Comprehensive Study of IoT Vulnerabilities and Countermeasures

1. Introduction

2. Preliminary Information

3. IoT Vulnerability Layers

3.3. Network Vulnerabilities

The idea of a network can be broken down into two different subsets of networks. The typical network that is discussed is through the use of WiFi and Ethernet. This type of network has direct access to the Internet, allowing for the connection of devices through this route. The other type of network that is not commonly spoken about is the kind of network of other wireless signals. This can be a Bluetooth network, zigbee network, UWB network, and so many more. This network is called a wireless sensor network as it typically includes many different wireless sensors, all with different wireless protocols. During this section, we will explore these two very similar but distinctly different networks and how the vulnerabilities vary between the two.

3.3.1. WiFi & Ethernet Based Networks

The most common network within the IoT ecosystem is the WiFi and Ethernet based networks. The reason is that this allows devices to connect to each other via a cloud platform or via the individual home network. The purpose of this is to allow users to connect to IoT devices from anywhere in the world, even if they are not near the devices. This can be good because it allows IoT data to be transferred far and wide, but it can also be extremely dangerous because it allows the adversary to have more room to gain access to the device data during transfer. One of the most simple kinds of attack on a WiFi enabled device is the Denial of Service (DoS), Distributed Denial of Service (DDoS), and Energy-Oriented Distributed Denial of Service (E-DDos) attacks [67]. A simple DDoS attack would look like in Figure 11 where the adversary knows the IP address of the device that is connected to the Internet. From there, they will send a ton of traffic data towards that IP address in hopes of flooding the network of that other device. From there, the network will slow down drastically with more traffic diverted, and it will eventually just stop all together and crash, making that device go off-line [68]. In addition to the use of a DoS and DDos attack, there is also something called an E-DDoS attack. This is the kind of attack where the purpose of the attack is not to shut down the device through malicious traffic but rather to overload the devices power consumption with the purpose of either short circuiting out something on the devices PCB board or by increasing the cost it takes to run the device. These types of attack are common as well, because usually they are not targeted attacks, but rather they are just from someone targeting a group of devices [67].

As we can see in Figure 10, various attacks on the Denial of Service attacks can be split into three types of attacks. The first would be the volume-based attacks where the purpose is to flood the TCP, ICP, or UDP which would cause the internal network to be overwhelmed by traffic. Next we would have the protocol based attacks where the attacker would do a SYN Flood, Ping of Death or Smurf Attack. These kinds of attack are designed to overload the resources of the network. For example, a ping-of-death attack would simply send a data packet that is larger than the maximum size allowed by the server. A smurf attack would send out an echo to every single device on the network, which would choke the network in the end, and lastly, a SYN flood attack is when the attacker would initiate a network connection without actually finalizing the connection. Lastly, we have the application layer attacks which would attack the actual web servers or application firewalls. These include Slowloris, which would make the attacker use partial HTTP requests to keep connections to a web server open for a long period of time. It also includes HTTP flood and SMTP attacks. The HTTP flood attack that attempts the application server with http requests and an SMTP attack is any exploitation of the SMTP server in hopes of gaining access to the data within the server [67].

Figure 10. Types of Attacks. The image has been inspired by [67]

Figure 10. Types of Attacks. The image has been inspired by [67]

Figure 11. DDoS Attack. The image has been inspired by [68].

Figure 11. DDoS Attack. The image has been inspired by [68].

Other than the basic DoS style attacks that are currently present and will always be present in some manner, we have some other attacks that allow for traffic monitoring over the network such as WiFi fingerprinting, which allows for WiFi eavesdropping. For example, if we were to look at a buildings camera system bit-rate, we would be able to infer the object movements from within the building, which would tell the adversary what they believe is happening. It will not give specific information on the uses of the devices, but it would give enough information where the adversary may be able to infer its use case and what kind of device it is [69]. However, some other attacks include analyzing TCP/IP level packets using network monitoring applications such as wireshark or even WiFi over air sniffers. By doing this, the adversary can analyze key characteristics of the specific network of devices. They can see who is talking and what kind of information they are transmitting to each other [69]. And they can take this step further and actually break down the packets to its individual bits and then rebuild it again so that they can see more specific information on what kind of data is being transferred. Figure 12 shows how such an attack may occur with an adversary and target.

These kinds of attack, as shown above, can work in multiple different ways; however, in the above case, we have two phases, one being offline and the other being online. During the offline phase, the attacker will be performing the profiling, while in the online phase, the attacker will be performing device identification. The offline phase consists of the network capturing over the air with a sniffer. From that, the attacker preprocesses the data and extracts features so that it can upload them to a machine learning algorithm which would go into training and testing mode. The model will then predict what is happening on that network. The next phase would be the online phase where they would actively eavesdrop on the network and grab that device and make a prediction of the devices that are being used. This is the kind of information that is needed for an attacker as it tells them the inventory of all of the WiFi enabled devices in the vicinity.

And finally, regarding the network attacks for Ethernet and WiFi, there are numerous open-source programs that are built within Kali Linux as well as throughout the Internet that allow users to do essentially anything they want to a network. There are also numerous devices out there built for this purpose, and instructions on how to build your own device for this purpose. Such devices may require a raspberry pi, Arduino, etc., and some already built-out devices may include WiFi sniffers, WiFi Pineapple, etc. As for software, we have software programs that allow for WiFi cracking, WiFi analysis, such as wire shark, and also specific programs built to inject information. With this being said, these kinds of attack are always evolving as the security evolves, which is the most dangerous thing, as it means that it is difficult to prevent as a whole.

3.3.2. Wireless Sensor Networks

A wireless sensor network (WSN) is essentially any network that is spatially dispersed with specific sensors that transmit data. This is the very reason the vast majority of IoT devices come into play because these networks can range from Zigbee and Zwave to GPS and 5G networks. These networks just refer to all of the wireless protocols as a whole, but for the sake of this paper, I have split the WiFi and Ethernet based approaches from this section due to the amount of vulnerabilities that exist in those networks alone. For wireless sensor network attacks, the DoS taxonomy can be broken down in Figure 13.

In the above framework, we can see that for WSN devices, a DoS attack framework is filled with a variety of attacks that include those of WiFi and Ethernet, but also many more. The most common attack from this framework is on the physical layer DoS attack, where the adversary would be tampering with nodes in the network as well as jamming them. By doing this kind of attack, they are able to gather the code from the device itself and either modify it or delete it, and for the jamming aspect, if they were to add a malicious node to the network, they would be able to stop nodes from transmitting or even receiving data by blocking the connections [70]. We then have the link layer DoS attacks which can include the malicious node trying to gain the trust of a neighboring node, exhausting a neighboring node by constantly sending requests to it, and then collision attacks which have a purpose of shutting down the node all together by erroring it out [70]. Then we have the network layer attack where the goal is to drown out the network in a similar way to what was seen above in the WiFi section. Then we have the transport layer, which includes flooding attacks where the network is flooded with malicious nodes, and then desynchronization attacks where they rearrange the messages that are sent between the node, making them not in sync or behind other nodes on information [70]. Lastly, we have the application layer attack where, much like in the WiFi section, they target the applications itself.

In Figure 14, we can see that the green dots are the good nodes that just collect information with their sensors. Then they receive directions from the blue square nodes and the red square nodes are the malicious nodes. In this case, we can see that the malicious nodes would look identical to the regular nodes and the source node, which allows those nodes to just integrate themselves as part of the system [71].

Looking at the idea of adding a malicious node to the network, the adversary can also perform what is called a black hole attack, as shown in Figure 16. In this kind of attack, the idea is that the malicious node would get all other nodes to redirect their data transfer to them so that it has full control of the data. Usually by doing this, they are able to stop the full data transfer from occurring by essentially being a black hole for the data [71,72]. A similar style of attack to this is what is called a wormhole attack, where the data is essentially rerouted to a completely different node than the node for which it was intended by creating a tunnel, as shown in the following figure [73,74].

In Figure 15, we can see that the malicious node grabs data from the good nodes near node A and then sends the data through a wormhole tunnel to node B, and node B does the same. This allows the two nodes to control the flow of the data and reroute the data between each other [74]. And we can also break down the modes of a wormhole attack into four distinct categories. The first one is a packet encapsulation, where if there are two or more nodes, data can be compressed and sent between these two nodes, which would prevent the hop count increments that usually occur in wireless sensor networks [74]. Then we have the packet relay mode, where any node within the network can be affected and launch the attack. This is also known as a relay-based attack [74]. Next we have the out-of-band channel attack where only one sensor is needed for the attack; however, it must have a high transmition power, which would affect the route of the packet that passes through it. Lastly, we have the protocol distortion mode where malicious nodes attempt to invite traffic by altering the routing protocol [74].

Figure 15. Wormhole Attack Tunnel. The image has been inspired by [74].

Figure 15. Wormhole Attack Tunnel. The image has been inspired by [74].

Figure 16. Blackhole Attack. The image has been inspired by [75].

Figure 16. Blackhole Attack. The image has been inspired by [75].

Figure 17. System model of a typical smart cloud-based home deployment. The image has been inspired by [76].

Figure 17. System model of a typical smart cloud-based home deployment. The image has been inspired by [76].

Figure 18. Phantom Delay Attack. The image has been inspired by [76].

Figure 18. Phantom Delay Attack. The image has been inspired by [76].

Just as there are sniffers and other technologies built just for Wi-Fi networks and Ethernet networks, the same applies to every other kind of signal out there. For example, you can find and purchase prebuilt UWB sniffers, Zigbee sniffers, Zwave sniffers, Bluetooth sniffers, and so many more. Even if there is no prebuilt one that you can buy off the counter, they also have open source code that works with Arduino boards and Raspberry Pi boards that would allow you to do the same. With this being said, this allows the attacker to analyze the packets of any kind of signal in use, no matter what kind of wireless signal it is.

3.3.3. Cloud Based Networks

When discussing network vulnerabilities within the Internet of Things, it is important to mention a big and recent important player in the world of the Internet of Things, the IoT cloud computing architecture. As IoT technology alone cannot fully meet the growing number of consumers and their computing requirements, the concept of IoT cloud computing comes into place and refers to the integration of IoT technology and cloud computing resources. Although there are pros to the integration of IoT and cloud computing, there are several security issues that also play a role in the cloud of the IoT. Since there are several articles that do a good job summarizing different IoT cloud vulnerabilities, I am going to cover two contemporary vulnerabilities that relate to Phantom-Delay Attacks and Post-quantum Cryptography.

Phantom-Delay Attacks are IoT vulnerabilities that were recently discovered. These attacks exploit a vulnerability in communication between IoT devices and servers. Attacks allow the attacker to delay IoT messages, resulting in several serious consequences [77]. There are two main attack primitives when discussing Phantom-Delay Attacks: IoT Event Message Delay (e-Delay) and IoT Command Message Delay (c-Delay). There are two types of IoT events between an IoT device and a server: an IoT device can send a ’device state’ event (such as a ’motion active’ event) to the server, and a server issues an IoT command (such as a ’front door lock’ command). Because of the time it takes to transmit a packet, a delay will always occur from the moment of an event/command to the moment of delivery (typically sub-seconds and do not cause issues). Using a Phantom Delay Attack, an adversary can increase the delay to minutes or even hours, which means that when the IoT cloud server receives the event sent a while ago, it will still assume that the device’s state update is fresh [78].

There are three types of attack categories: State Update Delay Attack - uses e-Delay to packets of an event message that reports an IoT state update (can be used on critical IoT devices such as IoMT devices and Internet of Agricultural Things that require a fast response); Action Delay Attack – Due to automation, an event can trigger a spontaneous action, so by using an e-Delay attack you can delay this action (in theory it could be used to delay actions like an insulin pump that uses a continuous glucose monitor (CGM) to check blood sugar level); Erroneous Execution Attack – there are two kinds of Erroneous Execution attacks: 1) Spurious Execution which happens when an action command that should not happen still occurs (even though the automation condition is set to false, a delay attack will keep it as true); 2) Disabled Execution, which happens when an action command that should occur, still do not occur (even though the automation condition is set to true, a delay attack will keep it as false).

Unlike jamming, these attacks can be launched from an ordinary Wi-Fi device and do not discard any packets, and thus do not trigger re-transmission. To deploy phantom delay attacks, an adversary must be able to have one Wi-Fi device in control of the victim’s environment, which can be used to sniff traffic and hijack the TCP session of the target device (ARP spoofing can be used) [79].

4. Artificial Intelligence

5. The Cloud

6. Conclusion and Future Research to be Worked

7. Acknowledgment

Table 1. Common Abbreviations.

References

1. Zhong, C.L.; Zhu, Z.; Huang, R.G. Study on the IOT Architecture and Gateway Technology 2015. pp. 196–199. [CrossRef]
2. Pico-Valencia, P.; Holgado-Terriza, J.A.; Quiñónez-Ku, X. A Brief Survey of the Main Internet-Based Approaches. An Outlook from the Internet of Things Perspective 2020. pp. 536–542. [CrossRef]
3. Al-Fuqaha, A.; Guizani, M.; Mohammadi, M.; Aledhari, M.; Ayyash, M. Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications. IEEE Communications Surveys and Tutorials 2015, 17, 2347–2376. [Google Scholar] [CrossRef]
4. Singh, D.; Tripathi, G.; Jara, A.J. A survey of Internet-of-Things: Future vision, architecture, challenges and services 2014. pp. 287–292. [CrossRef]
5. Arasteh, H.; Hosseinnezhad, V.; Loia, V.; Tommasetti, A.; Troisi, O.; Shafie-khah, M.; Siano, P. Iot-based smart cities: A survey 2016. pp. 1–6. [CrossRef]
6. Zanella, A.; Bui, N.; Castellani, A.; Vangelista, L.; Zorzi, M. Internet of Things for Smart Cities. Internet of Things Journal, IEEE 2012, 1. [Google Scholar] [CrossRef]
7. Sivapriyan, R.; Rao, K.M.; Harijyothi, M. Literature Review of IoT based Home Automation System 2020. pp. 101–105. [CrossRef]
8. CardiacSense. Heart Rate Monitor Watch. https://www.cardiacsense.com/heart-rate-monitor-watch/, 2023. Accessed: June 2023.
9. Islam, S.M.R.; Kwak, D.; Kabir, M.H.; Hossain, M.; Kwak, K. The Internet of Things for Health Care: A Comprehensive Survey. IEEE Access 2015, 3, 678–708. [Google Scholar] [CrossRef]
10. Farooq, M.S.; Riaz, S.; Abid, A.; Abid, K.; Naeem, M.A. A Survey on the Role of IoT in Agriculture for the Implementation of Smart Farming. IEEE Access 2019, 7, 156237–156271. [Google Scholar] [CrossRef]
11. SeeTree. About Us. https://www.seetree.ai/about-seetree, 2017. Accessed: September 2023.
12. Shachar, O.; Yushchuk, M.; Salton-Morgenstern, G. Recurrent pattern image classification and registration, Jan, 2020.
13. Kott, A.; Swami, A.; West, B.J. The Internet of Battle Things. Computer 2016, 49, 70–75. [Google Scholar] [CrossRef]
14. Russell, S.; Abdelzaher, T. The Internet of Battlefield Things: The Next Generation of Command, Control, Communications and Intelligence (C3I) Decision-Making 2018. pp. 737–742. [CrossRef]
15. Farahani, S. ZigBee Wireless Networks and Transceivers; Newnes, 2011.
16. Ergen, S.C. ZigBee/IEEE 802.15. 4 Summary. UC Berkeley, September 2004, 10, 11. [Google Scholar]
17. Elahi, A.; Gschwender, A. ZigBee Wireless Sensor and Control Network; Pearson Educ.: London, U.K., 2009. [Google Scholar]
18. Norair, J. Introduction to DASH7 technologies. Dash7 alliance low power RF technical overview 2009, pp. 1–22.
19. Piromalis, D.; Arvanitis, K.; Sigrimis, N. DASH7 mode 2: A promising perspective for wireless agriculture. IFAC Proceedings Volumes 2013, 46, 127–132. [Google Scholar] [CrossRef]
20. Ayoub, W.; Samhat, A.E.; Nouvel, F.; Mroue, M.; Prévotet, J.C. Internet of Mobile Things: Overview of LoRaWAN, DASH7, and NB-IoT in LPWANs Standards and Supported Mobility. IEEE Communications Surveys and Tutorials 2019, 21, 1561–1581. [Google Scholar] [CrossRef]
21. Czyz, J.; Luckie, M.J.; Allman, M.; Bailey, M. Don’t forget to lock the back door! A characterization of IPv6 network security policy. Proc. NDSS, 2016.
22. Lashkari, A.H.; Danesh, M.M.S.; Samadi, B. A survey on wireless security protocols (WEP, WPA and WPA2/802.11 i) 2009. pp. 48–52.
23. Kohlios, C.P.; Hayajneh, T. A comprehensive attack flow model and security analysis for Wi-Fi and WPA3. Electronics 2018, 7, 284. [Google Scholar] [CrossRef]
24. Alliance, W.F. Wi-Fi Alliance Official Website. https://www.wi-fi.org/. Accessed: September 2023.
25. Banerji, S.; Chowdhury, R.S. On IEEE 802.11: Wireless Lan Technology. International Journal of Mobile Network Communications &Telematics 2013, 3, 45–64. [Google Scholar] [CrossRef]
26. Ezhilarasan, E.; Dinakaran, M. A review on mobile technologies: 3G, 4G and 5G. 2017 second international conference on recent trends and challenges in computational models (ICRTCCM). IEEE, 2017, pp. 369–373.
27. Akyildiz, I.F.; Gutierrez-Estevez, D.M.; Reyes, E.C. The evolution to 4G cellular systems: LTE-Advanced. Physical communication 2010, 3, 217–244. [Google Scholar] [CrossRef]
28. Zhang, Y.; Årvidsson, A. Understanding the characteristics of cellular data traffic. Proceedings of the 2012 ACM SIGCOMM workshop on Cellular networks: operations, challenges, and future design, 2012, pp. 13–18.
29. Chettri, L.; Bera, R. A comprehensive survey on Internet of Things (IoT) toward 5G wireless systems. IEEE Internet of Things Journal 2019, 7, 16–32. [Google Scholar] [CrossRef]
30. Zeqiri, R.; Idrizi, F.; Halimi, H. Comparison of Algorithms and Technologies 2G, 3G, 4G and 5G. 2019 3rd International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT). IEEE, 2019, pp. 1–4.
31. Shelby, Z.; Bormann, C. 6LoWPAN: The wireless embedded Internet; John Wiley & Sons, 2011.
32. Mulligan, G. The 6LoWPAN architecture. Proceedings of the 4th workshop on Embedded networked sensors, 2007, pp. 78–82.
33. Mulligan, G. The 6LoWPAN architecture 2007. pp. 78–82.
34. Baker, N. ZigBee and Bluetooth: Strengths and weaknesses for industrial applications. Computing and Control Engineering 2005, 16, 20–25. [Google Scholar] [CrossRef]
35. Bisdikian, C. An overview of the Bluetooth wireless technology. IEEE Communications Magazine 2001, 39, 86–94. [Google Scholar] [CrossRef]
36. Tosi, J.; Taffoni, F.; Santacatterina, M.; Sannino, R.; Formica, D. Performance evaluation of bluetooth low energy: A systematic review. Sensors 2017, 17, 2898. [Google Scholar] [CrossRef]
37. Group, B.S.I. Technology Overview. https://www.bluetooth.com/learn-about-bluetooth/tech-overview/. Accessed: September 2023.
38. Haxhibeqiri, J.; De Poorter, E.; Moerman, I.; Hoebeke, J. A survey of LoRaWAN for IoT: From technology to application. Sensors 2018, 18, 3995. [Google Scholar] [CrossRef]
39. Khutsoane, O.; Isong, B.; Abu-Mahfouz, A.M. IoT devices and applications based on LoRa/LoRaWAN. IECON 2017-43rd Annual Conference of the IEEE Industrial Electronics Society. IEEE, 2017, pp. 6107–6112.
40. Lavric, A.; Petrariu, A.I.; Popa, V. Long range sigfox communication protocol scalability analysis under large-scale, high-density conditions. IEEE Access 2019, 7, 35816–35825. [Google Scholar] [CrossRef]
41. Fourtet, C.; Ponsard, B. An introduction to Sigfox radio system. In LPWAN Technologies for IoT and M2M Applications; Elsevier, 2020; pp. 103–118.
42. Sigfox. Sigfox 0G Technology. https://www.sigfox.com/, 2023. Accessed: May 2023.
43. Ratasuk, R.; Vejlgaard, B.; Mangalvedhe, N.; Ghosh, A. NB-IoT system for M2M communication 2016. pp. 1–5. [CrossRef]
44. Coskun, V.; Ok, K.; Ozdenizci, B. Near field communication (NFC): From theory to practice; JohnWiley & Sons, 2011.
45. Coskun, V.; Ozdenizci, B.; Ok, K. A survey on near field communication (NFC) technology. Wireless personal communications 2013, 71, 2259–2294. [Google Scholar] [CrossRef]
46. Danbatta, S.J.; Varol, A. Comparison of Zigbee, Z-Wave, Wi-Fi, and bluetooth wireless technologies used in home automation. 2019 7th International Symposium on Digital Forensics and Security (ISDFS). IEEE, 2019, pp. 1–5.
47. Alliance, Z.W. Z-Wave Official Website. https://www.z-wave.com/. Accessed: September 2023.
48. Bhavya, R.; Lokesh, M. A Survey on Li-Fi Technology. An International Journal of Engineering & Technology 2016, 3. [Google Scholar]
49. Haas, H.; Yin, L.; Wang, Y.; Chen, C. What is LiFi? Journal of Lightwave Technology 2016, 34, 1533–1544. [Google Scholar] [CrossRef]
50. LiFi.co. How LiFiWorks. https://lifi.co/how-lifi-works/, 2023. Accessed: May 2023.
51. Zhuang, W.; Shen, X.; Bi, Q. Ultra-wideband wireless communications. Wireless communications and mobile computing 2003, 3, 663–685. [Google Scholar] [CrossRef]
52. Hirt, W. Ultra-wideband radio technology: overview and future research. Computer Communications 2003, 26, 46–52. [Google Scholar] [CrossRef]
53. Aiello, G.; Rogerson, G. Ultra-wideband wireless systems. IEEE Microwave Magazine 2003, 4, 36–47. [Google Scholar] [CrossRef]
54. Naik, N. Choice of effective messaging protocols for IoT systems: MQTT, CoAP, AMQP and HTTP 2017. pp. 1–7. [CrossRef]
55. Fernandes, J.L.; Lopes, I.C.; Rodrigues, J.J.; Ullah, S. Performance evaluation of RESTful web services and AMQP protocol. 2013 Fifth international conference on ubiquitous and future networks (ICUFN). IEEE, 2013, pp. 810–815.
56. Betzler, A.; Gomez, C.; Demirkol, I.; Paradells, J. CoAP congestion control for the internet of things. IEEE Communications Magazine 2016, 54, 154–160. [Google Scholar] [CrossRef]
57. Chen, Y.; Kunz, T. Performance evaluation of IoT protocols under a constrained wireless access network. 2016 International Conference on Selected Topics in Mobile & Wireless Networking (MoWNeT), 2016, pp. 1–7. [CrossRef]
58. (OMG), O.M.G. The real-time publish-subscribe wire protocol DDS interoperability wire protocol specification. OMG, Version 2.2 2014.
59. Neshenko, N.; Bou-Harb, E.; Crichigno, J.; Kaddoum, G.; Ghani, N. Demystifying IoT Security: An Exhaustive Survey on IoT Vulnerabilities and a First Empirical Look on Internet-Scale IoT Exploitations. IEEE Communications Surveys and Tutorials 2019, 21. [Google Scholar] [CrossRef]
60. Haataja, K.; Toivanen, P. Two practical man-in-the-middle attacks on Bluetooth secure simple pairing and countermeasures. IEEE Transactions on Wireless Communications 2010, 9, 384–392. [Google Scholar] [CrossRef]
61. Rahman, M.T.; Shi, Q.; Tajik, S.; Shen, H.; Woodard, D.L.; Tehranipoor, M.; Asadizanjani, N. Physical Inspection & Attacks: New Frontier in Hardware Security. 2018 IEEE 3rd International Verification and Security Workshop (IVSW), 2018, pp. 93–102. [CrossRef]
62. Wurm, J.; Hoang, K.; Arias, O.; Sadeghi, A.R.; Jin, Y. Security analysis on consumer and industrial IoT devices. Proc. 21st Asia South Pac. Design Autom. Conf. (ASP-DAC), 2016, pp. 519–524.
63. Bou-Harb, E.; Fachkha, C.; Pourzandi, M.; Debbabi, M.; Assi, C. Communication security for smart grid distribution networks. IEEE Commun. Mag. 2013, 51, 42–49. [Google Scholar] [CrossRef]
64. Koley, S.; Ghosal, P. Addressing Hardware Security Challenges in Internet of Things: Recent Trends and Possible Solutions. 2015 IEEE 12th Intl Conf on Ubiquitous Intelligence and Computing and 2015 IEEE 12th Intl Conf on Autonomic and Trusted Computing and 2015 IEEE 15th Intl Conf on Scalable Computing and Communications and Its Associated Workshops (UIC-ATC-ScalCom), 2015, pp. 517–520. [CrossRef]
65. Pan, Z.; Mishra, P. Design of AI Trojans for Evading Machine Learning-based Detection of Hardware Trojans. 2022 Design, Automation & Test in Europe Conference & Exhibition (DATE), 2022, pp. 682–687. [CrossRef]
66. Gaydos, M.G.;Wallace, N.L.; Brown, R.G. Reverse Engineering and Embedded Processor Analysis. Technical report, Sandia National Lab.(SNL-NM), Albuquerque, NM (United States), 2020.
67. Tushir, B.; Dalal, Y.; Dezfouli, B.; Liu, Y. A Quantitative Study of DDoS and E-DDoS Attacks on WiFi Smart Home Devices. IEEE Internet of Things Journal 2021, 8, 6282–6292. [Google Scholar] [CrossRef]
68. Ashfaq, M.F.; Malik, M.; Fatima, U.; Shahzad, M.K. Classification of IoT based DDoS Attack using Machine Learning Techniques. 2022 16th International Conference on Ubiquitous Information Management and Communication (IMCOM), 2022, pp. 1–6. [CrossRef]
69. Alyami, M.; Alharbi, I.; Zou, C.; Solihin, Y.; Ackerman, K. WiFi-based IoT Devices Profiling Attack based on Eavesdropping of EncryptedWiFi Traffic. 2022 IEEE 19th Annual Consumer Communications & Networking Conference (CCNC), 2022, pp. 385–392. [CrossRef]
70. Sinha, S.; G, K. Network layer DoS Attack on IoT System and location identification of the attacker. 2021 Third International Conference on Inventive Research in Computing Applications (ICIRCA), 2021, pp. 22–27. [CrossRef]
71. Kumavat, K.S.; Gomes, J. Performance Evaluation of IoT-enabled WSN system With and Without DDoS Attack. 2023 International Conference for Advancement in Technology (ICONAT), 2023, pp. 1–5. [CrossRef]
72. Siddiqui, M.N.; Malik, K.R.; Malik, T.S. Performance Analysis of Blackhole and Wormhole Attack in MANET Based IoT. 2021 International Conference on Digital Futures and Transformative Technologies (ICoDT2), 2021, pp. 1–8. [CrossRef]
73. Tatar, E.E.; Dener, M. Wormhole Attacks in IoT Based Networks. 2021 6th International Conference on Computer Science and Engineering (UBMK), 2021, pp. 478–482. [CrossRef]
74. Verma, M.K.; Dwivedi, R.K. A Survey on Wormhole Attack Detection and Prevention Techniques in Wireless Sensor Networks. 2020 International Conference on Electrical and Electronics Engineering (ICE3), 2020, pp. 326–331. [CrossRef]
75. Ali, S.; Khan, M.A.; Ahmad, J.; Malik, A.W.; ur Rehman, A. Detection and prevention of Black Hole Attacks in IOT & WSN. 2018 Third International Conference on Fog and Mobile Edge Computing (FMEC), 2018, pp. 217–226. [CrossRef]
76. Fu, C.; Zeng, Q.; Chi, H.; Du, X.; Valluru, S.L. IoT Phantom-Delay Attacks: Demystifying and Exploiting IoT Timeout Behaviors. 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2022, pp. 428–440. [CrossRef]
77. Fu, C.; Zeng, Q.; Chi, H.; Du, X.; Valluru, S.L. Iot phantom-delay attacks: Demystifying and exploiting iot timeout behaviors. 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 2022, pp. 428–440.
78. Nassi, B.; Nassi, D.; Ben-Netanel, R.; Mirsky, Y.; Drokin, O.; Elovici, Y. Phantom of the adas: Phantom attacks on driver-assistance systems. Cryptology ePrint Archive 2020. [Google Scholar]
79. Whalen, S. An introduction to arp spoofing. Node99 [Online Document] 2001, 563. [Google Scholar]
80. Kim, D.W.; Jang, H.Y.; Kim, K.W.; Shin, Y.; Park, S.H. Design characteristics of studies reporting the performance of artificial intelligence algorithms for diagnostic analysis of medical images: results from recently published papers. Korean journal of radiology 2019, 20, 405–410. [Google Scholar] [CrossRef] [PubMed]
81. Hussain, F.; Hussain, R.; Hassan, S.A.; Hossain, E. Machine Learning in IoT Security: Current Solutions and Future Challenges. IEEE Communications Surveys & Tutorials 2020, 22, 1686–1721. [Google Scholar] [CrossRef]
82. Abu Al-Haija, Q.; Zein-Sabatto, S. An efficient deep-learning-based detection and classification system for cyber-attacks in IoT communication networks. Electronics 2020, 9, 2152. [Google Scholar] [CrossRef]
83. Zhang, J.; Pan, L.; Han, Q.L.; Chen, C.; Wen, S.; Xiang, Y. Deep learning based attack detection for cyber-physical system cybersecurity: A survey. IEEE/CAA Journal of Automatica Sinica 2021, 9, 377–391. [Google Scholar] [CrossRef]
84. Handa, A.; Sharma, A.; Shukla, S.K. Machine learning in cybersecurity: A review. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery 2019, 9, e1306. [Google Scholar] [CrossRef]
85. Al-Garadi, M.A.; Mohamed, A.; Al-Ali, A.K.; Du, X.; Ali, I.; Guizani, M. A Survey of Machine and Deep Learning Methods for Internet of Things (IoT) Security. IEEE Communications Surveys & Tutorials 2020, 22, 1646–1685. [Google Scholar] [CrossRef]
86. Zohuri, B.; Moghaddam, M. Deep learning limitations and flaws. Mod. Approaches Mater. Sci 2020, 2, 241–250. [Google Scholar] [CrossRef]
87. Raji, I.D.; Kumar, I.E.; Horowitz, A.; Selbst, A. The fallacy of AI functionality. Proceedings of the 2022 ACM Conference on Fairness, Accountability, and Transparency, 2022, pp. 959–972.
88. Hou, L.; Zhao, S.; Xiong, X.; Zheng, K.; Chatzimisios, P.; Hossain, M.S.; Xiang, W. Internet of things cloud: Architecture and implementation. IEEE Communications Magazine 2016, 54, 32–39. [Google Scholar] [CrossRef]
89. Lin, Y.; Shao, L.; Zhu, Z.; Wang, Q.; Sabhikhi, R.K. Wireless network cloud: Architecture and system requirements. IBM Journal of Research and Development 2010, 54, 4–1. [Google Scholar] [CrossRef]
90. Varia, J. Cloud architectures. White Paper of Amazon, jineshvaria. s3. amazonaws. com/public/cloudarchitectures-varia. pdf 2008, 16. [Google Scholar]
91. Wilder, B. Cloud architecture patterns: using microsoft azure; " O’Reilly Media, Inc.", 2012.
92. Wan, J.; Yang, J.; Wang, Z.; Hua, Q. Artificial intelligence for cloud-assisted smart factory. IEEE Access 2018, 6, 55419–55430. [Google Scholar] [CrossRef]
93. Chang, Z.; Liu, S.; Xiong, X.; Cai, Z.; Tu, G. A Survey of Recent Advances in Edge-Computing-Powered Artificial Intelligence of Things. IEEE Internet of Things Journal 2021, 8, 13849–13875. [Google Scholar] [CrossRef]
94. Mohanta, B.K.; Jena, D.; Satapathy, U.; Patnaik, S. Survey on IoT security: Challenges and solution using machine learning, artificial intelligence and blockchain technology. Internet of Things 2020, 11, 100227. [Google Scholar] [CrossRef]
95. Ghosh, A.; Chakraborty, D.; Law, A. Artificial intelligence in Internet of things. CAAI Transactions on Intelligence Technology 2018, 3, 208–218. [Google Scholar] [CrossRef]