The Effect of IoT New Features on Security and Privacy: New Threats, Existing Solutions, and Challenges Yet to Be Solved

Abstract: The future of Internet of Things (IoT) is already upon us. IoT applications have been widely used in many field of social production and social living such as healthcare, energy and industrial automation. While enjoying the convenience and efficiency that IoT brings to us, new threats from IoT also have emerged. There are increasing research works to ease these threats, but many problems remain open. To better understand the essential reasons of new threats and the challenges in current research, this survey first proposes the concept of "IoT features". Then, the security and privacy effects of eight IoT new features were discussed including the threats they cause, existing solutions and challenges yet to be solved. To help researchers follow the up-to-date works in this field, this paper finally illustrates the developing trend of IoT security research and reveals how IoT features affect existing security research by investigating most existing research works related to IoT security from 2013 to 2017.

• The paper introduces eight distinct IoT features that shape security and privacy vulnerabilities across various devices.
• The paper examines specific threats such as DDoS via botnets and constrained-device risks while proposing tailored solutions like context-based permissions and lightweight encryption.
• The paper highlights the need for integrated, cross-disciplinary approaches to enhance the resilience of IoT systems in dynamic, ubiquitous environments.

The Impact of Emerging IoT Features on Security and Privacy

The adoption and evolution of Internet of Things (IoT) technologies have significantly permeated various sectors, enhancing both utility and convenience. However, the exponential growth in IoT applications introduces novel security and privacy concerns. In this comprehensive survey, the authors propose a novel perspective on IoT vulnerabilities and challenges by introducing the concept of "IoT features." Specifically, they identify eight key IoT features that critically influence security and privacy: Interdependence, Diversity, Constrained, Myriad, Unattended, Intimacy, Mobile, and Ubiquitous.

Analysis of IoT Features

The paper meticulously dissects each IoT feature, exploring the distinctive threats, challenges, and prospective solutions:

1. Interdependence emphasizes the interconnected operations of IoT devices, leading to vulnerabilities that exploit device dependencies. Traditional approaches fail to address security boundaries due to dynamic device interactions. Notably, ContexIoT offers context-based permission systems as a potential solution, though reliant on user decision accuracy.
2. Diversity highlights the heterogeneity in IoT devices and protocols, introducing challenges in designing uniform security frameworks. Static and dynamic analysis, alongside protocol-specific intrusion detection frameworks, have been explored to encompass this diversity.
3. Constrained devices are resource-limited, posing difficulties in deploying robust security mechanisms. Innovative approaches involving lightweight encryption and authentication, utilizing characteristics like physical unclonable functions (PUF), offer promising avenues albeit with implementation trade-offs.
4. Myriad illustrates the sheer volume of IoT devices, exacerbating DDoS threats through botnets like Mirai. The study identifies ongoing efforts in botnet detection, suggesting further exploration of lightweight, adaptive algorithms for anomaly detection.
5. Unattended devices, often operating remotely, are prime targets for undetected attacks. Remote attestation and trusted execution environments are potential areas for safeguarding these devices.
6. Intimacy reflects the sensitivity of data collected by IoT devices, necessitating stringent privacy measures. Solution approaches range from homomorphic encryption to anonymization protocols, with ongoing research focused on preserving data utility alongside privacy.
7. Mobile IoT devices encounter unique security challenges related to cross-domain interactions. Dynamic trust and configuration management strategies are nascent areas warranting further exploration.
8. Ubiquitous IoT features underscore widespread adoption, yet highlight gaps in user, manufacturer, and operator security awareness. Increasing public understanding and establishing security standards remain critical.

Research Trends and Implications

The paper further categorizes existing research by IoT application scenarios and layers, elucidating how security research aligns with ongoing IoT developments. Notably, there is a shift in focus toward privacy issues in smart home and healthcare sectors, influenced by the features of intimacy and myriad. The survey underscores the necessity for integrated approaches that address the complexity and overlapping nature of these features to bolster IoT security.

Overall, the exploration of IoT features offers a structured lens to assess and address the multi-faceted security challenges in IoT environments. The insights drawn from this survey can guide researchers toward developing more resilient security frameworks that anticipate evolving threats and enhance the trustworthiness of IoT systems. As IoT continues to expand, ongoing research and cross-disciplinary collaborations will be instrumental in navigating these challenges effectively.