Article Preview
TopIntroduction
The IoT has become a buzzword in recent years. First and foremost, try to comprehend the meaning of this term. The IoT comprises two words: the Internet and things (Yashiro et al., 2013). The Internet is referred to as a “network of networks” in the networking field. The following word, “things,” refers to any electronic device that is connected to the Internet. Air Conditioner (AC) in our home is connected to our phone via the Internet. When we leave the office, AC will access our location from our phone's GPS and will turn on automatically. With sensors and actuators, AC will automatically sense the outside temperature and adjust the room temperature accordingly. IoT devices do their work efficiently, that is why these devices are called smart devices. Almost every device that we have has become a smart device. Two decades ago, we just had cell phones, now they are called smartphones, and these advancements are not over here. We have smartwatches, smart bulbs, smart fans, smart refrigerators, etc. Smart City is the best and most complex type of IoT structure because it includes all IoT devices (Memos et al., 2018).
The primary function of a smart device is to communicate directly to give services without human intervention (Tahsien et al., 2020). IoT is an interconnection of different devices in which one domain device is communicating with another domain device to provide reliable services. These devices run on different architecture and use different types of communication technologies and protocols. The interconnectivity of devices, on the other hand, creates enormous security issues.
Security and privacy are important topics in IoT, but there is less focus on these parameters because the main aim is to make the device smart with fewer resources. Due to the characteristics mentioned above, IoT devices are easily attacked (Abomhara & Koien, 2015; Ahmed et al., 2019). Attacks on IoT can be categorized into active and passive attacks (Nawir et al., 2017). Active attacks are those attacks where invaders try to manipulate the functioning and services of the system. These attacks include the Sybil attack, a man in the middle attack, Denial of Services (DoS) attack. In contrast, passive attacks are where the intruder is accessing user information without their knowledge. Passive attacks include eavesdropping and analyzing traffic patterns. Privacy leakage is the effect of a passive attack (Tahsien et al., 2020). There are several ways attacks can take place, including denial of service attacks, data breaches, and malware infections. Denial of service attacks can disable devices or networks by overwhelming them with traffic, while data breaches can occur when attackers gain access to confidential information. Malware infections can allow attackers to take control of a device or use it to launch further attacks. Fortunately, there are several security solutions that can help to protect against these attacks. By implementing these solutions, resource constrained IoT devices can be better protected against the growing threat of attack.
The application of IoT can be seen in every industry. There have been a great number of investigations into the privacy and safety of IoT, the majority of which are still in the testing phase of their development. Therefore, the purpose of this study is to investigate the IoT in its entirety, from the system's architecture to its various layers of security. In attempt to make this manuscript up to date, the authors incorporated findings from more recent studies.
In this study, attacks on IoT and security solutions are discussed. The remaining sections are divided as follows: Section II summarizes the related work and briefly highlights the contribution of this study. Section III demonstrates the IoT elements and their working; this section provides details of different architectures and elements used in IoT and their functioning of IoT devices. Section IV explains attacks on IoT; provides details of different IoT attacks. Further, IoT attacks are divided into two categories physical and cyber-attacks. Section V provides detailed security solutions; these solutions are divided into four categories. Section VI is about making IoT systems secure; this section provides future directions and details of steps that should be taken to enhance IoT security. The last section is the Conclusion, which provides a summary of the manuscript and the challenges that occur in IoT security.