Layer-based examination of cyber-attacks in IoT

2022 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA) | 978-1-6654-6835-0/22/$31.00 ©2022 IEEE | DOI: 10.1109/HORA55278.2022.9800047

Ahmet Nusret ÖZALP Zafer ALBAYRAK Muhammet ÇAKMAK Erdal ÖZDOĞAN

Computer Engineering Department Computer Engineering Electric-Electronics Engineering General Directorate of Basic
Karabuk University, Department Department Education Ministry of National
Karabuk, Turkey Sakarya University of Applied Karabuk University, Education
ahmetnusretozalp@[Link] Sciences, Karabuk, Turkey Ankara, Turkey
Sakarya, Turkey muhammetcakmak@[Link] erdalozd@[Link]
zalbayrak@[Link]

Abstract—The Internet of Things (IoT) is a network of millions literature, studies are recommended to take measures
of smart devices and sensors connected to a network. These according to the usage areas of IoT devices, protocol
devices are used in smart cities, public transportation, smart structures, and security policies of networks [4]. It is also seen
grids and power transmission lines. Considering IoT devices as that Machine learning algorithms are used in architectures
a sensor that can be connected to a computer network, it has
designed to secure the networks to which IoT devices are
been seen that they are under many cyber threats. In this study,
the concept of security in IoT devices is expressed according to connected [5,6]. In particular, the security of IoT devices in
layer architectures, and security requirements in IoT devices production-oriented networks must be ensured according to
cloud layer, application layer, network layer, data layer, and the continuity and accuracy analysis. In this regard, Mrabet et
physical layer are analyzed. Possible vulnerabilities and attacks al. (2020) has worked on IoT security based on layered
against IoT devices have been examined by layers and next, IoT detection and data analysis architectures. As seen in Table 1,
attacks are classified and layer-based security requirements are in the classification made according to IoT security levels,
explained. security risks emerge more prominently. This situation shows
the importance of layer-based security analysis. For this
Keywords— cyber security, cyberattacks, internet of things
networks, sensors, vulnerability
reason, IoT devices must be configured correctly according to
possible attacks.
I. INTRODUCTION
Today, Encryption algorithms are used against attacks on
The most important feature of the Internet of Things (IoT) IoT devices and filtering techniques are used for some
is its widespread use and easy adaptation to computer security threats. Some architectures, as shown in Figure 1, are
networks. It is widely used in areas such as health, e-city, proposed to ensure security in IoT networks using machine
smart buildings, production, and energy transmission lines learning algorithms. Such recommendations are usually based
[1]. The IoT network can be easily accessed and information on the layer architecture. With various security control
can be collected from a large number of sensors recommendations, it is aimed to reduce the exposure rate of
communicating with each other. The increase in IoT networks IoT devices at the physical layer to attacks. When the usage
along with the decrease in sensor costs has revealed the areas of IoT devices are examined, it is seen that most of them
security requirements of IoT devices. In this architecture, are connected to the internet environment. According to
where many devices can be connected due to privacy and Statista's 2020 data, while the number of devices available is
security problems, the number of attacks including security 22 billion, it is expected to reach 50 billion in 2030. Increasing
vulnerabilities such as authentication, access control, privacy, attacks on devices in this rapidly expanding field have led
data integrity, and device management is increasing [2]. One researchers to focus primarily on security vulnerabilities. It
of the reasons for the increase in attacks against IoT devices enabled IoT devices to be integrated into the developing cloud
is that they have weak encryption algorithms. Home-based technologies by connecting to the network. Thus, it was
IoT devices are becoming a part of daily life. For analysis and revealed that cloud architectures should also be evaluated
comparison of incremental attacks on these devices, studies according to security policies [5]. The use of IoT devices,
have been done [3]. In attacks against IoT devices, devices especially in critical areas such as health and energy
with limited memory are commonly manipulated with packets transmission lines, creates a priority assessment of attack
sent to the devices. For example, with Distributed Denial of risks. In the cybersecurity policies that are generally
Service (DDoS) attacks, the device is denied service at the evaluated, the layers where the devices are active are taken
network-layer level because it consumes resources and sends into account [6]. When this approach is applied to IoT devices
repeated packets. Malware attacks can prevent the software with weak encryption algorithms, the evaluation of layer-
on the device from working properly. One of the other attacks based risks facilitates the detection of attacks and taking
is by manipulating the network by interfering with the data precautions [7-10].
exchange between IoT devices or by simulating another IoT
device. For this reason, the necessary configurations of the
devices should be made against possible attacks. In the
978-1-6654-6835-0/22/$31.00 ©2022 IEEE
Authorized licensed use limited to: UNIVERSITE DE TUNIS EL MANAR. Downloaded on January 01,2023 at [Link] UTC from IEEE Xplore. Restrictions apply.
 All Information
according to vulnerability types. Suggestions were made for
Application Layer
Services Intelligent IoT device security and management. It is thought that
Information
Transfer
working with these features will be a resource for researchers

IoT Network Securıty Management

who will work in the field. The rest of the work is organized
Cloud computing as follows. In the first section, information about IoT
Support Layer
Smart Calculation technologies and IoT security is given. The current status of
IoT devices regarding security problems and literature studies
Mobile Network have been examined. In the second section, the security
Communication
Network Layer Protocol Nets, architectures of IoT devices were investigated. Areas, where
Network Devices, IoT devices are widely used, were identified, and possible
Communication
Protocols attack points and attack profiles were revealed. In the third
section, the studies against vulnerabilities and attacks in areas
Physical Layer Sensors, where IoT devices are widely used are examined. For this
RFID, GPS purpose, the strengths and weaknesses of the protocol-based
encryption algorithms are emphasized while examining the
Fig. 1. IoT layer architecture. IoT connection protocol properties. In the fourth chapter,
This situation motivated us to work in this field. The use attacks against IoT and IoT security vulnerabilities are
of IoT devices, especially in critical areas such as health and examined. Next-generation attack types are classified
according to the physical layer, data layer, network and
energy transmission lines, creates a priority assessment of
application, and security layer [Link] the fifth section,
attack risks. In the cybersecurity policies that are generally
while existing vulnerabilities are evaluated in terms of IoT
evaluated, the layers where the devices are active are taken devices, layer-based attacks are examined according to the
into account [6]. IoT security architecture. Finally, the findings are
TABLE I. EXAMPLES OF IOT ARCHITECTURE AND SECURITY LEVELS [6] summarized and possible future studies are discussed in the
Security Security
results section.
Layer Data Policy Threats &
Attacks II. BACKGROUND
Data and Cloud AWS IoT AES Poisoning
Services Bosh IoT RSA Evasion IoT devices are used in many applications to facilitate
Cisco IoT ABE Impersonate human life. An IoT device is encountered wherever there are
Google IoT Inversion
Oracle IoT
computer networks, from transportation to dark factories or
from smart buildings to smart cities. IoT devices have the
Application Layer Web sockets, AES Mirai malware ability to easily integrate into mobile networks and expand
MQQT RSA IRCTelnet
CoAP ABE Injection the network. With this feature, the fast-growing network
HTTPS structure reveals problems in protecting the confidentiality
SMQTT
and integrity of data. Information security problems can be
Transport Layer TCP/IP IDS TCP flooding
TLS/SSL Authentication UDP flooding seen in Table 2, analysis and solutions for security
UDP/IP SYN flooding requirements in the IoT ecosystem. With the increasing
De-
synchronization number of IoT devices and the expansion of networks,
network analysis and attack detection studies are carried out
Network Protocol DSM/UMTS, RSA DDoS using machine learning and deep learning methods. There
Layer LoRA, Ethernet 3DES Privacy tracking
LTE AES MiTM have been studies investigating IoT devices with specific
NFC DSA Bluebugging methods such as Q learning algorithms as well as machine
Bluetooth, ECDH
WiFi learning and deep learning algorithms [8]. The data collected
BLE with sensors should be transmitted in this ecosystem in line
Zigbee
WiMAX
with cybersecurity principles and data integrity should be
Physical Sensing RFID, Sensors Authentication Eavesdropping protected. When the IoT protocol and security requirements
Layer WSN, WBAN Faraday Cage Cyber-phtsical are evaluated, an architecture similar to the TCP network
QRCode Present RFIS Tracking
model emerges. During the flow of information from the
When this approach is applied to IoT devices with weak physical layer to the application layer, security needs can be
encryption algorithms, the evaluation of layer-based risks examined according to the devices that collect data and the
facilitates the detection of attacks and taking precautions [7- protocols used. At the physical layer, IoT devices collect data
10]. This situation motivated us to work in this field. with the help of ethernet, wireless, mobile networks or
personal networks. 6LowPAN and RPL protocols are used to
In this study; first of all, the studies conducted with the
create a cable sensor network at the stage determined as the
security requirements classification for attacks against IoT
devices were examined, and possible attack risks were internet layer in the TCP reference model. 6LowPAN is used
examined by examining communication protocols and to transport packet data in IPv6 format over IEEE 802.15.4.
properties in the literature. Layer-based measures to be taken With this feature, it is a wireless solution used in IoT
against MiTM, DDoS, and replay attacks, which are networks. It is important that data is sent and transmitted
commonly seen against IoT devices, were examined. Cyber seamlessly from end to end during the Transport Layer phase.
attacks on IoT devices, which are contributed to the studies in User Datagram Protocol (UDP) is preferred for performance
the literature, were examined on a layer basis according to the measurement and evaluation for IoT applications. MQTT,
Open Systems Interconnection (OSI) layer architecture. In CoAP, XMPP, AMQP, and HTTPS are important as IoT
addition, another contribution to existing studies is that protocols at the application layer. In order for data to be
security risks evaluated on a layer basis are compared
Authorized licensed use limited to: UNIVERSITE DE TUNIS EL MANAR. Downloaded on January 01,2023 at [Link] UTC from IEEE Xplore. Restrictions apply.
transmitted securely between transmission points, it must be When the types of attacks are examined according to
encrypted with the Transport Layer Security (TLS) protocol. application areas, we see that industrial IoT devices have a
high risk of attacks. Many of the IoT devices that end-users
TABLE II. IOT ECO-SYSTEM use in daily life are entertainment, security, health, and
IoT Data Connect Inter- Analysis Applications financial devices. Besides, the safety requirements of devices
Fields Receive Types connected and in areas such as energy transmission lines called critical
Metods Data Sets Solution infrastructure should also be taken into consideration. For the
Smart IP Cam ZigBee, Population Deep Cloud security of IoT devices, authentication and access controls
Cities Sensors NFC, Density Data Learning Computing must first be enabled. Studies have shown that devices reduce
Intelligent GPS Wi-Fi, Economic Machine Conect to
Buildings Smart DECT Data Learning Software cyber-attack threats even with simple operations such as
Production Cards ULE, Geographical Data Service software updates [11]. The high number of IoT devices used
and LTE-A, Information Mining Oriented in default settings increases the user-based threat area. It is
Transmit Z-Wave, Systems Analysis Architectures recommended to configure IoT networks that are connected
Facilities DASH7
SCADA to a cloud in a way that their risk is reduced by dividing them
Systems into subnets. When a layer-based security policy is
IoT Security developed, it is seen that threats against IoT devices can be
IoT Management prevented gradually.

When the IoT network structure is examined, we see that III. SECURITY AND PRIVACY
star and mesh topologies are used. Star topology control is During the installation and configuration of IoT
easy. In a mesh topology, IoT devices can communicate with devices, security vulnerabilities reveal authorization
both servers and each other. For this reason, it has a complex problems. Attention should be paid to confidentiality for data
structure that is difficult to control. Because IoT devices integrity and security in computer networks. Poor security
usually communicate with each other, they are widely policies in IoT devices threaten privacy and security
connected to the mesh. Devices connected to the IoT network concepts. Authentication is a critical point in securing IoT
are encrypted and security measures are taken. DDoS or devices and networks. Because authentication policies
replay attacks reduce the memory and energy levels of the should be required for device availability, privacy, and data
traffic devices produced and the devices become out of use integrity. This is mainly due to hardware limitations when
in a short time. The necessity of communication of many assigning authority and user roles [11]. Connection protocols
devices connected as mesh increases the effectiveness of are subject to cyberattacks if default passwords are not
such attacks negatively. For example, access points where changed or updated [12]. For example, Botnet attacks created
IoT devices come out of the internet form the basis of attacks using these vulnerabilities in IoT devices cannot be detected
on mesh networks. by signature-based intrusion detection systems. Permanent
TABLE III. ATTACK TYPES AND TARGET POINTS ON IOT PLATFORMS Denial of Service (PDoS), which has become widespread
with the increase in the number of IoT, is a type of attack that
IoT Points to Application Attack Types
Working Attack Most Area damages hardware and requires reinstallation. Unlike DDoS
Platforms Frequently attacks, devices create an overload by creating demands
End User Wireless E-Health DDoS Attacks through unwanted use [13]. As a precaution, enabling two-
Areas Networks factor authentication will increase the security of the devices.
Speed Transportation Spoof attacks Table 4 provides features of IoT connectivity protocols.
Sensors
NFC Finance Replay
Communication protocols provide a common language for
Attacks devices that can be connected to a network. Connection
PAN Digital Input Authorization protocols are essential components in IoT systems. The type
Fields Upgrade and form of communication directly affect data security.
Industrial Information Energy sector Update Studies in the field of secure communication in IoT devices
Areas Networks Attacks
Radio Signal Traffic Control DDos Attacks examine communication protocols in two parts as sensor-
Networks based and gateway networks [7]. IoT devices face difficulties
GPS Transportation GPS Snoofing in establishing a secure and reliable connection when
Networks Lines communicating in mesh networks. For connections between
Production USB Device Production Single
and Inputs Control Centers Channel
two IoT devices, an authentication-centric connection is
Transmissi Attacks preferred. For example, in the connection between an IoT
on Centers External Production Authorization device and the cloud, hardware security solutions are used to
network exit Communication Upgrade securely communicate with the cloud.
points Centers Attacks
IoT devices connected to the cloud create security zones
Many requests made through these points that are open to the with the gateway devices on the tag. In these architectures,
network cause the system to malfunction over time. In order data link protocols allow upper layers to access data. Sensor
to ensure IoT security, it appears that the firmware updates devices operating in personal networks with limited
of the devices must be done periodically with Transport operating space remain vulnerable to attacks targeting
Layer Security (TLS) /Secure Socket Layer (SSL) encryption wireless technologies. Bluetooth technology is a protocol
[9]. Attack types and target points in IoT platforms are used today, especially in personal networks. Flexible
specified in Table 3. Attack Types and Target Points on IoT operation is one of the main advantages of wearable devices
Platforms. with smart technologies. Scalable networks can be
Authorized licensed use limited to: UNIVERSITE DE TUNIS EL MANAR. Downloaded on January 01,2023 at [Link] UTC from IEEE Xplore. Restrictions apply.
established thanks to the Bluetooth low energy (BLE) and applications. Although the data rate is not sufficient, it is
Bluetooth Smart protocols developed for IoT applications. designed to support wide area networks. It is designed to be
Two new Bluetooth technologies designed to reduce power used in IoT networks in machine-to-machine
consumption problems will play an important role in IoT communication.
communication. ZigBee is a fast communication protocol
Each device has been developed to act as a simple
used in industrial areas despite low data and low power.
server in constrained networks. One of its advantages is that
Despite the high data transfer characteristics of cellular
it can be integrated with the HTTP protocol. Therefore,
networks, it provides limited usage area at high power
LoRaWAN and NB-IoT are developed technologies for IoT
consumption and cost point. It is generally suitable for long-
devices [15]. In LoRaWAN technology, 2 different
distance IoT applications [14]. In addition to the
encryptions are used for data security. These encryptions at
communication protocols Advanced Message Queuing
the network and application layer level use a unique 128-bit
Protocol (AMQP), Message Queuing Telemetry Transfer
session key. Here, with the Advanced Encryption Standard
(MQTT), Low Power Wide Area (LoRaWAN), and Data
(AES) algorithm, end-to-end communication is provided
Distribution Protocol (DDS) communication standards
with keys used as 128 bits. Narrow Band IoT (NB-IoT) is a
should be examined [14]. MQTT is a protocol running on
technology that uses cellular connectivity and provides a
TCP / IP in IoT applications. It is the ideal protocol for low-
wide range of services with low power consumption. In
memory, low-power devices. Structurally, it has three
addition, it is compatible with NB-IoT Long Term Evolution
components: subscriber, publisher, and intermediary. DDS is
(LTE) technologies, which provide solutions to high power
a protocol that offers high performance as well as real-time
consumption problems in IoT devices and data transfer
operation. AMQP is a communication-oriented and preferred
problems in indoor areas.
protocol in IoT networks, while LoRaWAN is used in low-
power IoT devices, especially preferred in smart city

TABLE IV. IOT COMMUNICATION PROTOCOLS FEATURES

Communication Encryption Powerful Weak
Technologies Protocols Type Features Features
Bluetooth AES / ECDH Low power consumption Indetity Tracking
NFC RSA / DSA Simple dissemination Limited Range
G Technologies/ Cellular RSA / 3DES Mobilite Battery limitation
Zigbee AES Low power consumption the only transmission without protection
6LoWPAN AES Low processing No authentication
WI-FI AES Efficient and Mobility Limited area access
WiMAX RSA Authentication support Limited range of motion
MQTT (Application Layer) TLS Providing simple data flow weak protocol, limited message load and QoS
DDS (Application Layer) AES Dynamic use in the cloud Usage in standard area
AMQP (Application Layer) SASL / TLS Message-oriented application Limited application broadcast protocol
CoAP (Application Layer) AES M2M protocol Restricted knot
LoRaWAN AES It supports strong networks Battery limitation

The strength of the encryption technique used increases its be physically unusable. There are also potential security
usability. The application layer supports IoT devices in threats from remote locations by eavesdropping, MiTM, or
connectivity protocols. When connecting devices with these other routed attacks in the form of SQL injection into another
protocols, they must use the same application layer protocols. resource. As well as IoT devices, which provides control of
MQTT is a communication protocol that uses asynchronous these devices applications are becoming widespread. In
communication. A minimum hardware resource is used for addition to hardware security risks, the risks arising from
asynchronous communication between sender and receiver. these applications should not be ignored. Studies show that
Support for Secure Sockets Layer (SSL) / Transport Layer IoT users have application-based risks and concerns about the
Security (TLS) is available for security [15]. IoT devices state, location, functionality, and privacy of devices,
communicate with the MQTT protocol in short-range sensor particularly personal data. One of the security risks in
applications, especially in smart networks. For connection to networks to which IoT devices are connected is different IoT
another network, Representational State Transfer (REST) devices with unknown malware that are integrated as if they
communicates structurally with the HTTP protocol. This were part of the network. There are also some studies to
technology, developed to connect many IoT devices, has a determine if an IoT device is good or bad if the user notices
flexible and easily expandable feature. In this respect, it is a something unusual in the sensor data. Scenarios developed
frequently preferred API in the communication of IoT against attacks on data in network heaps, one of the existing
devices. Constrained Application Protocol (CoAP) enables security models, are considered insufficient. Because
IoT devices to connect to the internet. The main difference in intrusion detection systems are structurally systems that work
HTTP protocol is that it is developed for devices with limited on hardware infrastructure. Sensory analysis of attacks is
capacity. Constrained Application Protocol (CoAP) common in today's intrusion detection systems. Data such as
communicates over User Datagram Protocol (UDP). temperature, humidity and light received through IoT devices
Restricted Application Protocol (RAP) contains physical and are used to detect attacks [16]. Figure 1 shows the IoT security
non-physical security threats. The danger of cloning possible architecture. Looking at the layers, it is seen that the security
software modification attacks on firmware, DDoS attacks can requirements on the devices should be manageable.

Authorized licensed use limited to: UNIVERSITE DE TUNIS EL MANAR. Downloaded on January 01,2023 at [Link] UTC from IEEE Xplore. Restrictions apply.
Considering the layer protocol and data packages, it will be its security. For this reason, it is necessary to create a secure
easier to detect and prevent possible attacks on devices. framework by following the authentication, authorization, and
Networks created by IoT devices are managed by applications secure network policies in the networks formed by IoT
with simple interfaces. In structures connected to a cloud via devices [17]. In summary, identification and authentication
a gateway, vulnerabilities in these applications directly problems in IoT devices continue to be the most basic security
threaten the entire system. In studies using machine learning problem. Layer-based approaches can be used to use methods
algorithms such as Markov chain and Naive Bayes, such as digital certificates and shared keys in IoT architectures
approaches have been put forward by evaluating the quality where user name and password policies are preferred.
of the information leaked by the malicious application
triggered by the sensor. The use of any smart device IV. LAYER-BASED EXAMINATION OF IOT ATTACKS
applications in e-health and smart home systems increases According to the literature research, in this study, attacks
security risks. While smart devices generally work wirelessly, on IoT devices are classified by considering the IoT security
it reveals the extent of risks in smart home systems. The main architecture. When the source data and the purpose of possible
purpose here is to detect malicious devices generating fake attacks are examined, it is deemed appropriate to be examined
traffic on the network. Unlike the network topologies used, in at least five categories.
the dispersed location of the devices is another factor affecting
Layer-based classification of security requirements for vulnerabilities and attacks on IoT

Physical layer-based Data layer-based Network layer-based Application layer-based Cloud layer-based
attack and vulnerability attack and vulnerability attack and vulnerability attack and vulnerability attack and vulnerability
analysis analysis analysis analysis analysis

Fig. 2. Classification of security requirements for vulnerabilities and attacks in IoT.

IoT architecture and possible attack types are examined, a verification analysis of IoT devices. In this layer where the
classification is made as in Figure 2. Analyzes made integrity and confidentiality of the data are important, all tools
according to this classification were examined. Attack types provide this competence in terms of privacy and
and measures that can be taken against these attacks are synchronization.
specified. The classification is based on IoT security
Attack Types and Preventions
architecture.
When the attacks on the physical layer are examined,
A. Physical layer-based attack and vulnerability analysis common threats are wiretapping attacks. In such a case, the
In order to meet the security requirements of IoT devices, signals and data sent by the IoT are monitored. This
scalable communication must be provided first at physical information obtained can be used as preliminary information
application layers. Devices such as IoT sensors and control in the next step or can be manipulated and used as a spy.
systems operating in the field of active manufacturing and Dummy attacks and deactivation attacks occur on hardware
control industries connected to the network form Low Power devices. A decentralized intrusion detection model is
Wide Area Networks (LPWANs). Today, security analyzes recommended against such attacks, especially for tag
for LPWAN are performed using the Scyther tool [7]. In the deactivation. Here, the continuity of the devices can be
analysis of the security layers of wireless and wired ensured by detecting errors by detecting the nodes whose
communication devices, environments such as the content is manipulated or corrupted. Faraday cage is often
visualization of current attacks can be created with the Scyther recommended for simulated IoT devices because they can
tool, which is widely used in the analysis of the protocols also be disabled and tag-blocking attacks.
working here. B. Data Layer-based attacks and vulnerability analysis
TABLE V. PHYSICAL LAYER VULNERABILITY ANALYSIS
The hardware devices in the data layer represent a table of
Properties Scyther Scyther-Proof Tamarin low resistance to attacks in terms of properties. An attack on
Verification Yes Yes Yes
the data layer is intended to alter or delete data integrity.
Attack Detection and Yes - Yes Effective use of authentication algorithms ensures that data is
Visualization transmitted securely between two desired points. If there is an
Creating a Protocol Yes - - attack on the packet, the packet is requested to be encrypted.
Security Hierarchy However, in the case of unencrypted packets, an attacker can
Privacy and Yes Yes Yes
Synchronization deceive the system. The first precaution against such attacks
Sample Space Yes Yes Yes is verification of the data source. The primary vulnerability
Applications here is the timeout value. If the timeout value is lowered, the
intensity and impact of the attacks are reduced. Given today's
Table 5 shows the physical layer vulnerability analysis. cyberspace, one of the most common types of data-centric
Scyther is structurally capable of creating a security hierarchy attacks is man-in-the-middle attacks (MiTM) [18]. At the
of hardware protocols. The same results were obtained at the points where data exchange takes place, the attacker tries to
source verification point in these tools used for hardware listen and block the IP addresses of the source and the target.
Authorized licensed use limited to: UNIVERSITE DE TUNIS EL MANAR. Downloaded on January 01,2023 at [Link] UTC from IEEE Xplore. Restrictions apply.
 Especially in public transport signaling systems, when architectures developed with RSA and Diffie-Hellman
there is a weakness in the communication of the production, algorithms are used. More special measures are taken against
at the points where the transmission lines send data to certain attacks on personal data networks. For example, attacks such
centers, there are big problems. For smart transportation as blue bugging, bluejacking, and bluesmack often aim to
systems, the Vehicle Ad-Hoc Network (VANET) is the region disable devices. It is aimed to create continuous traffic to the
most likely to have such attacks. Here, systems with devices and keep them out of service. Protocol-based
vulnerabilities such as collision avoidance systems and early measures should be taken for these devices, which have a
warning systems should be carefully monitored. IoT devices structurally constrained encryption algorithm. To eliminate
included in wireless sensor networks also need secure the lack of authentication, authentication protocols are
authentication when exposed to man-in-the-middle attacks. recommended in smart homes according to application areas,
Encryption algorithms should be taken into account when key lengths such as AES, a slightly more advanced encryption
configuring firewalls used against such attacks. One of the standard, can be used. Also, botnet attacks have been
methods developed against man-in-the-middle attacks is the increasing in recent years [21]. Bot networks automatically
deep learning approach. Studies show that signal execute their commands through the IoT device on each
authentication can be done with the help of watermark infected node. Common tasks, such as initiating DDoS
algorithms developed with deep learning [19]. Step attacks, can also put the network out of service in a short time.
correlation neural networks are examples of current deep Here, measures such as syn-cookies and bypass number
learning algorithms. Especially with K-Nearest Neighbors filtering can be taken.
(KNN) classification algorithms, the process can be easily
D. Application layer-based attack and vulnerability analysis
performed. Measures are taken against MiTM attacks over the
data layer by ensuring data flow security through mobile The application layer is a structure that works according
platforms. to the services requested by the users. The software serving
in this layer is designed to manage the system and provide
Attack Types and Preventions
continuous service. The system is directly affected by an
Data Layer attacks are mostly routed through the devices attack on software. Studies show that user-centered measures
on the network to which the devices are connected. It is to be taken at the application layer will resist attacks. Attacks
ensured that the devices are decommissioned with overloads and vulnerabilities that occur in this layer include access
and replay attacks on their memory. When the flow directions control attacks, privacy and identify vulnerabilities. It is
of data are manipulated with requests sent over fake IoT possible to access IoT devices thanks to researches made
devices, the traffic generated by the devices will change. At with adware and user habits that are common today. In
this point, a media access control address (MAC) and vulnerability detection of backdoors, attackers usually
Address Resolution Protocol (ARP) record kept by other identify the points of attack through the operating systems
network devices to which IoT devices are connected also running on the devices. The use of anti-virus software as a
change. Topology is also threatened by overloading attacks precaution and the creation of a firewall that affects the
on these tables. For this reason, traffic can be controlled with general system. When the IoT architecture is examined, it is
a proxy to be used in the IoT network at this layer. If control seen that encryption algorithms are needed first in order for
is performed by monitoring the traffic that occurs in attacks the devices to continue their services safely in the areas they
where IoT devices are listened to and the confidentiality of serve. Users share or use information such as personal or
their data is violated, unsafe traffic on the device will be device passwords, which leads to the security vulnerabilities
detected. of encryption algorithms. In the IoT space, a fairly simple
password configuration facilitates identity-based
C. Network layer-based attack and vulnerability analysis
authentication [22]. In order to avoid such vulnerabilities, an
One of the most common types of attacks is DDoS attacks. intrusion detection system (IDS) must first be configured in
In DDoS attacks made over this layer, packets are the topology of the devices. One of the suggestions for
continuously sent to IoT devices over the IP address of the ensuring security in the application layer is the security
target device. As a result of these packets, the device that studies that have become widespread in 5G architectures. It
receives the packet continuously becomes unusable after a is possible to perform access control in communication with
period of inactivity. The method developed against such IoT devices by classifying possible attacks over 5G
attacks is the Intrusion Detection System (IDS) and routing architecture. They should create access control lists in
tables. Studies show that network layer-based attacks affect e- firewalls against spyware threats such as keyloggers that
health applications, smart building, and smart city access through IoT devices, because they must stay in
applications [20]. The network layer has an important place in constant communication with each other. Possible long-term
the work done on the application layer. Artificial neural connection errors between devices eliminate data integrity
networks are used to detect IP-based intrusions of IoT due to the communication protocols used to work with this
devices. In this layer, where the data is packaged over the IP logic. With its simple structure, the MQTT protocol can be
protocol, research has been carried out to eliminate the service easily integrated with IoT networks. Its performance during
redid problems caused by DDoS attacks. energy use is one of its advantages when used with IoT.
Attack Types and Preventions Attack Types and Preventions
It encounters many attacks on IoT devices during the data Application layer attacks are generally attacks based on
transfer phase at the network layer. When devices emulated packet manipulation. The content of the message changes,
with MiTM attacks are combined, the manipulated data size especially in resource-consuming and repetitive attacks.
increases the impact of the threat vector. Against such attacks, Packet flow is directly affected by tampering with message
Authorized licensed use limited to: UNIVERSITE DE TUNIS EL MANAR. Downloaded on January 01,2023 at [Link] UTC from IEEE Xplore. Restrictions apply.
flows. Packet queuing attacks can be accomplished by TABLE VII. COMPLEMENTARY ASPECTS OF CLOUD AND IOT [17]
adapting an incorrect sequence number to the packet. A Criteria IoT Cloud
connection may be temporarily opened against the TCP Displacement pervasive centralized
handshake. In order to prevent UDP and TCP packet flow, an Reachability Limited Ubiquitous
attack can be made by sending many packets over both Components Real-world things Virtual resources
protocols. By adding vulnerable data to the command or Computational Limited Virtual unlimited
query, the IoT device is contaminated. In connections made Capabilities
Storage Limited or none Virtual unlimited
with telnet protocols used for remote management and Role of the Point of Means of delivering
connection, IoT devices operating as embedded systems can internet convergence services
be installed maliciously. It is expected that the measures to Big data Source Means to manage data
be taken against these common attack scenarios will yield
results in a short time. For example, default accounts should
Table 8, shows the work done with security solutions in IoT
be disabled in case of a security vulnerability over the Telnet
and cloud relationship. When the studies are examined, it is
connection. If possible, the telnet connection port can be
seen that there are studies that focus on the security of the
disabled. For those with weak encryption algorithms,
network to which the IoT device is connected and draw
passwords that push the security limits as much as possible
attention to access control. This case highlights the
should be preferred when accessing the management panel.
importance of security requirements at the cloud layer level in
A classifier must be defined against attacks such as DDoS
IoT devices. Protocols used for data integrity, authenticity,
TCP flooding [23].
authentication and secure communication are specified [29].
E. Cloud layer-based attack and vulnerability analysis
Attack Types and Preventions
IoT cloud platforms are topologies designed to manage Cloud technologies include hardware and software-based
and monitor cloud-connected devices. Smart cities and IoT security measures. It works in integration for systems such as
devices connected to infrastructure systems are members of a cloud technologies, e-health systems, and energy
cloud in terms of data accuracy and integrity. IoT devices communication lines. By connecting IoT devices to a cloud, a
integrated with cloud technologies gain features such as data cloud of objects is created. Data from IoT devices that receive
management, information integrity, and traceability. Data are data from patients in e-health applications include patient
centrally collected and analyzed to draw meaningful results health data. In this regard, it is vital that it be manipulated.
using various machine learning algorithms [24]. Continuity is Encryption algorithms are used against protocol attacks
also ensured by monitoring abnormal situations in the devices. during authentication. Especially, powerful IoT devices
Cloud technologies such as AWS Cloud, Google Cloud, should be used during the transfer of the health data of
Oracle Cloud, Cisco Cloud are widely used in the world. The remotely monitored patients to the center. This also applies to
IoT device in the cloud creates frame data with sensor data smart home systems. Security will be provided at sensor
and tag data [25]. Thus, the data obtained is stored by other nodes with IoT devices operating with the mutual
devices in the cloud. Security protocols are used while authentication protocol. Another weakness for IoT devices
transmitting data. Hypertext Transfer Protocol Secure running in cloud technologies is resource management. In
(HTTPS), IPSec, TLS, DTLS, and SSL technologies are DDoS-based attacks, the cloud is overloaded with attacks
preferred. By using SSL-protected API, certificate-based such as resource overflow. Short-term cloud downtime
security measures are also taken at endpoints. Preferred adversely affects data processing and transmission. Therefore,
protocols and technologies in cloud-based IoT architectures hardware security measures should be supported by using
are given in Table 6. Protocols used for data integrity, machine learning algorithms.
authenticity, authentication, and secure communication are
specified [26].
TABLE VI. SECURITY PROTOCOLS USED IN IOT ARCHITECTURES.

Integrity Confidentiality Authentication Secure

Communication
/ Encryption
ATLS SSL X509Certificate SSL/TLS
SSL IPSec ATLS RSA HTTPS, SSL/
PKI ATLS 2048 AES, 3DESTLS
WPA2 SSL to API PKI X509 / MIME
Certificate SSL/ 3DES,
SSID/Password TSDP
DTLS/ LWM2M

Table 7 shows complementary aspects of IoT devices and

cloud architectures. IoT devices that provide services in the
cloud transmit the data they produce or receive according to
the security policies configured in the cloud. These data are
evaluated through data centers. Therefore, at the point of
managing big data, it is important to store the data collected
from the source with correct synchronization [27].
Authorized licensed use limited to: UNIVERSITE DE TUNIS EL MANAR. Downloaded on January 01,2023 at [Link] UTC from IEEE Xplore. Restrictions apply.
 TABLE VIII. STUDIES ON IOT CLOUD SECURITY SOLUTION

Articles and Topics Focus Area Source

A machine learning-based intrusion detection for detecting internet of things network attacks. Network Security [28]
Case Studies on 5G and IoT Security Issues from the Leading 5G and IoT System Integration Network Security [29]
Vendors. In Secure Communication for 5G and IoT Networks
Trust-Based Secure Multi-Cloud Collaboration Framework in Cloud-Fog-Assisted IoT Data Security [30]
Access Control Models and Architectures For IoT and Cyber Physical Systems. Data Security [31]
A survey of remote attestation in Internet of Things: Attacks, countermeasures, and prospects. Access Control [32]
An overview of security and privacy in smart cities' IoT communications. Network Security [33]
Fog Computing and Blockchain based Security Service Architecture for 5G Industrial IoT Data Security [34]
enabled Cloud Manufacturing
Resource Management Framework Using Deep Neural Networks in Multi-Cloud Environment. Access Control [35]
Lightweight and High-Performance Data Protection for Edge Network Security. Network Security [36]
Two-Factor Authentication and Key Agreement Schemes for Smart Home Fingerprint Privacy [37]
Characteristics
Prediction-Based Resource Deployment and Task Scheduling in Edge-Cloud Collaborative Network Security [38]
Computing.
A Survey on Public Key Encryption with Keyword Search: Taxonomy and Methods. Access Control [39]

F. Evaluation of current vulnerabilities in terms of IoT in Table 9. Considering the attack scenarios; data and network
devices layer attacks should be examined specifically. Because these
attacks are at the top of the cyber attacks in general. This
One of the most important points to be considered in IoT is to situation increases the possibility of IoT connected networks
secure the topology to which the devices are connected as being exposed to such attacks. For this reason, the measures
soon as possible against possible cyber attacks [40]. As a suggested in Table 9 should be applied specifically. Attack
result of the study, it was seen that it is not possible to adhere types and target points in IoT platforms are examined in Table
to a single solution and standard to increase the security of IoT 10. The situation of the vulnerabilities at the application and
devices. If the source of security vulnerabilities are network layer point is striking. Similar results are observed
categorized according to possible attacks, the layer security when the network layer is evaluated with the cloud layer. At
approaches developed can give more effective results. Thus, the starting point of attacks against IoT devices, results can be
risk analysis and assessment of possible threats and measures obtained by continuing from the target point where it connects
to be taken against vulnerabilities can be evaluated more to the cloud through the network layer. Privacy and security
accurately. That's why it's important to respond to attacks and should be prioritized, especially in production and
improve the system quickly. While developing security transmission platforms where IoT devices are used in large
architectures, it should be kept in mind that the basic numbers. In the layer-based analysis conducted in this study,
principles are privacy and control mechanisms [41]. The common attacks and the measures taken are listed in Table 10.
ability of IoT devices to detect, operate, collect and store data According to the attack scenarios; Data and network layer
as it is, requires a central security policy [42]. Although attacks have been seen to be at the top of the cyber attacks in
authentication in IoT devices is seen as a secure option, it general. It also increases the likelihood of IoT-connected
appears to be associated with risks in studies [43]. Table 8 networks being exposed to such attacks. Therefore, the
shows the behavior of vulnerabilities in IoT devices that measures suggested in Table 10 are recommended to be
create a risky area for information security. The inadequacy applied specifically.
of the encryption algorithms in the devices increases the
TABLE XIV. LAYER-BASED CLASSIFICATION OF ATTACKS AND
security risks in the network where the device is located. PREVENTIONS IN IOT DEVICES
Although unsafe environments are generally web platforms
[24], even a wireless network to which the IoT device is Physical Data Network Application Cloud
Layer Layer Layer Layer Data Layer
connected requires the risk management of the system. Data- Cyber- Eavesdropp MiTM Telnet Poisoning
driven analysis and research aim to create firewalls and Physical ing DDoS, Injection Evasion
develop encryption algorithms. In application layer-centered RFID MAC Replay SSL Injection Impersonat
Attack

Tracking Attacks. TCP&UDP e

analysis and studies, IoT requires risk analysis and a central EavesdropP ARP flooding Inversion
management system [44]. In studies that prioritize risk ing Poisoning TCP-SYN
management, precautions that can be taken for IoT devices flooding
Knot MAC Filter VPN and Telnet and Use of
operating in low-security environments are mentioned.
Recommended
Precautionary

detection, Proxy Filter IDS SSL default Artificial

Especially the critical points obtained from the sensor used in
Methods

Faraday Static ARP SYN- port and Intelligence

IoT are the basis of security protection of data Cage Cookies account and
IPS Validation machine
communication. In the classification made in the study, the Proxy control learning
common attacks and the measures that can be taken are shown algorithms

Authorized licensed use limited to: UNIVERSITE DE TUNIS EL MANAR. Downloaded on January 01,2023 at [Link] UTC from IEEE Xplore. Restrictions apply.
 TABLE X. STUDIES ON IOT CLOUD SECURITY SOLUTIONS [45] Human-Computer Interaction, Optimization and Robotic Applications
(HORA), pp. 1-6, 2021.
Current Application
Type of Vulnerability Security Status [7] H. Kaur, R. Kumar, “A Survey on Internet of Things (IoT): Layer-
Vulnerability Status Application Network Specific, Domain-Specific and Industry-Defined Architectures”,
Security Security Springer in Advances in Computational Intelligence and
Insecure Web Available Yes Less Communication Technology, Singapore, pp. 265-275, 2020.
Interface [8] F. Hussain, R. Hussain, S. A. Hassan, E. Hossain, Machine learning
Insufficient Available Yes Yes in IoT security: Current solutions and future challenges. IEEE
Authentication and Communications Surveys & Tutorials, 22(3), 1686-1721, 2020.
Authorization [9] [Link], Z. Albayrak, “Q-Learning for Securing Cyber-Physical
Unsecured Wireless Available Less Yes Systems: A survey”, IEEE In 2020 International Congress on Human-
Network Services Computer Interaction, Optimization and Robotic Applications
Lack of Encryption Available Yes Yes (HORA), pp. 1-13, 2020.
Privacy Capability Developing Less Less
[10] R. Stephen, B. Ayshwarya, R. S. M. Joshitta, H. B. Shanthan, Internet
Insecure Cloud Available Yes Less
of Things (IoT): The Standard Protocol Suite for Communication
Interface
Networks. In Cases on Edge Computing and Analytics ,pp. 55-72,
Insecure Mobile Developing No Yes 2021.
Interface
Insufficient Security Available Yes Yes [11] D. Mendez Mena, B. Yang, Decentralized Actionable Cyber Threat
Configurability Intelligence for Networks and the Internet of Things. IoT, 2(1), pp. 1-
Non-Secure Software Available Less Less 16, 2021.
/ Firmware [12] P. P. Ray, A survey on Internet of Things architectures. Journal of
Weak Physical Developing No Less King Saud University-Computer and Information Sciences, 30(3), pp.
Security Status 291-319, 2018.
[13] R. K. Jha, H. Kour, M. Kumar, S. Jain, Layer based security in Narrow
Band Internet of Things (NB-IoT). Computer Networks, 185, 107592,
2021.
V. CONCLUSION
[14] Z. B. Celik, P. Mc Daniel, G. Tan, L. Babun, A.S. Uluagac, Verifying
When the attack types are examined according to the internet of things safety and security in physical spaces. IEEE Security
layer-based IoT security architecture, it has been concluded & Privacy, 17(5), pp. 30-37, 2019.
that the attacks against the data and network layer pose serious [15] W. A. Kassab, K.A. Darabkh, A–Z survey of Internet of Things:
Architectures, protocols, applications, recent advances, future
dangers. Vulnerabilities in user application software and directions and recommendations. Journal of Network and Computer
hardware measures have been tested in the architecture that Applications, 163, 102663, 2020.
connects to a cloud via a gateway. In future studies, [16] Ballerini, M., Polonelli, T., Brunelli, D., Magno, M., & Benini, L., Nb-
vulnerabilities arising from user interfaces of IoT devices and iot versus lorawan: An experimental evaluation for industrial
applications can be tested. There is a need for middleware applications. IEEE Transactions on Industrial Informatics, 16(12),
security approaches in cloud and network layer architectures. 7802-7811, 2020.
Attacks against IoT devices can be analyzed with machine [17] D. Bhushan, R. Agrawal, Springer Security and Privacy in IOT. In
Research in Intelligent and Computing in Engineering, pp. 673-679,
learning algorithms and new generation attack detection and 2021
prevention algorithms can be developed. It will be possible to [18] N. Almolhis, A. M. Alashjaee, S. Duraibi, F. Alqahtani, A. N. Moussa,
take precautions against protocol-based attacks, especially “The Security Issues in IoT-Cloud: A Review”. 16th IEEE
with approaches to be developed with machine learning International Colloquium on Signal Processing & Its Applications
algorithms. In future studies, vulnerabilities arising from user (CSPA), pp. 191-196, 2020.
interfaces of IoT devices and applications should be tested. [19] D. Jiang, S.W. Chao, "A study of information security for M2M of
There is a need for middleware security approaches in cloud IOT", 3rd International Conference on Advanced Computer Theory
and Engineering (ICACTE). Vol. 3, 2010
and network layer architectures.
[20] Fkirin, A., Attiya, G., El-Sayed, A., & Shouman, M. A., Copyright
protection of deep neural network models using digital watermarking:
REFERENCES a comparative study. Multimedia Tools and Applications, pp. 1-15,
2022.
[21] Ali, S. M., Çakmak, M., Albayrak, Z., “Security Classification of
[1] F. Ç. Boz, “Industry 4.0 Opportunities in Economic Development for Smart Devices Connected to LTE Network”,Springer In The
Developing Countries,” Selected Studies On Economics and Finance, Proceedings of the International Conference on Smart City
70, 2018. Applications, pp. 1125-1131, 2021.
[2] H. Mrabet, N. E. Oueslati, A. Jemai, [Link], “Comparative [22] Faheem, M., Shah, S. B. H., Butt, R. A., Raza, B., Anwar, M., Ashraf,
Study of the Common Cyber-Physical Attacks in Industry 4.0”, IEEE M. W., Gungor, V. C., Smart grid communication and information
International Conference on Internet of Things, Embedded Systems technologies in the perspective of Industry 4.0: Opportunities and
and Communications (IINTEC), pp. 1-7, 2019.. challenges. Computer Science Review, 30, pp. 1-30, 2018.
[3] O. Alrawi, C. Lever, M. Antonakakis, F. Monrose, “Sok: Security [23] Sharma, G., Kalra, S., A lightweight user authentication scheme for
evaluation of home-based iot deployments”, IEEE symposium on cloud-IoT based healthcare services, Iranian Journal of Science and
security and privacy, pp. 1362-1380, 2019 Technology, Transactions of Electrical Engineering, 43(1), 619-636,
[4] M. Ammar, [Link], B. Crispo, “Internet of Things: A survey on 2019..
the security of IoT frameworks”, Journal of Information Security and [24] Lee, Y. J., Baik, N. K., Kim, C.,Yang, C. N., Study of detection
Applications, 38, pp. 8-27, 2018 method for spoofed IP against DDoS attacks. Personal and Ubiquitous
[5] H. Mrabet, S. Belguith, A. Alhomoud, A. Jeami, “A survey of IoT Computing, 22(1), pp. 35-44, 2018
security based on a layered architecture of sensing and data analysis”, [25] Choi, C., Choi, J., Ontology-Based Security Context Reasoning for
Sensors, 20(13), 3625, 2020. Power IoT-Cloud Security Service. IEEE Access, 7, pp. 110510-
[6] Altunay, H. C., Albayrak, Z., Özalp, A. N., & Çakmak, M., “Analysis 110517,2019.
of anomaly detection approaches performed through deep learning
methods in SCADA systems”, IEEE 3rd International Congress on

Authorized licensed use limited to: UNIVERSITE DE TUNIS EL MANAR. Downloaded on January 01,2023 at [Link] UTC from IEEE Xplore. Restrictions apply.
[26] S. a. K., N. A., R. G. Belguith, "CUPS: Secure opportunistic cloud of
things framework based on attribute-based encryption scheme
supporting access policy update", Security and Privacy, p. e85, 2020.
[27] Guechi, F. A., Maamri, R., “Secure and Parallel Expressive Search
over Encrypted Data with Access Control in Multi-CloudIoT”, IEEE
3rd Cloudification of the Internet of Things (CIoT), pp. 1-8, 2018.
[28] A. S. A. S. A., S. P. K. Perti, "Security Risks and Challenges in IoT-
Based Applications", In Proceedings of International Conference on
Big Data, Machine Learning and their Applications, Singapore, 2021.
[29] W. H. Hassan, "Current research on Internet of Things (IoT) security:
A survey", Computer networks, cilt 148, pp. 283-294, 2019.
[30] Y. K. A. A. I. M. S. H. M. K. &. C.-P. R. Saheed, "A machine learning-
based intrusion detection for detecting internet of things network
attacks", Alexandria Engineering Journal, cilt 61, no. 12, pp. 9395-
9409, 2022.
[31] S. C., R. T. , K. S. Sandeep, "Case Studies on 5G and IoT Security
Issues from the Leading 5G and IoT System Integration Vendors", In
Secure Communication for 5G and IoT Networks, pp. 197-212, 2022.
[32] J. L., T. Y. Z., M. J. Zhang, "Trust-Based Secure Multi-Cloud
Collaboration Framework in Cloud-Fog-Assisted IoT", IEEE
Transactions on Cloud Computing, 2022.
[33] M. B., S. A., A. H., S. R. Gupta, "Access Control Models and
Architectures For IoT and Cyber Physical Systems", 2022.
[34] B. F., A. S., W. Y. S., G. Y. Kuang, "A survey of remote attestation
in Internet of Things: Attacks, countermeasures, and prospects",
Computers & Security, no. 112, p. 102498, 2022.
[35] F. Z. H., S. R. Al‐Turjman, "An overview of security and privacy in
smart cities' IoT communications.", Transactions on Emerging
Telecommunications Technologies, cilt 3, no. 33, p. 3677, 2022.
[36] T. M., B. A., L. M., Y. M. Hewa, "Fog Computing and Blockchain
based Security Service Architecture for 5G Industrial IoT enabled
Cloud Manufacturing", IEEE Transactions on Industrial Informatics,
2022.
[37] S. B. S. R. D. B. K. G. Y. N. &. R. R. A. Sangeetha, "Resource
Management Framework Using Deep Neural Networks in Multi-
Cloud Environment", Springer In Operationalizing Multi-Cloud
Environments, pp. 89-104, 2022.
[38] X. L. B., Z. Q. Chen, "Lightweight and High-Performance Data
Protection for Edge Network Security", Wireless Communications
and Mobile Computing, 2022.
[39] Z. L. Z. Z. Q. D. S. L. J., Z. Y. Liu, "Two-Factor Authentication and
Key Agreement Schemes for Smart Home Fingerprint
Characteristics", Mobile Information Systems, 2022.
[40] M. W. G., C. K., K. R. Su, "Prediction-Based Resource Deployment
and Task Scheduling in Edge-Cloud Collaborative Computing",
Wireless Communications and Mobile Computing, 2022.
[41] M. H. A. R., G. A. Noorallahzade, "A Survey on Public Key
Encryption with Keyword Search: Taxonomy and Methods",
International Journal of Mathematics and Mathematical Sciences,
2022.
[42] Sivaraman, V., Gharakheili, H. H., Fernandes, C., Clark, N., &
Karliychuk, T. "Smart IoT devices in the home: Security and privacy
implications", IEEE Technology and Society Magazine, 37(2), 71-79,
2018.
[43] D. Bhushan, R. Agrawal, Springer Security and Privacy in IOT. In
Research in Intelligent and Computing in Engineering, pp. 673-679,
2021
[44] A. K. a. B. L. a. A. H. a. U. A. S. Sikder, "Aegis: a context-aware
security framework for smart home systems", Proceedings of the 35th
Annual Computer Security Applications Conference, 2019, pp. 28-41.
[45] Jin, B. W., Park, J. O., Mun, H. J., A design of secure communication
protocol using RLWE-based homomorphic encryption in IoT
convergence cloud environment. Wireless Personal Communications,
105(2), pp. 599-618, 2019.

Authorized licensed use limited to: UNIVERSITE DE TUNIS EL MANAR. Downloaded on January 01,2023 at [Link] UTC from IEEE Xplore. Restrictions apply.