Integration of the Internet of Things and Cloud: Security Challenges and Solutions – A Review

The integration of IoT and cloud poses increased security challenges. Implementing security mechanisms in IoT systems is challenging due to the availability of limited resources, large number of devices, heterogeneity of devices, generation of bulk data, etc. Likewise, cloud resources are also vulnerable to security issues due to virtualization, insider threats, data loss, data breaches, insecure APIs, etc. Security is of major concern with the integration of IoT and cloud. The primary objective of this review is to highlight the security issues associated with an IoT system and cloud system and with the integration of the two, as well as to highlight solutions in each case. The secondary objective is to describe popular IoT-cloud platforms and also to highlight how such platforms facilitate secure integration. Ultimately a highlight on a shared responsibility model of implementing security is emphasized as both IoT users and cloud service providers have to cooperatively share the responsibility to deploy secure cloud-based IoT applications.


INTeGRATIoN oF THe INTeRNeT oF THINGS ANd CLoUd: SeCURITy CHALLeNGeS ANd SoLUTIoNS: A ReVIew
The Internet of Things (IoT) sensors purposefully interact with other connected entities in the real world to acquire different operational parameters and share the data to other devices and systems over the Internet or any other communication network without human intervention (Mercado Herrera et al., 2023). The advancement in hardware and wireless communication technologies promotes the usage of IoT devices across various domains. In 2025, the number of IoT devices in the world will be approximately 75.44 billion (Alam, 2018). Artificial intelligence (AI) makes the IoT networks intelligent and increases the scope of IoT connectivity and vast data streams (Khanam et al., 2022). The rapid growth of IoT sensors and the corresponding generation of a large volume of data are obviously in need of huge resources for storage and processing (Qabil et al., 2019). There are several popular 1. How can the security challenges that arise during the integration of an IoT system and cloud be addressed by cloud? 2. How can IoT-cloud integration platforms facilitate IoT-cloud integration?
Through the findings, the review illustrates how cloud can extend its device connectivity, management, and other services via the integration platforms and ultimately achieve the basic security requirements, namely integrity, availability, confidentiality, and privacy, across different layers of any cloud-based IoT system.
The contributions of the review include: • A brief overview of security challenges in cloud and their resolving methods.
• A short description of security aspects of IoT.
• A brief account of security issues that arise during the integration of IoT and cloud and their solutions. • An illustration of the way these platforms can ensure the fulfillment of basic security requirements (namely authentication, authorization, confidentiality, integrity, availability, and privacy) in an IoT system. • A description of the review method and findings of the review along with a note on limitations and future research directions.

ReVIew MeTHod
Publications related to the objective of the review have been collected from different data sources, namely Web of Science, Scopus, Springer, and IEEE, and as well as from Google using keyword searching. Different keywords, like "security issues in IoT", "security issues in cloud", "security challenges cloud based IoT", and "security issues in the integration of IoT and cloud", have been used. The title and abstract of the retrieved publications have been carefully analyzed for additional keywords such as "security challenges in SaaS", "security issues in PaaS", "security challenges in IaaS", "IoT Cloud platforms", and "security challenges in the cloud based IoT". The search resulted in 130 records from scientific databases and 12 hyperlink records from Google. At first duplicate scientific records (3) have been eliminated. The remaining records have been manually scanned for abstracts. Publications which are not useful (11 scientific records and 1 hyperlink record) for the current objective were eliminated. Ultimately a collection of 127 representative records (116 scientific records and 11 hyperlink records) has been included for the study. The Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) flow diagram of the review method is shown in Figure 1. The representative publications have been categorized according to the research questions and are given in Table 1.

FINdINGS oF THe ReVIew
The representative publications have been carefully analyzed towards answering the proposed research questions. The following are the findings of the review, and they are discussed in a hierarchical manner in the subsequent sections: • A brief overview of cloud security issues and their solution approaches. • A description of IoT security issues and their solving methods. • A narration on the security challenges in the integration of IoT and cloud along with mitigation strategies provided by cloud. • A highlight about the need for IoT-cloud platforms for easy and secure integration. • An overview of popular IoT-cloud platforms.
• An illustration of the fulfillment of the basic security requirements in a cloud-based IoT application. • A discussion of limitations and future research directions.

oVeRVIew oF CLoUd SeCURITy
With unique characteristics, namely on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service (Mell & Grance, 2011), cloud computing offers a wide range of computing resources to its consumers. The resources are provided through different service classes, namely Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), over different deployment models, namely public, private, and hybrid (Quilachamin et al., 2018). Here, the control that a consumer could get over different computing resources that s/ he avails is based on the concerned service class. In the case of IaaS, though the service providers have more control over the infrastructure (computing, storage, and network resources), the consumers are also being given more control with respect to the operating systems and applications that they deploy in the infrastructure. In the case of PaaS, only service providers have maximum control over both the infrastructure as well as the platforms and other software offered by them. With SaaS, the consumers have almost no control over the software applications they consume. Also, cloud security follows a shared responsibility model where both service provider and consumer are responsible for implementing security mechanisms based on the service class (Al-Anzi et al., 2014;Saini et al., 2022). In Hashizume et al. (2013), the authors have related various vulnerabilities in cloud to their corresponding threats. Also, the authors have given some countermeasures for different threats. In the study of Vurukonda and Thirumala Rao (2016), the authors have identified security issues, such as data breach, data theft, and unavailability of data, related to cloud data storage. In Khan et al. (2021), the authors have identified 15 security challenges, namely data secrecy issues, geographical data location issues, unauthorized data access issues, lack of control, lack of data management, network-level issues, data integrity issues, data recovery issues, lack of trust, data sharing issues, data availability, asset issues, legal amenabilities, lack of quality issues, and lack of consistency. These issues are related to big data in cloud computing. Using the fuzzy-Technique for Order Preference by Similarities to Ideal Solution (TOPSIS) method, the authors found the data secrecy issue to be the most prominent security challenge. In , the authors presented the state-of-the-art Distributed Denial of Service (DDoS) attacks in Software Defined Cloud (SDN). In Rajasekaran and Ranganathan (2021), the authors discussed various security issues from a federated cloud perspective. In Sabir (2018), the authors reviewed various security aspects and key factors which affect cloud security and provided solution approaches. In Butt et al. (2023), security threats, difficulties, strategies, and solutions related to the cloud computing environment were discussed. The article by Alhijawi et al. (2022) reviews and classifies the research efforts on SDN and DoS. In Hassan and Thayananthan (2021), the applications of machine learning for securing SDN were discussed.

Security Issues in IaaS and Their Solving Methods
In the IaaS model, cloud consumers have more responsibility in implementing security measures as the service providers have control over only the physical infrastructure. The available physical resources are virtualized and shared by many consumers. Security issues related to virtualization and multi-tenancy become important. Here, Virtual Machine (VM) needs to be protected against attacks due to virtualization. In addition, the vulnerabilities in the underlying hypervisor must be given more importance. An attacker who gains access to hypervisor can even access the underlying hardware easily. Similarly, DoS attacks against any VM are likely to affect the other VMs that share the same physical machine as the targeted VM. Software used to implement virtualization may contain bugs. VM escape is a serious attack where an attacker intentionally runs code to break a VM and interacts with the host operating system. The VM escape gives an attacker unlimited control over the host system because the attacker can access all the VMs in the host. Also, if VMs are not monitored and managed properly, they may be left simply idle or without the required security patch or update. Such VMs become vulnerable to more attacks. VMs are affected by malware attacks also. An attacker who gains access to the VM management console can copy sensitive data from the VM to outside. Network virtualization allows multiple cloud users to have their virtual networks on a shared physical network infrastructure. When the virtual networks are not isolated completely, an attacker can exploit the vulnerability and access the other virtual networks as well (Alharbi & Portmann, 2019;Duan et al., 2016;Li & Chen, 2015). Misconfiguration of computing instances by cloud consumers creates security vulnerabilities, and it is one of the major security concerns in cloud (Alghofaili et al., 2021;Nobles, 2022). Virtualization and hypervisor related security attacks in IaaS along with their solution approaches are given in Table 2.

Security Issues in PaaS and Their Solving Methods
In the PaaS service class, the service providers provide infrastructure (i.e., servers, storage, and networking resources) as well as the programming and execution environment required for design, development, testing, and deployment of applications. The PaaS service class is expected to provide high scalability, on-demand provisioning, automatic deployment of applications, high availability, high reliability, multi-OS, multi-language support, etc. (Yasrab, 2018). In PaaS multiple tenants deploy their applications on virtual environments which share the same physical resources. So, it becomes crucial to ensure that an application is getting executed in an isolated environment (Hussain et al., 2017). In the PaaS cloud, the consumers are given permission to access several platforms, tools, and software along with their concerned application and data. Attackers can exploit the vulnerabilities of applications and software tools and gain access to various resources. The major security issues in the PaaS cloud along with their solving methods are given in Table 3.
Applications should be equipped with real-time automatic monitoring for detecting and blocking unauthorized access. User accounts should be properly managed. Only authorized users should be given permission to access their concerned resources up to the level of privileges they have. Also, the administrators should ensure that the users are given only the necessary privileges. Since PaaS supports a wide range of software including proprietary, open-source, and third-party tools, flaws that exist in any of these components lead to security vulnerabilities. Attack simulation and threat An access control model developed by D. Bell and J. LaPadula  Penetration test for virtualization environment (Tank et al., 2019) Hypervisor hardening (Rakotondravony et al., 2017) Interposing the interactions in-between the guest VMs and hypervisor through clearly defined entry and exit points by using CloudVisor (Szefer & Lee, 2012) Hyperjacking -an attacker takes control over the hypervisor and thereby creates attacks Protecting hypervisor integrity and reducing attack surface (Vasudevan et al., 2013) (Szefer et al., 2011) Maintaining the integrity of control flow in hypervisors using HyperSafe (Wang, 2010) Protection of code of hypervisor from malicious activity Hypercall attack -an attacker exploits the weakness of hypercall interface and requests specific services like memory allocation, device access, or process scheduling from the hypervisor Up to date software update for hypervisor and continuous monitoring Hypervisor failure -hypervisor undergoes failure or is not functioning properly Regular update of hypervisor software and monitoring using tools Guest hopping attack/VM hopping attack -an attacker on one VM hops to another VM on the same host VM hopping defense is mainly solved by building healthier hypervisors (lightweight hypervisors) and designing more robust access control policies (Dong & Lei, 2019) Cross VM side channel attack -if VMs are co-resident on the same hardware, the malicious VM can observe the hardware behavior of the target VM with an intention to steal passwords (Narayana & Jayashree, 2021) Implementation of different mechanisms at CPU level, like indirect branch prediction barriers and flushing the L1 data cache Implementation separate cache memory for CPUs monitoring must be done as a routine activity. Logging of user activities helps in analyzing whether the users are working only according to their granted privileges. Data must be communicated via secure protocols. Also, the data must be validated thoroughly to ensure that clean data is being communicated. Multi-factor authentication needs to be implemented along with strong security policy. Privacy-aware authentication using proxy certificates, indicating access control policies agreed upon by service providers and users, must be used. As mentioned earlier, implementing security is a shared responsibility of cloud service providers and cloud consumers; the consumers may use their own security mechanisms to protect their applications. The PaaS cloud offers various security related services such as the following: 1. Security broker for cloud access (CASB): These security brokers are cloud security gateways used to establish various countermeasures, like monitoring unauthorized access, implementing security policies, controlling access to resources according to users' privileges, and auditing cloud configurations. 2. Platforms for securing cloud workloads: Cloud workload security platforms continuously monitor the workload instances and defend against malware. Also, the platforms help in security management across different PaaS providers. 3. Control of cloud protection posture: A security posture manager audits the cloud environment on a regular basis for security and offers manual or automated remediation strategies to handle enforcement related issues.

Security Issues in SaaS and Their Solution Approaches
In the SaaS model, the consumers must ensure security for their data. It is the primary responsibility of the user to implement strong authentication and authorization mechanisms to ensure the data security. The data is at greater risk for its leakage or deletion due to unauthorized access. Accessing SaaS services without explicit security is the main driver for shadow IT (ISACA, 2022). In addition, consumers of SaaS are not or less aware of the security posture of the provider. Also, the providers Table 3. Major security issues in PaaS cloud and their solution approaches

Security attacks Solution approaches
As discussed in Tank et al. (2019), there are three major causes for security issues in PaaS Heterogeneity in hardware and software cause flaws as the security setting for different resources would be different Host in a multi-tenant environment becomes vulnerable to security attack (vulnerable host) The resource of objects in a host also tends to be vulnerable (vulnerable object) Trusted Computing Base (TCB) is a promising method to address security flaws that may arise due to heterogeneity issues and a vulnerable host (Hussain et al., 2017) Sensitive data associated with different resources can be kept safe using encryption Lack of monitoring ability on a heterogeneous workload system and difficulty in maintaining consistent security across multiple platforms or tools is a major issue in PaaS (Finsliq Blog, n.d.). In the case of a multi-cloud environment, the monitoring becomes still more complex (Raj Chelliah & Surianarayanan, 2021). It means that the host or VM or container on which the workload would be deployed will be varying with respect to time. This makes the monitoring with fixed/constant network intrusion detection more complex (TechTarget, n.d.) By using cloud workload protection platforms (CWPPs), unified management can be brought in which the security related controls would be packed along with workloads themselves If an attacker gains access to resources of PaaS with administrative privileges due to poor access control, the attacker can access not only the instances of the application but also the servers in the instances have been deployed (FutureLearn, n.d.).
By using robust access control mechanisms may include third-party vendors in their services and operations. So, it becomes crucial to assess and evaluate the security aspects of third-party vendors. There are situations where users may not be informed about the infrastructure and application-level security event logs to the SaaS customers (for example, password-replay attack of a customer may not be informed to the customer at right time which may lead to data breach). Also, the consumers may be unaware of the shared security model as the SaaS providers may not reveal the shared responsibility matrix or Complementary User Entity Controls (CUEC). In addition to the above, SaaS providers have the risks while disclosing security program details to consumers as disclosing too much details (about security policies, procedures, standards, business continuity plans, controls, and risks) help attackers in compromising SaaS environment. Disclosing too little information makes the legitimate users unaware of the security posture of the provider. Further, customization of SaaS services is really challenging, as the flaws in configuration may create security vulnerabilities. Security issues in SaaS along with their solution approaches are given in Table 4.

IoT SeCURITy
IoT devices typically have limited computing resources which prohibit the implementation of strong security solutions. The following research works have handled security aspects of IoT. In Abdur Razzaq et al. (2017), the authors emphasized that the usage of IoT devices keeps on increasing, whereas the majority of the IoT devices and applications are not being designed to handle security and privacy issues. Also, the authors have given an overview about the security requirements in IoT along with a description about various security attacks in a categorized manner. In Yang et al. (2017), the authors performed a survey with four segments; the first segment deals with the limitations of IoT Table 4

Security attacks Solution approaches
Poor IAM and lack of user control are major two security issues in SaaS (Humayun et al., 2022). Due to lack of control, users are likely to misconfigure the application and security related settings. This may result in the exposure of data to various cyber-attacks such as malware, ransomware, etc.
Multifactor authentication robust access control mechanisms Protection against malicious software Solutions such as given in Subba Rao et al. (2023) Insecure APIs may lack proper role-based access control, and this leads to vulnerabilities. Most of the SaaS providers are likely to simply permit users having Internet (without explicit approval from information security and legal teams) to access and consume their SaaS applications (Asghar & Amjad, 2018;Islam et al., 2016); and this may put the organization at security risk.
Strong authentication and authorization for access APIs Testing APIs for their security Logging and auditing of API activities such as API access, API actions, and authentication failures etc. API traffic monitoring Service Level Agreement (SLA) issues (Bernsmed et al., 2011) -Similar to other non-functional attributes, SLA should include security related parameters such as data encryption, access controls, vulnerability management, etc. Issues are likely to occur if the providers do not deliver the service up to expected level of security.
Service users should be aware of the expected level of security from the providers Enforcing SLA compliance makes the service providers implement the agreed upon security related mechanisms Data security issues like incomplete data-deletion (data remanence), data breach, data loss, data backup, and recovery related issues Using encryption for data-in-transit Secure storage Life cycle management of data Strong authentication and robust access control Logical data storage segregation due to multi-tenancy -users are unaware of their data location. This can raise concerns about compliance with data protection regulations Data protection regulations must be transparently stated in SLA devices, the second segment presents the classification of IoT attacks, the third segment describes architectures for authentication and access control, and the fourth segment analyzes security issues in different layers. In Imran et al. (2021), the authors have examined the past, present, and future of the IoT security issues by analyzing existing IoT security vulnerabilities. With their review, the authors have found that in the past, data security, privacy, integrity, and confidentiality were the most discussed issues. Also, they found that, in the present and future, along with the four mentioned issues, authenticity has also been included. In Hassija et al. (2019), a detailed review of the security related challenges, sources of threats along with the role of different technologies like blockchain, edge computing, fog computing and machine learning, in enhancing the security of IoT applications, have been discussed. The integration of a wide range of smart devices into the standard Internet introduces several security challenges as the internet technologies and protocols were not designed for IoT (Krishna & Gnanasekaran, 2017). Also, in the above paper, the authors have discussed IoTlayered architecture, security attacks in different layers, solution approaches, and their limitations. In the review paper by Azrour et al. (2021), the authors have identified the key security issues that arise in the IoT environment and have described various IoT authentication techniques towards enhancing IoT security. In Mohanty et al. (2021), the authors have handled IoT security with two perspectives; one is with respect to different layers of IoT architecture, and the other is with respect to protocols. Further, the authors have developed security mechanisms for various protocols. In another study by Leloglu (2017), the author has discussed security requirements and challenges that are common to IoT implementations and has provided solutions for each layer of IoT architecture. In contrast to the above survey works, in the review by Abed and Anupam (2022), the authors have described major attributes related to IoT security along with potential solutions based on AI.
The most important security issues in the IoT, as described in (Peerbits. 2023): 1. An IoT device may trust the other devices in the local network and share the data to other devices in the same network, as a single device may not be able to provide extensive functionality (Trnka & Cerny, 2017). 2. In the IoT environment, devices of the same model or design are delivered with the same default passwords. Frequently, those passwords are not being updated by users. The use of default passwords is dangerous and creates vulnerabilities (Knapp, 2011). 3. IoT devices like smart TV, phones, cameras, etc. are basically powered by processors that run on either Android or Unix operating systems. These operating systems use Android Debug Bridge (ADB) for managing communication between devices. However, there are several smart TV manufactures that sell these TVs with an uncertified version of Android along with the ADB ports left open (QuickHeal, 2019). This results in security vulnerabilities. 4. In general, the software released for IoT devices will undergo vulnerability research, and if any vulnerability is found, then the vendors of the software will be notified. They release countermeasures as patches. When a device is not updated for the patch, it becomes vulnerable to security attacks (Prakash et al., 2022). 5. When an IoT device communicates data in the plain text form, it creates security issues such as eavesdropping. 6. A wormhole attack is an internal attack which is hard to identify as attackers simply listen to the activities of the network without altering it (Nitiynandan & Kamalakkannan, 2022). 7. The use of general-purpose computers as devices in an IoT environment also creates security issues as they permit the installation of any software and an attacker may misuse this feature. By limiting the functionality of the device, the possibilities to abuse the device can be reduced. A trusted execution environment can be created as in Apple iPhone to totally restrict the code that runs on the IoT devices.
8. Consumer devices typically store sensitive information which can be accessed by attackers, and this creates data privacy issues. Insufficient physical security of IoT devices also brings security vulnerabilities.
Security issues in different layers of an IoT application along with their solution approaches are given in Table 5.

SeCURITy CHALLeNGeS IN THe INTeGRATIoN oF IoT ANd CLoUd
Security becomes a major concern in the integration of IoT and cloud due to the following reasons: 1. Increased attack surface due to large scale deployment of IoT sensors: Very often, an IoT system consists of numerous sensors and gateways which make the system more vulnerable to security breaches. As discussed in Al-Garadi et al. (2020) intruders also may try to get unauthorized access as mostly the devices are operating in an unattended environment and the attack surface has been increased due to interdependent and interconnected environments. 2. Complex security management due to device heterogeneity: In general, IoT systems contain devices manufactured by different vendors. The hardware, software, protocols, and operating systems of different devices are heterogeneous. New security issues arise due to the heterogeneity of IoT applications and devices (Choudhary, 2018). Each type of device has its own security vulnerabilities. When there is a diversity, ensuring a security patch update for each type of device itself becomes difficult. 3. Difficulty in the implementation of consistent security: In addition, each type of device has its own security features. So, implementing consistent security across the heterogeneous devices also becomes tedious. 4. Increased security vulnerabilities due to lack of interoperability: The communication protocols and standards are different among devices, which leads to interoperability issues. The incompatibility and interoperability issues increase the attack surface of the system (Sadhu et al., 2022). 5. Lack of control and visibility: In general, organizations depend on third-party vendors for devices and tools. Those vendors provide only limited control over the security configurations.
In addition, users of devices may not have the full visibility due to their ignorance about the internal behavior of the devices. Insufficient access control, flaw of default user credentials, and elevated permissions to users help hackers to gain unauthorized access, and close to 48% of IoT users are unaware that their devices could be used to conduct attacks (Neshenko et al., 2019). 6. Need for strong authentication and authorization control: When an IoT system is integrated with cloud, authenticating, and authorizing the devices as well as users. Authentication and authorization are the first lines of defense against unwanted actions (Putra et al., 2020). 7. Privacy issues: When data is stored in cloud, data privacy cannot be ensured as data is stored in different geographical locations where the privacy laws are different, and it is very likely that the data may be exposed to foreign entities. So, data storage must be carefully planned in sectors like healthcare where sensitive data is bulk and fragmented across insurance, pharmacy, clinical labs, etc. (Wassan et al., 2022). 8. Security and privacy issues: Associated with Medical IoT systems and the need for implementing suitable countermeasures to enhance the resiliency of these systems to cyber attacks have been discussed in Gaurav et al. (2022). 9. Identity-based privacy protection algorithm: For cloud computing is proposed in Li et al. (2023). 10. Data security issues: Data breach and data loss are likely to happen in cloud due to security vulnerabilities and insider threats. In addition, data remanence also leads to security attacks.
continued on following page Table 5.

Layer Security attack Solution approaches
Perception Layer Node capture attack -A hacker may tamper with an IoT device physically or electronically to extract secret key information and data and to impersonate a legitimate node, inject messages, or attempt passive attacks Lightweight Extensible Authentication Protocol (LEAP) protocol enhances the authentication and access control mechanisms. This can reduce the occurrences of node capture (Keerthika & Shanmugapriya, 2021).
Compromised node attack -A legitimate node would be controlled by an attacker for an adversary action A behavior-based algorithm compares the behavior of neighboring nodes with one another and identifies the node with misbehavior (Xie et al., 2019) Replication node attack -In this attack a malicious node can use the ID and keys of a legitimate node This can be resolved using a unique pair key method. In this method, for every pair of nodes in a network, a unique pair of keys would be generated using cryptographic methods. So, whenever a new node is joining the network, it must establish communication with other nodes of the network using a unique pair of keys. Here, every pair of nodes would have its own unique pair of keys, and this thus eliminates the replication node attack (Xie et al., 2019) RF jamming attack -In this attack, an attacker sends radio signals to disrupt the communication between the RFID reader and legitimate tags (Akhtar & Feng, 2022) The use of frequency hopping or direct sequence spread spectrum makes the transmission to spread over a wider frequency band which makes it hard for the attacker to create jamming signal for interference Antijamming algorithms can be used to identify jam signals and to remove them for a reliable communication Tag cloning attack -In this attack, the identity related information from a legitimate tag are captured and used for a cloned tag Floyd-Warshall Algorithm creates a graph representation of nodes in the IoT network which detects nodes that have the same identity information and detects the cloned tag from the differences in the short path distances (Huang et al., 2020) Spoofing attack -In this attack, a legitimate node is impersonated by using its Media Access Control (MAC) address, IP address, or Global Positioning System (GPS) data Implementing software defined wireless networking (Mohammadnia & Ben Slimane, 2020) Network layer Replay attack -An attacker fraudulently delays or resends valid data or commands to a receiver to misdirect the receiver Implementation of time synchronization-based methods and nonce valuebased methods is difficult. So, an efficient mutual user authentication and secure-session-key-agreement-based method would be more useful to eliminate the replay attack (Feng et al., 2017) Sybil attack -In this attack a malicious node called Sybil node having multiple identities (which are obtained either by stealing or by creating fake IDs) attacks the integrity of an IoT network Implementing unique and verifiable identities for each device prevents the creation of fake IDs By analyzing the behavior and resource usage patterns, Sybil attack can be detected and eliminated (Rajan et al., 2017) Sinkhole attack -In sinkhole attack, the entire traffic from a specific area is diverted by a compromised node to a sink. Here hoping that there exists some best route, the other nodes send the packets to sinkhole where the data will be compromised Sinkhole Attacks can be handled by using secure routing protocols that authenticate the nodes and verify the path before forwarding the traffic The network traffic would be analyzed by calculating the number of Destination Oriented Directed Acyclic Graph Information Object (DIO) messages. The nodes for which the DIO exceeds the Upper Control Limit would be detected as sinkholes (Hachemi et al., 2020) Blackhole attack -Node compromised by a blackhole attack attracts the incoming traffic by advertising that the wrong path that it has, as the small route to destination and drops the data without forwarding (Ali et al., 2018) Enhanced authentication to ensure only legitimate nodes can participate in the communication Intruder detection and monitoring Wormhole attack -Wormhole attack is an internal attack which listens to the network activities without changing them (Goyal & Dutta, 2018) Ad hoc On-Demand Distance Vector typically results in shorter routes whereas in wormhole attack a tunnel is created between two distant nodes. Based on this difference, wormhole attack can be detected and eliminated (Goyal & Dutta, 2018) Man-in-the-middle attack -In this attack a malicious node is inserted between two legitimate nodes for different attacks Mutual authentication between the nodes helps to ensure the verification of the nodes DoS attack -Requested service is not available to legitimate users Regression modeling analyzes historical data and detects DoS from network traffic and resource utilization patterns (Nitiynandan & Kamalakkannan, 2022) Sniffing attack -This attack intercepts the traffic and tries to grab plain data Encryption, secure protocols, and traffic monitoring prevent sniffing attacks (Ingham et al., 2020) Moreover, the following research explores different security issues in cloud-based IoT applications. The work of Deore et al. (2022) primarily focuses on the analysis of possible security threats for cloud-based IoT systems along with techniques of cryptographic solutions to address the identified challenges. In Stergiou et al. (2023), the authors have described security and management challenges of cloud computing while handling the big data exported from IoT. The authors discussed how cloud computing contributes to security and privacy related concepts during the integration of IoT-based big data. In Ahmad et al. (2022), a comprehensive survey on cloud-based IoT architectures, services, configurations, and security models has been done with a classification of cloud security concerns in IoT. The authors have classified the security concerns into four major categories: data, network and service, application, and people-related security issues. The research work by Bonkra and Dhiman (2021) explores various IoT cloud security challenges and how data on the cloud-IoT platform might be protected. In Mohiuddin and Almogren (2020) the authors performed a study to investigate the challenges and strategies adopted by cloud computing to facilitate a safe transition of IoT applications to the cloud. In Zhou et al. (2017), the authors introduced an architecture, unique security, and privacy requirements for the next generation mobile technologies on cloud-based IoT along with efficient privacy preserving authentication method.

Solution Approaches to the Security Issues in the Integration of the IoT and Cloud
As cloud has been serving as an infrastructure-backbone for various organizations over a decade, it has gone through a set of known security vulnerabilities which can be handled via the existing cloud security services. When an IoT system is integrated, the security mechanisms at device layer must be tightened with rigorous authentication and authorization measures. In Alizai et al. (2018), a lightweight, multi-factor authentication scheme has been described. In Zhou et al. (2019), one-hashing and XOR-based two-factor authentication has been presented. In Ahmed et al. (2021), special focus has been given to machine learning-based authentication and authorization.
Like any other user, an IoT system interacts with the cloud via gateway. Very often, the IoT system contains their devices scattered across different geographical locations, utmost care must be taken in maintaining the device integrity. Software-defined networks (SDNs) offer unique and attractive solutions to manage large scale IoT networks. SDN-IoT network collaboration can be established with enhanced security by transforming heterogeneous controllers into a homogeneous group of controllers as presented in Sood et al. (2020). In addition to the efficient device management, the availability of the IoT ecosystem must be ensured. Distributed DoS attacks can be addressed by obtaining probabilistic knowledge about whether a user is malicious or not by observing the network for a long time with Bayesian game theory-based solution as described in Dahiya and Gupta (2021).

Layer Security attack Solution approaches
Application layer

Code injection attack -Attacker inserts a malicious code in the application
Validation of inputs, secure code practices, regular security updates, testing the applications for vulnerabilities related to code injection Buffer overflow -An attacker can overwrite the memory of an IoT application Input validation and bound checking Hardware assisted buffer overflow detection and elimination (Xu et al., 2018) Phishing attack -Email or message of higher-level authority would be used for attack Strong authentication mechanism helps in eliminating phishing attack Email filtering and anti-phishing solutions can prevent phishing Phishing attacks can be addressed in a proactive manner by aggregating signatures of legitimate websites at the source (Nirmal et al., 2020) DoS attack -an attacker, as though a legitimate user, logs into the application and creates DoS Message Queuing Telemetry Transport protocol, Advanced Message Queuing Protocol, and Constrained Application Protocol can be implemented with a rate limiting mechanism to limit the number of messages from a single source (Swamy et al., 2017)  Further, an intrusion prediction system which can predict botnet in Automated Guided Vehicles (AGV) has been presented in Shaikh et al. (2022). The IoT devices must be continuously monitored for their proper behavior. There are solutions such as the one discussed in Cvitić et al. (2021), which classifies the IoT devices into different classes according to the network traffic generated by them and helps in the monitoring and management of large heterogeneous IoT environments. Different kinds of Intruder Detection Systems (IDS), like hostbased IDS for monitoring devices and network-based IDS for monitoring the IoT network, should be included for the detection of potential intrusions and anomalies. Ensemble learning Catboost model with Bayesian optimization approach has been described for efficient detection of malicious activities and anomalies has been described in Nayak et al. (2022). Document Object Based cross-site scripting vulnerabilities in mobile cloud-based online social network can be alleviated by runtime Document Object Model (DOM) tree generator and nested context-aware sanitization-based framework (Gupta et al., 2017). Chaotic whale crow (CWC) optimization framework for secure data communication and routing based on selected trusted nodes which are identified through various direct, indirect, forwarding rate, integrity, and availability factors has been descried to resolve the security issues associated with IoT networks (Raj & Pani, 2022). In Li et al. (2019), a framework to enhance the security of the cloud-based IoT context through trustworthy cloud services has been presented. Also, an identity-based privacy protection algorithm for cloud computing is proposed in Li et al. (2023).
IoT devices are shipped with default password settings. These passwords should be updated (Russell et al., 2015). Firmware and software updates must be done securely (Bettayeb et al., 2019). Implementing new industry-wide standards and best practices help to resolve security in IoT (Karie et al., 2021). Further, implementation of security must be considered in the design stage itself. Security features such as secure firmware, strong authentication mechanism, and secure coding must be thought over during the design stage itself. Each device type must be configured correctly for its application and security setting. Any misconfiguration may lead to potential threats. The debugging ports which are used for testing the IoT devices and applications should be closed once the debugging is completed. Vendors of IoT tools and devices must explore the possibility of explicitly providing more control and visibility without compromising the security. Security penetration testing and vulnerability scanning should be done regularly to detect weaknesses in the IoT network and to take appropriate countermeasures. Logging all activities in an IoT network stores information about various activities, events, and interactions within the system, including user actions, device operations, network traffic, and security events. Log records help to identify security threats and malicious activity in an IoT environment. Security auditing evaluates the security practices and processes in order to assess their compliance with security standards and regulations. It also helps to detect weaknesses in security implementations. Security compliance testing must be performed as a routine task. It ensures that appropriate security measures have been taken to safeguard the assets

IoT CLoUd INTeGRATIoN PLATFoRMS
The integration of IoT and cloud is preferred to meet the needs of many real-life applications, such as smart city, smart home, healthcare, agriculture, etc. The integration is simplified with the help of commercially available IoT-cloud integration platforms. The commercially available integration platforms are preferred to one's own platform to cloud due to the following reasons: 1. At first, one must validate the business case under study with the proposed integration platform to check whether the all the requirements of the problem in hand would be fulfilled by the platform. 2. Various technical challenges are associated with the development of an integration platform. 3. A large development team is required. 4. The process of developing one's own platform is time consuming. 5. Implementing security would be one of the major concerns.
In contrast to these difficulties, the commercially available IoT-cloud platforms are available as already proven solutions. Such platforms can immediately cater to the needs of large scale IoT applications. IoT-cloud platforms provide a seamless connectivity between the IoT system and cloud. So, the IoT application can securely avail different services offered by the cloud. These platforms facilitate the development of a cloud-based IoT ecosystem in short time. The IoT-cloud platform sits as an intermediate layer between the IoT system and cloud, as seen in Figure 2.
As in Figure 2, the IoT system consists of sensors and protocols that transmit the data to IoT cloud platforms. As mentioned earlier, the platform is the gateway to access various capabilities including device connectivity and management, data storage, data processing, visualization, and security. To provide an insight about IoT-cloud platforms, a brief overview about the most popular IoT-cloud platforms, namely AWS IoT platform, Microsoft Azure IoT platform, Cisco IoT Cloud connect, IBM Watson IoT, and Google Cloud IoT, has been described in the subsequent subsections.

AwS IoT Platform
Different services of AWS IoT platform include: 1. AWS core service: This service establishes a secure connection and interaction between IoT devices and cloud application. It can access billions of devices, process the messages from all devices, and keep track of devices. 2. AWS IoT device service: This service monitors IoT devices for their functionality at a large scale and troubleshoots the malfunctioning of the devices. 3. AWS IoT device defender: This service provides security. It creates and manages device identity, device authentication, and device authorization and provides data encryption. 4. AWS IoT analytics: This service facilitates analysis of huge data collected from IoT devices using machine learning algorithms. 5. freeRTOS: This is an operating system for microcontroller, and it can be used in edge computing for performing real-time tasks. 6. AWS IoT Greengrass: This service is used to build and manage IoT application at the edge.
In AWS IoT platform, AWS IoT device defender performs the security related functions as shown in Figure 3 (Amazon Web Services, n.d.).

Figure 3. AWS IoT device defender in implementing security related functions
Security related use cases of AWS IoT device defender include: • Authentication and authorization with X.509 device certificate. • Continuous monitoring of security metrics collected from an IoT device with the help of AWS IoT core. • Update device for firmware and software updates with the help of AWS IoT device management. • Establishment of device connection, identity creation, control, and management using AWS IoT management. • Analysis of security related metrics using machine learning algorithm for detecting anomalies.
• Continuous monitoring and detection of attack vectors and initiation of the mitigation process.

Microsoft Azure IoT Platform
The core services of Microsoft Azure-IoT platform are categorized into devices, insights, and actions.
The following are the devices: 1. Azure IoT Hub Device provisioning service: This service facilitates the registration of IoT devices in a large scale in a secure manner. 2. Azure-IoT Hub: This service is the cloud gateway service used to connect and manage IoT devices.
The following are the insights related services: 1. Azure Stream Analytics/Azure HDInsight: It performs near real-time analytics. 2. Azure Data Explorer: It is used for storing and analyzing large volumes of data. 3. Azure Data Lake Storage: It stores large volumes of data. 4. Azure Machine Learning/Azure Databricks: It analyzes stored data.
The following are the actions (management and business integration) and related services such as: 1. Power BI: It connects to AI-based models and enables data-driven decisions. 2. Azure Map: It helps to create location-aware applications. 3. Azure Cognitive Search: It provides a cognitive-based search facility. 4. Azure API Management: It provides a single place to manage all APIs. 5. Azure App Service: It deploys web applications at scale. 6. Azure Mobile Apps: It builds cross platform and native mobile apps.
When a new device is created, Azure-IoT Hub provides two authentication methods for establishing communication between the device and the hub. They are Shared Access Signature (SAS) token-based with symmetric key authentication and X.509 certificate-based authentication. Also, in the Azure IoT platform, Azure security centre for IoT (InfoQ, 2019) service provides end-to-end security for IoT deployment, as shown in Figure 4. It helps in identifying security threats and responding to emerging threats and handles issues in configurations. Azure Security Center for IoT also creates ranked lists of possible misconfigurations and insecure settings, allowing IoT administrators and security professionals to fix the most important issues in their IoT security posture. It creates a list of potential threats, ranked by importance, so that the security operators can remediate problems.

Cisco IoT-Cloud Connect
Cisco IoT-cloud connect is a mobility cloud-based software suite. It fully optimizes and utilizes the network. Cisco provides IoT solutions for networking, security, and data management. The following are services provided by Cisco IoT-cloud connect: 1. It provides granular and real-time visibility over every level of network. 2. It provides updates for every level of the network. 3. It protects the control system from human errors and attacks. 4. It provides increased visibility and control by defending malware and intrusion and offers centralized security controls.
As a secure network-as-a-service, it can optimize the performance and security of every connection, providing end-to-end protection for users and devices across multiple clouds and networks.
It protects the entire IoT systems against every aspect of the unpredictable by securing each device, user, and point of attack to stop more threats.
The key point in Cisco IoT-Cloud Connection with respect to security is the implementation of security foundation using trust relationship between the entities of the IoT system, as shown in Figure 5 (LearnIoT, n.d.). Trust is built across different layers and entities of IoT using the following aspects: 1. Only authorized and trusted devices can connect to the network. 2. Trust is established among the entities using strong authentication with certificates and robust access control mechanisms. 3. Trust across layers is brought by secure communication by using encryption protocols like IPsec, TLS (Transport Layer Security), etc. 4. Cisco builds trust by implementing continuous threat monitoring. 5. More importantly with security analytics and visibility services, Cisco gains deeper insights about the IoT environment.

IBM watson IoT
IBM Watson IoT Platform -Message Gateway (IBM, n.d.) is the core service of IBM Watson IoT platform. It connects users and devices on the Internet to the platform through Message Queuing Telemetry Transport (MQTT) protocol with two kinds of publishing, namely point-to-point messaging and topic-based publish-subscribe messaging. The platform investigates the data from devices and extracts the meaningful information for better decisions. It optimizes the operations and resources. It provides AI-based real-time analytics, domain expertise, flexible solutions, and security. Also, analytics as a service is an add-on of the platform.
The IBM Watson IoT Platform offering integrity for IoT solutions with security by design, certified under the International Organization for Standardization (ISO) 27001 standard, which defines the best practices for information security management processes. Basically, it implements security using authentication, authorization, and encryption.
The platform supports connectivity over TLS v1.2. Certificates and security policies can be used to enhance device connection security. Blacklists can be used to specify devices that are not allowed to connect. Whitelists can be used to allow specific devices to connect. Also, IBM Watson IoT Platform Advanced Security visualizes critical risks and enables the creation of policy-driven mitigation actions.

Google Cloud IoT Platform
The main components of Google Cloud IoT platforms (Google Cloud, n.d.) are as follows: 1. Device manager: It is used to register the devices. 2. Protocol bridges: The registered devices connect to the IoT platform using MQTT or HTTP. 3. Cloud Pub/Sub: This component receives the forwarded data and triggers cloud functions.
Google IoT-cloud provides a multi-layered secure infrastructure for building an IoT ecosystem with improved operational efficiency and predictive maintenance of equipment. It analyzes the data using machine learning algorithms and provides immediate business insights.
Google IoT-cloud platforms provide end-to-end security using asymmetric key authentication. Each device is authenticated individually with a pair of keys. Google IoT-cloud provides the following cryptographic algorithms for signing and verifying digital signatures:

ES256_X509: This combination refers to the combination of the Elliptic Curve Digital Signature
Algorithm with the X.509 certificate format. 5. The communication between a device and cloud is taking place using TLS v1.2: Which provides strong encryption and protection against eavesdropping, tampering, and data forgery during data transmission. It uses symmetric and asymmetric encryption algorithms to establish secure connections. 6. Cloud-IoT Core API access: Is controlled by Identity and Access Management (IAM) roles and permissions.

How IoT-Cloud Platforms Make the Integration Simple and Secure
The IoT-cloud integration platform can resolve the security challenges effectively and enables a seamless integration. At first, loud computing has been a well-established and mature technology for over a decade, the security aspects have been thoroughly developed and reinforced through various tools and platforms. Several industries use the cloud as their primary infrastructure to support longterm data storage and data backup for recovery during disaster and to perform deeper analytics using historical data. Secondly, cloud is employing several AI-based techniques to monitor and detect security related issues. In addition, predictive algorithms assist in taking appropriate countermeasures against the anticipated issues. Cloud proactively implements various security mechanisms against both known and predicted vulnerabilities. Ultimately, the security attacks in IoT devices and networks can be addressed efficiently through the specialized security services of IoT-cloud platforms: 1. Centralized security management: At first the IoT-cloud platform permits for implementation of centralized security management. The devices of IoT networks would be monitored in a unified manner and help in enhanced security governance across the large deployment of IoT devices. 2. Centralized device registration: Each device must be registered in the IoT-cloud platform which prevents the inclusion of any unwanted or malicious device into the network. 3. Centralized device integrity: No new device can enter the cloud-based IoT network without device registration. Only registered devices can connect to the cloud after proving their authentication. Further, according to ACL and RBAC, the device will be given permission to access the resources according to the previously defined privileges. This ensures device integrity.
The key point to be noted here is that the integrity is achieved in a centralized manner. 4. Enhanced authentication and authorization: IoT cloud platforms, by implementing stringent authentication protocols and robust access control policies, prevent unauthorized access and device impersonation. 5. Secure data transmission: IoT-cloud platforms help in ensuring the communication of data in its encrypted form with the help of encryption protocols like TLS. 6. Secure data storage: Cloud provides secure storage of data along with proper storage-access controls. This helps to maintain the integrity and confidentiality of data. 7. Continuous security monitoring: The IoT-cloud platforms provide services for continuously monitoring devices, behavior of devices, networks, workloads, applications, etc. in an end-to-end fashion and collect data related to security metrics. These metrics are analyzed to identify the security related threats and to raise alerts for suitable countermeasures. 8. Regular software update: The IoT-cloud platform makes the update of firmware, software, and configuration settings easier. 9. Regular security audit and compliance: Security audit and compliance becomes a part of the regular tasks of the IoT-cloud platforms, which helps to ensure that proper security processes are in place to safeguard the assets. 10. Data life cycle management: The platform helps to enhance data security and data privacy through data life cycle management.
11. Intruder detection: With efficient monitoring tools, the platform performs routine intruder detection across IoT networks and across different layers of cloud. 12. Predictive analytics for detection of potential threats: The entire IoT ecosystem is monitored for threats using AI-based algorithms. The prediction helps in taking proactive countermeasures in case a weakness is predicted.

FULFILLMeNT oF BASIC SeCURITy ReQUIReMeNTS IN AN IoT eCoSySTeM
Basic security requirements of any IoT system should include confidentiality, integrity, availability, and privacy. How these requirements are fulfilled across different layers of a cloud-based IoT system is discussed in this section: 1. Confidentiality: Confidentiality refers to the prevention of data from being accessed by unauthorized persons. This requirement is built based on authentication and authorization. With respect to the perception layer, the data and programs should be protected from disclosure and tampering. In the communication network layer, it should be confidentially transferred. Also, confidentiality should be maintained during storage and processing. In the application layer, the data should be accessed by the specific user for whom it is intended. Authentication and authorization play a vital role in implementing confidentiality. Authentication verifies one's identity. Authorization grants or denies access to resources based on access privileges, permissions, and roles. With these mechanisms, unauthorized access to data is prevented, and thus confidentiality is maintained. 2. Integrity: Integrity refers to the protection of data and programs from being altered by unauthorized users. In the perception layer, in addition to data and programs, the integrity of a device is very important. During communication, storage, and processing the integrity of data should be preserved. In the application layer, integrity of data and application programs should be preserved. Here also, by authentication and authorization, access of resources by unauthorized persons can be prevented. Data integrity will be maintained. 3. Availability: Availability ensures that all IoT services and devices are accessible only to legitimate users. By authentication and authorization, IoT platforms can prevent DoS attacks and can ensure that system resources are available only to legitimate users. 4. Privacy: Privacy protects the personal or sensitive information of a user from other individuals.
It is more relevant to the application layer. Through implementation of strong authentication and strict access control, exposure of sensitive information may be prevented.
Thus, authorization and authentication are the very basic mechanisms to realize confidentiality, integrity, availability, and privacy. The fulfillment of basic security requirements across the different layers of a cloud-based IoT ecosystem is given in Table 6.
As defined in Pal et al. (2020), there a many other security requirements like key management, trust, non-repudiation, accountability, usability, reliability, data-freshness, load balancing, mobility, fault-tolerance, location-privacy, etc. So, the security administrator and operators must analyze the security requirements for a particular IoT application in hand. In addition to the basic security requirements, the consumers must necessarily implement the additional security requirements according to the application requirements. The consumers should keep in mind the shared responsibility model of cloud security and implement the required security services from the cloud to meet the specific security needs of the application. Further, the consumers should be conscious of the inclusion of various security related attributes into the Service Level Agreement (SLA). The security solutions should be provided by the providers according to the level mentioned in the SLA.

LIMITATIoNS
Apart from the benefit of cloud in providing the resources for storage, processing, analytics, and visualization for IoT applications, the integration of IoT with cloud has brought in increased security challenges on the both sides. This means that the vulnerabilities in the cloud may influence the IoT system and vice versa. So, robust security mechanisms must be implemented and security monitoring should be done to proactively look for security weaknesses and perform timely countermeasures. IoT-cloud platforms facilitate the secure integration through the readily available proven best security practices. The following are major limitations in the cloud-based IoT environment: 1. Ensuring privacy in a cloud-based environment is very difficult due to variations in the laws and regulations of privacy among countries, while cloud inherently deals with data storage across different geographical locations. 2. Despite the best security implementation, human errors may occur in the configuration of infrastructure related settings, platform related settings, application related settings, and security related settings. 3. Lack of visibility into devices and their internal operations (as vendors do not reveal much information to users) makes the user configure the devices with flaws, which again poses serious issues. 4. Implementing access control is really challenging in a large scale computing environment where numerous devices, users, and gateways are interacting with one another. As access control is implemented through various forms like ACL, RBAC, ABAC, and other policies while dealing with several platforms, applications and hardware, it is more likely for the error to occur. 5. Despite the implementation of security tools, insider, or intruder threats in both the IoT environment as well as cloud environment post still a big issue as both the industries are involved with a wide range of stakeholders, like device manufacturers, third-party hardware and software vendors, service providers, certificate providers, etc.

CoNCLUSIoN
The IoT world is growing with an exponential increase in the number of devices connected to the Internet. Cloud computing becomes an inevitable element of an IoT ecosystem to provide resources for storing IoT data, to assist in the analysis of data, and to support visualization and actions. Obviously, the integration of cloud and IoT increase the security threats on either technology. The IoT system may get exposed due to the security vulnerabilities and vice versa. This paper comprehensively reviews the security issues that are likely to occur while both get merged. For an industry, developing its own connectivity solution to cloud involves more effort, a high cost, and a long time. Despite these, the business case needs a proof-of-validation before its development. Here, commercially available IoT-cloud platforms readily enable industries to simplify the integration. Moreover, it is packed with several security mechanisms to address the evolving security issues. Machine learning algorithms are extensively used for predicting potential threats and so people can take appropriate security measures in time to protect the resources. Cloud extends its centralized security monitoring and management services to cover a wide range of tasks to maintain device integrity, data protection, system availability, and privacy protection. Despite all these security measures, one cannot ensure that an IoT ecosystem is completely safe and secure due to manual errors, insider threats, intruders, physical threats, and threats associated with third-party vendors and service providers themselves. Apart from these, in the future IoT is moving forward to its next generation with more and more devices, 5G and improved connectivity, edge AI, etc. which will obviously require robust security measures. Future research needs to address the security needs of next-generation IoT networks.