the main concerns in IoT is providing highly efficient detection methods that have a high probability of detection with low probabilities of false-alarm and miss-detection. The current detection techniques have many limitations. One of these issues is that most of the developed methods need modification to the IoT network infrastructure and their security protocols. Additionally, the majority of these techniques do not support high detection rates while having high false-alarm rates. Furthermore, the detection process is not in real time, which decreases the efficiency of these techniques. Therefore, we need more research investigating the provision of detection techniques in order to address these challenges. 8. ConclusionsIoT devices are becoming increasingly common throughout the world, which makes them a target for many hackers, who are trying to trespass on people’s privacy by collecting sensitive information and using it in suspicious ways. Therefore, this study conducted a systematic literature review of 35 existing research publications on cybersecurity threats associated with the IoT environment. In this paper, we present a comparison of 35 publications based on the threats, countermeasures, and mitigation techniques. Additionally, we classified IoT threats based on a three-layer IoT architecture. As well as analyzing the popular application-layer protocols employed in IoT environments and their security risks and challenges. According to our findings, node capture is the most significant threat to the physical layer or perception layer, and DoS/DDOS attacks pose significant threats to the network layer. Furthermore, malicious code injection is a common threat in the application layer. In addition, it was observed that the most frequently suggested mitigation technique for IoT threats was blockchain. However, few studies have discussed machine learning as a mitigation technology for IoT threats. As a result, this paper recommends that researchers in this area focus on machine learning technologies. Conceptualization, M.A.A. and E.A.; M.A.A.; methodology; M.A.A. and E.A formal analysis, A.A. investigation, M.A.A. and E.A; resources, M.A.A. and E.A; writing original draft preparation, M.A.A.
writing—review and editing, M.A.A.; supervision, M.A.A.; project administration, M.A.A.; funding acquisition, M.A.A. All authors have read and agreed to the published version of the manuscript. This research was funded by King Faisal University. Not applicable. Not applicable. Not applicable. This work was supported through the Annual Funding track by the Deanship of Scientific Research, Vice Presidency for Graduate Studies and Scientific Research, King Faisal University, Saudi Arabia (Project No. Grant No. 1785). All authors declare no conflict of interest. Figure 1. Three layers IoT architecture. Figure 1. Three layers IoT architecture. Figure 2. Five-layers IoT architecture. Figure 2. Five-layers IoT architecture. Figure 3. IoT application-layer protocols. Figure 3. IoT application-layer protocols. Figure 4. Schematic diagram PRISMA literature review. Figure 4. Schematic diagram PRISMA literature review. Figure 5. Distribution of the selected papers’ publication year. Figure 5. Distribution of the selected papers’ publication year. Figure 6. Common threats in the IoT physical layer. Figure 6. Common threats in the IoT physical layer. Figure 7. Common threats in the network layer. Figure 7. Common threats in the network layer. Figure 8. Common threats in the application layer. Figure 8. Common threats in the application layer. Figure 9. Summary of the most common threats on IoT based on three layers architecture. Figure 9. Summary of the most common threats on IoT based on three layers architecture. Figure 10. Common technologies used as a countermeasure for IoT threats. Figure 10. Common technologies used as a countermeasure for IoT threats. Table 1. Comparison of other related studies with our study in the context of IoT: (√: yes; x: no). Table 1. Comparison of other related studies with our study in the context of IoT: (√: yes; x: no).
Table 2. Classification of security services provided by IoT protocols for mitigating attacks. Table 2. Classification of security services provided by IoT protocols for mitigating attacks.
Table 3. Distribution of selected papers publication year. Table 3. Distribution of selected papers publication year.
Table 4. Summary of the addressed threats. Table 4. Summary of the addressed threats.
Table 5. Classify threats on each of three layers IoT. Table 5. Classify threats on each of three layers IoT.
Table 6. Summary of the countermeasures for IoT threats. Table 6. Summary of the countermeasures for IoT threats.
Table 7. Summary of the suggested mitigation for IoT threats. Table 7. Summary of the suggested mitigation for IoT threats.
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). What would you use a TPM for quizlet?Trusted Platform Module (TPM) is a dedicated microprocessor used for securing computing hardware and providing cryptographic support. One of the most common uses for TPM is to provide full-disk encryption, usually with an external key or passcode used for decryption.
What use is made of TPM for NAC attestation?What use is made of a TPM for NAC attestation? The Trusted Platform Module (TPM) is a tamper-proof (at least in theory) cryptographic module embedded in the CPU or chipset. This can provide a means to report the system configuration to a policy enforcer securely.
What use is a TPM when implementing full disk encryption group of answer choices?What use is a TPM when implementing full disk encryption? A Trusted Platform Module provides a secure mechanism for creating and storing the key used to encrypt the data. Access to the key is provided by configuring a password. The alternative is usually to store the private key on a USB stick.
What is a hardened configuration quizlet?A hardened system is configured to perform a role as a client or application server with the minimal possible attack surface, in terms of interfaces, ports, services, storage, system/registry permissions, lack of security controls, and vulnerabilities.
|