See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/327478710

Securing the Internet of Things (IoT): A Security Taxonomy for IoT

Conference Paper · August 2018

DOI: 10.1109/TrustCom/BigDataSE.2018.00034

CITATIONS READS
3 2,497

4 authors, including:

Syed S Rizvi
Pennsylvania State University
142 PUBLICATIONS   377 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Automobile Security View project

cloud computing View project

All content following this page was uploaded by Syed S Rizvi on 05 December 2018.

The user has requested enhancement of the downloaded file.

2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th
IEEE International Conference On Big Data Science And Engineering

Securing the Internet of Things (IoT): A Security Taxonomy for IoT

1
Syed Rizvi, 1Joseph Pfeffer III, 1Andrew Kurtz, 2Mohammad Rizvi
1
Department of Information Sciences and Technology, Pennsylvania State University, Altoona-PA, USA
2
PricewaterhouseCoopers (PWC), Dallas-TX, USA
1
{srizvi, jrp5225, adk5220}@psu.edu
2
rizvi.mr@gmail.com

Abstract—In Internet of Things (IoT), there is a vast number of the current practices of securing conventional networks, (b)
connected devices that exist. These devices are collecting and identify the existing IoT security requirements and
transmitting great volumes of data from device to device, guidelines, (c) explore the architecture of IoT, (d) define the
device to enterprise systems, and occasionally from device to current threats that IoT devices are facing, and (e) touch on
humans. Due to the billions of connected devices, there is a the domains of IoT. The results of this research will be
great risk of identity and data theft, device manipulation, data analyzed and organized to provide critical analysis on the
falsification, server/network manipulation, and subsequent current security of IoT devices and infrastructure, as well as
impact to application platforms. While the number of these to develop a complete taxonomy to provide a holistic view of
interconnected devices continues to grow every day, so does the
IoT secure environment.
number of security threats and vulnerabilities posed to these
With increased commercialization of IoT devices, society
devices. Security is one of the most paramount technological
research problems that exist today for IoT. Security has many is becoming more and more connected with the IoT
facets - security built within the device, security of data infrastructure - making society more susceptible to the
transmission, and data storage within the systems and its vulnerabilities of the current IoT environment. IoT will
applications. There is an extensive amount of literature that increasingly touch our lives in more ways than before.
exists on the subject with countless problems as well as Hence, research community must tackle and resolve security
proposed solutions; however, most of the existing work does aspects of IoT. Compromised IoT devices present the risk of
not provide a holistic view of security and data privacy issues misusing personal information, compromising other
within the IoT. The primary goal of this research work is to connected systems, and safety risks [18].
advance the current state of the art in IoT research by The IoT is the concept of every connected technological
identifying (a) the critical domains where IoT is heavily used, device, machine, and relationship. IoT is encompassing
(b) the security requirements and challenges that IoT is every aspect of the lives that regulate and control these
currently facing, and (c) the existing security solutions that “things” every day. The group of objects that are connected
have been proposed or implemented with their limitations. to form an infrastructure or group of infrastructures which
allow all devices to connect, manage, data mine, and access
Keywords- IoT security; vulnerability; security threats all data they generate, or collect is the definition of IoT [2].
Zhang et al. [5] defines the IoT as anything that is physical,
I. INTRODUCTION or virtual that can connect to the internet. Oh and Kim [10]
The emerging technical space is growing with the describe the IoT environment as a system that works
Internet of Things (IoT). IoT is bringing about a paradigm together, is aware, intelligent, and does this for a specific
shift in services, infrastructure, and consumer industries [1]. purpose. These definitions enhance what we understand as
While this paradigm shift is happening, trust and security are IoT. Therefore, there must be some sort of security
necessary requirements to tackle different kinds of attacks, architecture in place to protect the individuals, companies,
threats, malfunctions, and devastating impacts to society. and entities which utilize them. IoT is an overwhelming
The responsibility of securing IoT lies with device environment where all the connected devices are now
manufacturing companies and companies that use the becoming more and more popular year by year, but security
devices. Having a complete set of security terms is a priority has not kept pace with it. The attackers are threatening this
to organize the threat and overcome all security challenges in network of things as well. For instance, DYN attack in the
IoT. Some security requirements for IoT have been later part of 2016 was a valid example of attackers
proposed, including encryption, hashing, and other forms of threatening a network which impacted many people [14].
secure communications [11, 12]. Yet, more is needed to The security of these IoT devices being used by anyone is of
secure this infrastructure from threats and attacks as well as the utmost importance, as many of these devices are now
other concerning interests. Advancing the technology to being used in malicious ways. The IoT environment interacts
secure the IoT environment is the motivation of this research at the perception, application, and network layers which
work. To do this, we (a) perform a thorough investigation of comprises a type of open network [9].

2324-9013/18/31.00 ©2018 IEEE 163

DOI 10.1109/TrustCom/BigDataSE.2018.00034
 Granjal et al. [11] discussed communication protocol as TABLE I. TLSD AND SPECIFIC ATTACKS IN IOT
one of the priorities to secure IoT. Abomhara and Køien [9] Top-Level
Sub-Domains
prioritize identifying and locating the IoT environment. Security Domain
Some have different opinions of where to prioritize IoT, but Perception Layer
all have one thing in common, security must be our top Architecture Application Layer
priority. Asplund and Nadjm-Tehrani [13] pointed out that Network Layer
some old techniques are no longer useful such as Snort, and Communication Attacks
other intrusion detection algorithms. Because IoT is Threat Vector Physical Attacks
Application/Software Attacks
somewhat different than conventional networks, modern Privacy
tactics must be adopted to secure these widespread open Trust Availability
architectures. According to Babar et al. [7], the four layers of Reliability
IoT are application, access gateway, internet, and the edge Policy Control
technology layer. These four layers make up the open Compliance Government Oversight
network of IoT. However, others break down the layers into Non-Government Oversight
three, the internet, application, and perception layer [9]. For
this research, we consider the three-layered IoT architecture
layout.
The top-level security divisions in our proposed master A. Architecture and Layers
IoT security taxonomy are as follows: Architecture/Layers,
IoT devices have unique architecture that can be defined
Threat Vector, Trust, Compliance, Domains, and Access
in layers. Similar to TCP/IP, the IoT devices are considered
Control. These all are broken down into security classes,
to have three different operational layers [1] [3] [4]: the
which then are broken down further into security sub-levels.
perception layer, network layer, and application layer. Each
Each top-level security division includes a way the IoT
layer offers different functionality; therefore, every layer has
environment can be identified and secured in different types
its own unique threats. Additionally, each layer is connected
of ways. Each has its vulnerabilities that must be analyzed.
to and relies on the other layers to function. Therefore, for
Every security division must be secured equally rather than
one of these layers to be secure, the other layers must also be
prioritized over another. Just like the old-adage, “only as
secured.
strong as its weakest link” is portioned here at the top-level
security divisions. If you have a weak division, then you
Perception Layer: This layer in IoT devices is responsible
have a weak network, therefore vulnerable to attack, or
for the collection of data. Each IoT node performs a function
malfunction.
that requires the collection of data. Therefore, this layer
Due to the lack of security features in IoT devices across
involves the use of RFID, Zigbee, and other types of sensors
the environment, a security dashboard is needed to find what
[4]. It is important to secure the perception layer as it inputs
type of security controls are required to stop threats and
large amounts of data and this data could be damaging or
attacks in the IoT environment. This IoT security dashboard
malicious. Since IoT devices are generally autonomous, they
is a step in the right direction to organize and standardize
can be easily compromised by the attackers. Some security
devices across the IoT global network. Through the use of
can be placed at the perception layer. Two types can be
these steps, the IoT industry can seek to better improve upon
cryptographic elements and detection of abnormal sensor
the security that is needed in these devices. In the future,
readings [29].
more devices can be inputted by the correct domain and type
of device to understand what security is necessary to make
Application Layer: The application layer is the most diverse
the device secure for use in the IoT environment.
and complicated of the IoT architectural layers. Since there
II. SECURITY CHALLENGES IN IOT are so many different products, devices, and manufacturers,
there is no universal standard for the construction of the
There are many threats that digital architectures face application layer. There are several different challenges at
today. Whether it is a home Wi-Fi network, an the application layer. For example, data access permissions
organization’s network, or a smart TV, our devices and and identity authentication can be a cause for concern. With
systems are all at risk. This constant risk is no different in all the different types of applications and users, it is difficult
IoT. Due to the open architecture of IoT, this makes it much to manage access permissions and authentication. The
more difficult to secure these devices, bringing about many application layer also poses challenges for data protection
more security challenges. According to Iqbal et al. [3], there and recovery. With the number of devices and nodes, the
are several properties of IoT that can lead to security and massive transactions of data and information make it
privacy issues such as mobility, wireless, embedded use, challenging to secure that data efficiently. Finally, as with all
diversity, and scale. These characteristics make IoT unique types of software, there is always the concern of
in its security needs and raise many new challenges in vulnerabilities in the software at the application layer [4].
information security. This paper presents IoT taxonomy, as Also, security threats can happen when coders do not use
seen in Table I, to better understand the security aspects of standard code within their applications [17].
IoT.

164
Network Layer: The network layer is involved in the TABLE II. SECURITY DOMAINS AND SECURITY CONTROLS FOR IOT
transmission of data. The network layer in IoT operates the Top-Level Security Domain Sub-Domain
same as the network layer in the TCP/IP. It also has the same
traditional security problems as the TCP/IP model. Some of Commercial
the common security threats in the network layer are illegal Service
Domains
access networks, eavesdropping information, confidentiality Consumer
damage, integrity damage, DoS attack, Man-in-the-middle Infrastructure
attack, virus invasion, exploit attacks, etc. [4]. Confidentiality
Security Controls Integrity
B. Threat Vector Availability
A threat vector is a way or a medium for an attacker to
penetrate into IoT devices and perform malicious functions
to harm a device, or system [15]. In IoT, the attack surface an overload of requests that inevitably bring down the
has several vulnerabilities from communication attacks to server. In IoT, the threat of a DDoS attack is ongoing.
dynamic attacks. Attackers can exploit these vulnerabilities
with different tools and malicious codes. Babar et al. [7] Network Injecting: This attack can occur when any device
states that there are many different threat vectors in IoT, or domain utilizes a SQL database. Attackers can inject
including identity management, embedded security, storage malicious code to bring the database down, change
management, physical threat, dynamic binding, and information, or record information. In IoT, many devices
communication attacks. These can all be broken down into record and store information in various databases [6].
their respected attacks. Physical attacks include reverse Network injecting attacks can be detrimental should an
engineering and power source manipulation. Goto et al. [9] attacker gain access to databases through IoT devices.
breaks down threats into four different categories: intruder
models, DoS, physical attacks, and attacks on privacy. Most Physical Attacks: Physical attacks are limited to physically
of these are either too specific or too general. attacking the network either through a wired or wireless
There are many communication attacks that could be medium, or the device individually. These physical attacks
listed, yet they only list DoS. Communications attacks are listed but are not limited to Reverse Engineering,
consist of spoofing, man-in-the-middle, or packet sniffing Jamming, Radio Interference, and Tampering. These attacks
attacks which make IoT devices vulnerable to data privacy. are done by physically misusing the devices for malicious
Hossain et al. [6] turns threat vector into security landscape intent to damaging the device to either record, block, or
which consists of services, end-devices, and underlying transmit messages to one or many other IoT devices. These
communications. These all can break down into their physical attacks lay at the physical and MAC layers of the
different realms of contact, but other attacks are left out as TCP/IP whereas at the perception and application layers of
well. These attacks are physical as well as combination the IoT network architecture.
attacks. We divide our threat vector into three primary
avenues of attacks: communication attacks, physical attacks, Reverse Engineering: This attack is used for taking a
and application or software attacks. Table II presents a device and breaking it down through a series of steps and
summary of top-level security domains and their respective completing a vulnerability assessment to find what
security controls. vulnerabilities the physical device has. This enables the
attacker to exploit known and unknown vulnerabilities.
Communication Attacks: Communication attacks can be After doing this reverse engineer, one could replicate an
done over the network, or in IoT’s environment. These attack on each device that is connected to a specific
attacks include, but are not limited to DoS and Distributed network.
DoS (DDoS), spoofing, man-in-the-middle, network
injecting (SQL Injects), and flooding attacks. The amount of Jamming and Radio Interference: Jamming is when an
damage these attacks can cause with the vast number of IoT attacker uses a device to stop the connectivity of an IoT
devices in existence is staggering. If a malicious attacker device. The attacker is in the vicinity of the vulnerable
could harness the power of these devices, they could do device. Radio Interference is the unintentional jamming of a
extraordinary damage. We will discuss each of these device's connectivity. This can be due to the environment or
communication attacks briefly. reliability of the device itself as well.

DoS and DDoS: A DoS attack is when an attacker uses his Tampering: Tampering with the IoT device is possible
or her own assets to request connections to a server that when the device is either in the pre-deployment phase or in
enables services to different users, inevitably jamming and the development/manufacturing/packaging phases. This is
bringing the server that is enabling services down to a halt. when an attacker falsely tampers with the devices
A DDoS attack is where an attacker (botmaster) utilizes bots development or manufacturing process of the device. This
(computers that are controlled by the attacker which may can be mitigated by containing the devices from the
not be known to the owner of the computer) to request a manufacturer in tamper proof housing when shipped and
server that enables servicers to different users. This creates sold [39].

165
Application/Software Attacks: Software threats are always Privacy: IoT devices in the consumer domain collect every
involved when dealing with any device running software. bit of information that is needed for performance of the
Anything from misconfiguration within the code to business application. This information is typically physical,
malicious scripting can cause breaches in security. When medical, communications, internet browsing history, etc.
dealing with IoT software, we are dealing mostly with APIs This information is collected and used to better suit the
and web apps specifically [8]. It is very important to secure individuals needs [5]. While this can be convenient, quick,
this software vector as there are more possibilities and easy, and affordable, it is not the most secure. Companies
opportunities for threats. In addition, the data being stored can sell your information to other companies or the
or transferred in this vector is not raw data and could company might not have sufficient security to protect your
provide more useful information. personal information.

SQL Injection: One of the most common types of code Availability: IoT end-users require that these devices are
injection is the SQL injection. SQL injections occur when a available and powered to complete tasks. Some schemes
malicious actor enters a SQL query in an unsecured field have three different options: Off, Always On, and Low
that will be processed by a SQL database. This type of Power [2]. Yet, these devices need to be updated more
threat is widespread across all different types of systems, rather than less. The proposed recommendation for this is a
including IoT. One major concern for a SQL injection is that standard available updating platform available to all devices
it can cause privilege escalations, granting the attacker more in a certain domain. The Makrov Model is a way to keep
access to the system. To avoid an SQL injection attack, the systems up with redundant power control for IoT networks
application needs to validate all the data that is provided by [19]. While having these models to identify which IoT
the client before using it with specific APIs [8]. devices are communicating with other IoT devices is a good
thing, some attackers could exploit the information to attack
Cross Site Scripting: Cross site scripting (XSS) is another other devices.
type of code injection that falls within the software threat
vector. XSS executes a malicious script through the web Reliability: Making sure the information that is transmitted
browser of the victim. It originates from an attacker and is and received is correct may be a good thing involving the
then sent back by the application. Essentially, it redirects massive amounts of devices on the IoT network [2].
the victim to another website and can make the victim Reliable schemes to communicate with devices with added
participate in DDoS or even steal the user’s session [16]. security involving integrity, confidentiality, and availability
Similar to SQL injections, data validation is mandatory to is the utmost important aspect we can have as a discipline.
prevent XSS attacks. Therefore, efficient and reliable communication is necessary
for day-to-day operations in the IoT environment.
Exploitation of a Misconfiguration: Applications in the IoT
require the configuration of many systems and components D. Compliance in IoT
to run properly. Therefore, each of these components Compliance is the fourth top-level security division. The
requires a proper security configuration. If they are not security classes under the compliance are: Policy Control,
properly configured, they can be easily exploited by a Governmental Oversight, and Non-Governmental
malicious actor. Operating systems, servers, frameworks, Oversight. Compliance is vital to security and security
database management systems, and any other applications operations. Without proper compliance, policy and
need to be properly configured for a secure IoT procedure controls, a company has no way to organize its
environment. security operations for a better security lifetime. There are
certain frameworks, best practices and examples for
C. Trust in IoT companies to rely on. This organizational management can
It is a challenge to define what trust means in an IoT come from past company policy control, governmental
environment. A model which breaks trust down into a trust oversight, and non-governmental oversight.
management model is broken into four different levels: IoT
User, Application, Network, and the Physical layers [1]. Policy Control: Sophos [24], a leading security company,
This model envelops the trust scheme in IoT. Not many states that the companies should always train their
individuals in society know or care about what level of employees to not give away any type of Personal
security is on their connected devices. If the device works Identifiable Information (PII) including passwords,
for the desired purpose and is affordable, users may see no usernames, and any security measure. They also indicated
need to worry about security. More expensive IoT devices that every company should have an outlined policy and
are generally more secure, but consumers can choose, in guideline for data security. This can include a purpose,
most cases, more affordable devices. This sacrifice of scope, policy, technical aspects, and reporting requirements
security for value is a problem in the IoT environment. In [24]. This should follow every security policy listed in the
this top-level security division, we divide trust into three company’s handbook, so that employees can follow and be
different security classes: Privacy, Availability, and more secure in the workplace with IoT data and devices.
Reliability. Companies should always have a set of policies and

166
frameworks to secure the IoT devices within the company's and operated in a much different way than traditional
network. Others, like Cisco, involve other types of policies computer systems. IoT devices are considerably smaller,
in their IoT security including recommendations to and as such use microcontrollers with limited memory and
strengthen the Domain Name System (DNS) [23]. They also low computational power. Hence, the security approaches
have a security framework involving Network Enforced that work otherwise are impractical for IoT devices. Using
Policy, Authorization, and Authentication. The first layer the security controls of our top-level security divisions, we
involves policies of enforcement, and can be broken into can also create an IoT security dashboard for different types
management of security policies and certificates. The of IoT devices. In the future, we would like to create an
second, Authorization, can be broken into trust relationships apprehensive and complete list of IoT devices and create a
between devices, and the device’s access to different dashboard or mobile application to achieve greater
networks. The third, Authentication, involves human awareness of security controls that must be implemented on
credentials. AT&T breaks the IoT into three layers: device, various IoT devices for a more secure user experience.
application, and connection layers, along with a side layer of
threat management [25]. It involves these three layers along REFERENCES
with detection and prevention of threat management to [1] Z. Yan, P. Zhang and A. Vasilakos, "A survey on trust management
secure their IoT network. for Internet of Things," Journal of Network and Computer
Applications, vol. 42, pp. 120-134, 2014.
Governmental Oversight: Deloitte [21] states that there are [2] B. Dorsemaine, J.-P. Gaulier, J.-P. Wary, N. Kheir, and P. Urien,
“Internet of Things: A Definition and Taxonomy,” in 2015 9th
three different ways government can be an oversight with International Conference on Next Generation Mobile Applications,
IoT: Government as an End User, Government as a Services and Technologies. IEEE, sep 2015, pp. 72–77.
Regulator, and Government as an Infrastructure Provider. [3] A. Iqbal, R. Saleem, and M. Suryani, "Internet of Things (IOT): on
The Department of Homeland Security [20] has four going Security Challenges and Risks," International Journal of
different stages of IoT security policy: coordination across Computer Science and Information Security, vol. 14, pp. 671, 2016.
departments to prevent threats, build awareness of IoT [4] K. Zhao, L. Ge, “A survey on the Internet of Things security”, Proc.
threats, identify incentives for combining IoT security, and 9th Int. Conf. Comput. Intell. Secur. (CIS), pp. 663-667, Dec. 2013.
to contribute to international standards. The EU Alliance for [5] Z. K. Zhang, M. C. Y. Cho, C. W. Wang, C. W. Hsu, C. K. Chen and
IoT Innovation came up with a three-tiered policy approach S. Shieh, IoT security: Ongoing challenges and research
opportunities. 2014, . DOI: 10.1109/SOCA.2014.58.
including, a human-centric IoT, a single market concept,
[6] 1 M. M. Hossain, M. Fotouhi and R. Hasan. Towards an analysis of
and creating a thriving ecosystem [25, 26]. The EU also security issues, challenges, and open problems in the internet of
covers intellectual property, scalability, the architecture of things. 2015, . DOI: 10.1109/SERVICES.2015.12.
IoT, the communication of IoT, the standardization of IoT, [7] S. Babar, P. Mahalle, A. Stango, N. Prasad, and R. Prasad, "Proposed
and the domains [26, 27]. The EU report goes into some security model and threat taxonomy for the internet of things (IoT),"
detail about all of IoT, but does not give different references in Anonymous Berlin, Heidelberg: Springer Berlin Heidelberg, 2010,
which to find various ways to aggregate more information. pp. 420-429.
[8] B. Dorsemaine, J. P. Gaulier, J. P. Wary, N. Kheir and P. Urien, "A
new approach to investigate IoT threats based on a four layer model,"
Non-Governmental Oversight: The Cloud Security 2016 13th International Conference on New Technologies for
Alliance (CSA) [21] has a 13-step process to secure IoT Distributed Systems (NOTERE), Paris, 2016, pp. 1-6.
devices. These steps include having a secure methodology, [9] M. Abomhara, G. M. Koien, "Security and privacy in the internet of
protecting data and networks, to providing a secure update things: Current status and open issues", 2014 International
system, and logging mechanisms [22]. The CSA also goes Conference on Privacy and Security in Mobile Systems (PRISMS),
into further detail in the 2015 report that has cryptographic pp. 1-8, 2014.
measures, policy guidelines, and management of IoT threats [10] S. Oh and Y. Kim. Security requirements analysis for the IoT. 2017, .
DOI: 10.1109/PlatCon.2017.7883727.
[28]. IEEE also has standards in IoT which involve defining
the architecture, the security, and the ecosystem of IoT [30]. [11] J. Granjal, E. Monteiro and J. Sa Silva, "Security for the Internet of
Things: A Survey of Existing Protocols and Open Research Issues,"
These non-governmental organizations are built up by the IEEE Communications Surveys & Tutorials, vol. 17, pp. 1294-1312,
academics, practicing security professionals, and policy 2015.
creators who build the entirety of the IoT policy and [12] M. Ambrosin et al., "On the Feasibility of Attribute-Based Encryption
oversight environment. on Internet of Things Devices," in IEEE Micro, vol. 36, no. 6, pp. 25-
35, Nov.-Dec. 2016. doi: 10.1109/MM.2016.101
III.CONCLUSION AND FUTURE DIRECTION [13] M. Asplund and S. Nadjm-Tehrani, "Attitudes and Perceptions of IoT
Security in Critical Societal Services," IEEE Access, vol. 4, pp. 2130-
This paper presented taxonomy for IoT which would help 2138, 2016.
researchers better understand and identify (a) the critical [14] Symantec, "Internet Security Threat Report," Symantec, 2016.
domains where IoT is heavily used, (b) the security
[15] The OWASP Foundation, "OWASP internet of things top ten
requirements and challenges that IoT is currently facing, and project", Open Web Application Security Project, 2014.
(c) some of the existing security solutions that have been https://www.owasp.org/index.php/OWASP_Internet_of_Things_Proj
proposed or implemented. We discussed that a number of ect#tab=Main
factors such as data volume, sensitivity of data collected and [16] R. Mahmoud, T. Yousuf, F. Aloul and I. Zualkernan, "Internet of
transmitted, and cost of implementing security solutions, things (IoT) security: Current status, challenges and prospective
have a bearing on IoT security. IoT devices are designed measures," 2015 10th International Conference for Internet

167
 Technology and Secured Transactions (ICITST), London, 2015, pp. [23] Sophos, "Sample Data Security Policies," Sophos, Oxford and
336-341. Boston, 2014.
[17] Swamy, S. N., Jadhv, D., & Kulkarni, N. (2017). Seucrity threats in [24] A. C. S. Insights, "The CEO's Guide to Securing the Internet of
the application layer in IOT applications. I-SMAC (IoT in Social, Things," AT&T, 2015.
Mobile, Analytics and Cloud) (I-SMAC). Palladam, India: IEEE. [25] D. Connect, "The Internet of Things," European Commission, 2017.
[18] V. Kharchenko, M. Kolisnyk, I. Piskachova and N. Bardis, [26] European Union. European Commision. “Staff Working Document:
"Reliability and Security Issues for IoT-based Smart Business Center: Advancing the Internet of Things in Europe”.
Architecture and Markov Model," 2016 Third International https://ec.europa.eu/digital-single-market/en/news/staff-working-
Conference on Mathematics and Computers in Sciences and in document-advancing-internet-things-europe
Industry (MCSI), Chania, 2016, pp. 313-318.
[27] M. W. Group, "Security Guidance for Early Adopters of the Internet
[19] Homeland Security, "Strategic Principles for Securing the Internet of of Things (IoT)," Cloud Security Alliance, 2015.
Things (IoT)," U.S. Department of Homeland Security, 2016.
[28] IEEE, "Internet of Things - IEEE standards enabling products with
[20] J. Mariani, "Guiding the IoT to Saftey," Deloitte University Press, real-world applications," 2017. [Online]. Available:
2017. http://standards.ieee.org/innovate/iot/. [Accessed May 2017].
[21] I. W. Group, "Future-Proofing the Connected World: 13 Steps to [29] Yang, Y., Wu, L., Yin, G., Lifie, L., & Hongbin , Z. (2017). A
Developing Secure IoT Products," Cloud Security Alliance, 2016. Survey on Security and Privacy Issues in Internet-of-Things. IEEE
[22] C. S. R. a. Operations, "Securing the Internet of Things: A Proposed Internet of Things Journal, 1250-1258.
Framework," Cisco. [30] L. Atzori, A. Iera and G. Morabito, "The Internet of Things: A
survey," ScienceDirect, 2010.

168

View publication stats