Next Article in Journal
Automated Disassembly of Waste Printed Circuit Boards: The Role of Edge Computing and IoT
Previous Article in Journal
Using Deep Learning to Identify Deepfakes Created Using Generative Adversarial Networks
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Computers
Volume 14
Issue 2
10.3390/computers14020061
computers-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

A Literature Review on Security in the Internet of Things: Identifying and Analysing Critical Categories

by
Hannelore Sebestyen
1,*,
Daniela Elena Popescu
2,* and
Rodica Doina Zmaranda
2
1
Faculty of Automation and Computing, Politehnica University Timișoara, 300223 Timişoara, Romania
2
Computers and Information Technology Department, University of Oradea, 410087 Oradea, Romania
*
Authors to whom correspondence should be addressed.
Computers 2025, 14(2), 61; https://doi.org/10.3390/computers14020061
Submission received: 28 December 2024 / Revised: 1 February 2025 / Accepted: 8 February 2025 / Published: 11 February 2025
Browse Figures
Versions Notes

Abstract

:
With the proliferation of IoT-based applications, security requirements are becoming increasingly stringent. Given the diversity of such systems, selecting the most appropriate solutions and technologies to address the challenges is a complex activity. This paper provides an exhaustive evaluation of existing security challenges related to the IoT domain, analysing studies published between 2021 and 2025. This review explores the evolving landscape of IoT security, identifying key focus areas, challenges, and proposed solutions as presented in recent research. Through this analysis, the review categorizes IoT security efforts into six main areas: emerging technologies (35.2% of studies), securing identity management (19.3%), attack detection (17.9%), data management and protection (8.3%), communication and networking (13.8%), and risk management (5.5%). These percentages highlight the research community’s focus and indicate areas requiring further investigation. From leveraging machine learning and blockchain for anomaly detection and real-time threat response to optimising lightweight algorithms for resource-limited devices, researchers propose innovative and adaptive solutions to address emerging threats. The review underscores the integration of advanced technologies to enhance IoT system security, while also highlighting ongoing challenges. The paper concludes with a synthesis of security challenges and threats of each identified category, along with their solutions, aiming to support decision-making during the design approach of IoT-based applications and to guide future research toward comprehensive and efficient IoT frameworks.

1. Introduction

1.1. IoT Evolution Overview

The Internet of Things represents one of the most transformative technological advancements of the contemporary era. By enabling physical objects to connect to the internet, exchange data, and interact autonomously, IoT has significantly reshaped various aspects of our lives, including how we live, work, and communicate. The exponential growth of interconnected devices, spanning from everyday household appliances to sophisticated industrial machinery, has fostered a highly integrated ecosystem that offers unparalleled convenience, efficiency, and potential for innovation [1]. However, this interconnectedness, while presenting new opportunities for progress, also introduces a series of complex security challenges that cannot be disregarded.
According to the IoT Analytics platform, it is projected that the number of IoT-connected devices will surge by 13% annually in 2024, reaching 18.8 billion devices. Figure 1 represents a substantial increase of 8.5 billion compared to 2019 [2]. Furthermore, it is anticipated that this number will double by 2030, potentially surpassing 40 billion devices.
At its core, the Internet of Things comprises a vast network of physical objects equipped with sensors, software, and various technologies, enabling them to communicate with one another and centralised systems via the internet. This communication facilitates real-time data collection and analysis, driving intelligent automation across diverse sectors including healthcare, transportation, agriculture, energy management, and urban planning. In smart cities, for instance, IoT technologies are used to optimise traffic flow, reduce energy consumption, enhance public safety, and even manage waste efficiently.
While these capabilities offer substantial opportunities for enhancing efficiency and convenience, they also entail a critical vulnerability: the security of these devices. The very attributes that make IoT devices appealing—such as the ability to collect and transmit sensitive data—also render them susceptible to cyber threats. Each additional device connected to the internet expands the digital attack surface, creating more potential entry points for malicious actors. A compromised device can serve as an entry gateway for attackers, enabling them to infiltrate entire networks, steal sensitive data, or disrupt critical infrastructure.
The urgency of securing the Internet of Things has never been more pressing. As the number of connected devices continues to rise, so do the threats and vulnerabilities that they introduce. In the context of IoT, cybersecurity is not merely about protecting devices from unauthorised access; it encompasses safeguarding entire ecosystems of interconnected systems from a diverse range of cyber threats. The risks associated with inadequate security are far-reaching—personal data may be exposed, critical infrastructure can be compromised, and public trust in these technologies may diminish. Several high-profile incidents, such as attacks on unsecured smart home devices, have already underscored the potential consequences of IoT vulnerabilities, raising alarms in both the public and private sectors.
Emerging technologies play a pivotal role in enhancing security measures against the evolving landscape of cyber threats within IoT environments. By integrating solutions such as Artificial Intelligence, Blockchain, Machine Learning and other innovative technologies, organisations can construct more robust defences against sophisticated attacks. For instance, AI-powered anomaly detection systems can assist in identifying unusual patterns of behaviour within IoT networks, facilitating expedited detection of potential breaches. Blockchain, with its decentralised and immutable ledger, provides a means of securing data exchanges between devices and ensuring the integrity of communications. Public Key Infrastructure systems can provide enhanced authentication mechanisms for IoT devices, thereby reducing the likelihood of unauthorised access. As these technologies continue to evolve, they will play an indispensable role in addressing the unique security challenges posed by the interconnected nature of IoT.
In the realm of Internet of Things technology, cyber threats are exhibiting a remarkable level of sophistication. Hackers are increasingly targeting devices equipped with inadequate or insufficient security measures, thereby gaining unauthorized access to larger networks. Factors such as inadequate encryption, the absence of robust authentication protocols, and outdated software contribute to the surge in cyber incidents within the IoT ecosystem. Consequently, addressing these vulnerabilities necessitates a comprehensive and proactive security strategy that transcends mere technical solutions. It encompasses not only technical measures but also well-defined policy frameworks and industry standards.
To underscore the paramount importance of addressing IoT security vulnerabilities, Table 1 presents a comprehensive overview of the most significant IoT-related attacks that occurred between 2015 and 2024.
The analysis presented in Table 1 underscores several critical observations regarding the nature and implications of security attacks on IoT systems that have occurred over the past decade:
  • Diversity of attack domains
    IoT systems across a broad range of domains have been targeted, reflecting the extensive integration of IoT technologies in both consumer and industrial sectors. Attacks on consumer devices, including wearables and smart home systems (e.g., Mirai Botnet, Ring Doorbell Hacks, Garmin Ransomware), highlight the vulnerabilities inherent in devices used daily by individuals. Similarly, industrial systems (e.g., the Jeep Cherokee Hack) and critical infrastructure (e.g., Colonial Pipeline Ransomware, Oldsmar Water Treatment Attack) have been compromised, emphasizing the risks to operational continuity, public safety, and essential services.
  • Economic and social impact
    The financial and operational consequences of IoT-related attacks have been profound. High-profile incidents such as the Garmin Ransomware, WannaCry Ransomware, and Colonial Pipeline Ransomware illustrate the significant economic losses incurred through ransom payments, downtime, and operational disruptions. These attacks also underscore the social ramifications, including the erosion of public trust, exposure of sensitive personal and organizational data, and heightened concerns regarding the reliability and security of IoT-enabled systems. For instance, breaches of consumer devices like Ring cameras not only caused privacy violations but also instilled a sense of insecurity among users regarding the safety of their connected environments.
  • Evolving threat landscape
    Over the past decade, the sophistication of IoT-related cyberattacks has escalated markedly. Early attacks, such as the Mirai Botnet, exploited relatively simple vulnerabilities like default credentials and unsecured interfaces. However, more recent incidents, including the MOVEit Data Breach, demonstrate the increasing prevalence of zero-day exploits and advanced, targeted attacks. This evolution highlights the growing technical capabilities of attackers and underscores the urgent need for robust security measures and proactive defense mechanisms in IoT ecosystems.
In support of Table 1, a recent statistic published by the Statista website highlights the substantial increase in malware attacks targeting IoT systems. As depicted in Figure 2, the number of such attacks has surged nearly fourfold over the past five years, surpassing 112 million incidents in 2022. This significant growth can be attributed to two primary factors: firstly, the rapid proliferation of IoT devices (as illustrated in Figure 1), and secondly, the diverse range of domains in which these devices are deployed, which consequently enhances their appeal to malicious actors.
Given the escalating prevalence of IoT devices and the corresponding surge in cyberattacks, it is imperative that effective solutions be developed to safeguard both the technology itself and its users.

1.2. Regulatory Overview

Considering the escalating risks associated with IoT devices, regulatory authorities have implemented stringent security standards. In the European Union, these standards are codified in the 2016 General Data Protection Regulation [15] issued by the European Parliament, which was enacted in response to technological advancements and global integration. The United States issued the IoT Cybersecurity Improvement Act of 2020, calling for the National Institute of Standards and Technology and the Office of Management and Budget to develop standards that establish minimum requirements and guidelines for the management of IoT devices owned by federal agencies, i.e., the proper management of information held by them [16]. These standards will necessitate periodic reviews and updates by NIST every five years.
Over the years, there have been groups and organisations that, noticing the need for increased cybersecurity, have developed frameworks and standards for different domains. Thus, in 2017 the IoT Cybersecurity Alliance was formed, consisting of the firms AT&T, IBM, Nokia, Palo Alto Networks, Symantec, and Trustonic, with the objective of solving the main cybersecurity challenges in the IoT ecosystem using the expertise of the firms involved [17]. Another such grouping is the Industry IoT Consortium, which is active in the industry domain. They developed the first version of the Industry Internet of Things Security Framework in 2016 with the aim of securing ICS/SCADA systems [18]. It provides proposals for architectures that can be used and a set of best practices.
The Internet Engineering Task Force is developing standards for providing secure communication protocols. One such protocol is CoAP—RFC 7252 Constrained Application Protocol, developed for resource-constrained networks within the IoT ecosystem. It uses DTLS to secure data exchange [19].
The Organization for Standardization published ISO/IEC 30141, republished in 2024, which helps in the design of IoT ecosystems by providing best practices for authentication, data security, and network integrity [20]. Other standards related to cybersecurity in the IoT ecosystem are those representing the NIST 8259 series, developed by the NIST, and EN 303 645 [21], developed by the European Telecommunications Standards Institute.
Despite the existence of these standards, guidelines, and frameworks, IoT vulnerabilities are continuously present, and the spread of IoT increases the need for solutions.

1.3. Previous Reviews and Our Work

In recent years, organizations have intensified their efforts to regulate the IoT domain, while researchers have also demonstrated an increasing interest in identifying the most suitable frameworks to mitigate cyber threats and prevent potential attacks. Despite significant progress, a definitive solution has yet to be established, prompting ongoing research in this field.
To contribute to these efforts and provide a comprehensive guide to the theoretical foundations and existing vulnerabilities, this review systematically analyses recent advancements in IoT security. While numerous studies have already examined cybersecurity in IoT systems—some focusing on specific IoT domains, others addressing particular system vulnerabilities, and some evaluating the overall evolution of security research—our objective is to determine the added value that this review can bring to the field.
To achieve this, we conducted an extensive comparative analysis of review papers published in the past two years (2023–2024). Table 2 presents a structured comparison of these studies, utilizing the six key categories identified in our research: attack detection, data management and protection, securing identity management, communication and networking, emerging technologies, and risk management. The selection criteria for the reviewed studies prioritized thematic relevance and alignment with the core focus of our paper, ensuring a meaningful comparison of contributions within the IoT security landscape.
The comparative analysis presented in Table 2 highlights significant trends and gaps in recent IoT security reviews. A key observation is that while numerous studies have addressed specific aspects of IoT security, very few provide a comprehensive perspective encompassing all critical dimensions. In contrast, the present work systematically examines six fundamental security categories offering a holistic synthesis of challenges, advancements, and potential solutions.
One of the most striking findings is the lack of emphasis on risk management across existing reviews. Risk management plays a pivotal role in IoT security, influencing threat modeling, mitigation strategies, and resilience planning. However, as the table demonstrates, only one other review [43] explicitly considers this dimension. This underscores a significant research gap, which our work seeks to bridge by integrating a structured analysis of risk assessment frameworks and security assurance strategies within IoT ecosystems.
While emerging technologies such as Artificial Intelligence, Blockchain, Machine Learning, and Edge Computing are frequently referenced in the literature, their practical integration into IoT security frameworks remains underexplored or only partially addressed in most prior reviews. Existing studies often examine these technologies individually, rather than considering how they could be strategically integrated to enhance IoT security in a comprehensive manner. While our review does not propose a unified framework combining these technologies, it provides a systematic analysis of their applications, advantages, and limitations. By doing so, this work identifies key research gaps and highlights the need for future studies to explore how these technologies could be effectively combined into cohesive security architectures that better address IoT-specific challenges.
While some studies concentrate on specific IoT branches or device categories, allowing for a more in-depth analysis of their central topics, the present study adopts a broader perspective. It aims to provide a comprehensive overview of IoT security, encompassing its vulnerabilities, potential solutions, and existing challenges, to serve as both a starting point and a holistic perspective for researchers and practitioners.
This review seeks to offer a clear synthesis of IoT security challenges and solutions, serving as a foundational guide for developing resilient and secure IoT systems. Within this context, the study systematically analyses the primary security concerns in IoT environments, with its key contributions being the following:
  • Identification of critical security weaknesses frequently addressed in IoT research.
  • Examination of the specific difficulties involved in securing IoT devices.
  • Review and evaluation of existing solutions designed to mitigate IoT-related security risks.
  • Analysis of key trends, best practices, and emerging technologies, including Artificial Intelligence, Blockchain, Machine Learning, and Edge Computing, which are shaping the future of IoT security.
  • Emphasis on the need for robust and comprehensive security strategies to protect sensitive data and strengthen public trust in IoT technologies.
In contrast to previous reviews that concentrate on specific aspects of IoT security, this study offers a comprehensive evaluation of IoT security challenges, encompassing six critical categories. Additionally, our work integrates research conducted between 2021 and 2024, ensuring that the assessment is current and up-to-date with the latest security trends and advancements. By addressing these gaps, this review serves as a more comprehensive and actionable resource, supporting researchers and practitioners in designing secure and resilient IoT systems.

1.4. IoT Architectural Overview

The IoT infrastructure relies on a multitude of interconnected components distributed across various levels of the system, collectively forming its architecture [53]. While there is no universally standardized architecture for IoT systems, the three-layer architecture—comprising the application, network, and perception layers—is the most referenced in the reviewed studies (Figure 3).
Each of these layers performs distinct functions, enabled by specific tools and technologies. The Perception Layer operates directly with the physical world, gathering data from its environment and taking necessary actions. Devices at this level are designed for sensing, data collection, and direct interaction with the external environment when required [54]. Examples of devices in this category include sensors, actuators, and other resource-constrained devices [53].
At an architectural level, the performance of these resource-constrained devices could be optimised using switching controllers. Switching controllers are control systems designed to manage the operation of IoT devices by dynamically enabling or disabling specific functionalities based on the devices’ operational context. For instance, when a sensor is not actively collecting data (Deep Sleep Mode) [55], a switching controller can turn off or reduce the power to certain components, effectively conserving energy. This approach is particularly advantageous in IoT systems where devices are often deployed in remote or resource-limited environments and rely on batteries or intermittent energy sources. By using switching controllers, energy consumption can be minimised, device lifespan extended, and overall system efficiency improved [56]. Integrated on/off controllers can disconnect circuits entirely from power sources when not in use, further enhancing energy conservation.
Another strategy or a complementary one is including dynamic clock reconfiguration. Dynamic clock reconfiguration allows devices to adjust their clock frequency based on processing requirements, significantly reducing power usage during idle or low-activity periods [57].
These technologies are particularly beneficial in scenarios where large-scale IoT deployments require consistent performance while adhering to strict energy constraints.
The Network Layer ensures data transfer between the Perception Layer and the Application Layer. This layer encompasses gateway devices responsible for aggregating, storing, and directing data to cloud platforms. These devices facilitate communication with resource-constrained devices using low-power protocols while also interfacing with cloud servers via robust communication protocols [53]. Depending on the connected devices, coverage area, and data volume, various types of wireless networks can be employed to establish these connections [58]:
  • Cellular connections utilizing LPWAN, such as LTE-M and NB-IoT standards, as well as unlicensed solutions like LoRa and Sigfox;
  • Local and personal area networks, including Wi-Fi and Bluetooth;
  • Mesh protocols, with Zigbee and RFID being the most common.
The Application Layer delivers services to end-users via mobile and web applications. A common example is cloud platforms, which process collected data and present it to users through dashboards or control functions.

2. Research Methodology and Paper Structure

The methodology used in this review was designed to ensure a comprehensive, systematic, and reproducible evaluation of the literature on IoT security. It encompasses three key stages: identification, screening, and eligibility assessment, guided by the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) framework.

2.1. Selection of Article Sources

The articles underlying this review are open access, allowing interested parties to analyse them and, with their help, to find the best solutions for IoT security. The sources consulted were chosen based on their reputation, accessibility, and relevance to the field. The sources of articles were as follows:
  • MDPI, A robust platform that encourages scientific exchange and provides a vast database of articles, offering advanced search capabilities using keywords and topics;
  • IEEE Xplore, a comprehensive digital library providing access to a wide range of technical literature in engineering, computer science, and related fields;
  • Cornell University Arxiv, an open-access repository of preprints spanning multiple disciplines, including computer science and cybersecurity;
  • Informatics in Education, which provides access to educational and research-focused papers in informatics;
  • Elsevier, which provides a wide range of services, including access to a vast collection of academic journals, books, and research databases;
  • Springer, a platform that provides access to scholarly articles and books on a variety of topics, including advanced technologies and IoT security;
  • Other sources, including Nature, Informatics in Education, Acadlore, Migration Letters, and Sciendo, each providing valuable contributions to academic research, open-access publishing, and interdisciplinary studies across diverse fields.
These sources collectively ensure comprehensive coverage of the topic, allowing for a diverse range of perspectives and insights to be included in the review.

2.2. Search Method

In the MDPI database, the search bar was used to locate articles by title and keywords. The keywords employed included “IoT security”, “IoT systems”, “IoT communication”, “IoT vulnerabilities”, “IoT security risk management” and “6G network IoT”. This keyword-based search returned hundreds of articles that, to varying degrees, address the topic of security within the IoT ecosystem. To narrow down the results to the most relevant and up-to-date studies, a publication date filter was applied, restricting the selection to articles published between 2021 and 2025, mainly 2023–2024. Additionally, a subject-area filter was used, focusing on engineering, computer science, and mathematics.
This approach ensured the inclusion of recent, high-quality studies that align with the technical focus of this review while eliminating outdated or less relevant content.
When an article was identified as part of a specific issue, the entire issue was examined to uncover additional articles connected to the original topic. This approach aimed to deepen the exploration and identify alternative or complementary solutions. The categories of the selected articles from these issues are as follows:
  • Machine Learning for Cybersecurity: Threat Detection and Mitigation;
  • Network Security in Artificial Intelligence Systems;
  • Data Security Approaches for Autonomous Systems, IoT, and Smart Sensing Systems;
  • Advanced 5G and beyond Networks;
  • Key Enabling Technologies for Beyond 5G Network;
  • Advances in Internet of Things Technologies and Cybersecurity.
In the other sources, only the search bar was used with the above-mentioned keywords completed with “Generative AI” and “Digital Identity”.

2.3. Articles Selection Method

2.3.1. Identification and Screening

In the identification stage of selection, articles were identified through a comprehensive search across the above-mentioned sources using predefined keywords related to IoT security. The initial dataset included 971 articles identified across all sources, which were documented in a Google Sheet for streamlined management. Duplicate records (23) were removed, resulting in 948 articles for screening. Titles and abstracts were reviewed to ensure relevance to IoT security, and articles addressing unrelated domains were excluded (501). The data extracted for each article included the title, keywords, abstract, conclusions, challenges, and proposed solutions. For reference management, the Mendeley application was used.

2.3.2. Eligibility

During the eligibility phase, 447 articles underwent a more detailed evaluation. Introductory sections, tables, diagrams, and conclusions were reviewed to ensure relevance. Articles were excluded if any of the following conditions applied:
  • The primary focus diverged from IoT security;
  • They were editorials, opinion pieces, or predominantly literature reviews without new solutions or insights;
  • They lacked a clearly defined or described solution, framework, or implementation related to IoT security.
Finally, 95 articles met the inclusion criteria and were included in the review. These articles presented original solutions to IoT-specific security challenges, with clear methodologies and rigorously supported findings.

2.3.3. Evaluation of Methodological Rigor

To enhance the evaluation of articles, a methodological rigor checklist was employed, assessing the following criteria:
  • Are they explicitly stated, well-defined, and aligned with IoT security challenges?
  • Are the chosen research methods appropriate for addressing the defined objectives? Do they follow established IoT security research frameworks?
  • Are the techniques sufficiently detailed, transparent, and reproducible? Are statistical analyses validated?
  • Does the study propose novel insights, frameworks, or technological advancements?
Only articles meeting these criteria were included in the final dataset.
In the PRISMA Flow below (Figure 4), the paper selection procedure can be seen.
The PRISMA flow chart illustrates the detailed selection procedure:
  • Identification—Articles were retrieved from MDPI (601 articles), Springer (72 articles), IEEE Xplore (65 articles), Elsevier (218 articles), Arxiv (5 articles), or Other (10 articles);
  • Screening—Articles irrelevant to IoT security were excluded after title, keywords, abstract, and conclusion reviews;
  • Eligibility—Articles lacking methodological rigor or well-defined solutions were excluded during detailed analysis.
The iterative categorization process ensured that articles addressing multiple IoT vulnerabilities were allocated to all relevant categories for comprehensive coverage. This process refined the initial categories into six critical areas of IoT security: attack detection, data management, securing identity management, communication, emergent technologies, and risk management.
This methodological approach aimed to provide a robust foundation for synthesizing security challenges and solutions, ensuring that the findings of this review reflect the diversity and complexity of IoT security literature.
In Figure 5, the distribution of articles by their source can be observed.
The literature review in this study was primarily based on publications from MDPI due to its robust search engine, extensive journal collection, and rapidly updated database. These features facilitated efficient access to high-quality, peer-reviewed articles across a broad spectrum of topics relevant to IoT systems. While MDPI provided a reliable and comprehensive foundation for this review, we acknowledge the importance of diversifying sources to minimise potential biases and ensure a holistic representation of the field.
While Figure 5 highlights the distribution of IoT security articles based on their sources, it is equally important to examine how these publications are distributed across academic journals. Considering the substantial number of articles retrieved from the MDPI database, it was found necessary to include a chart illustrating the distribution of these articles across the various journals in which they were published. This perspective provides deeper insight into the scholarly focus and key contributors to the field of IoT security research. Figure 6 illustrates the breakdown of articles by journal, shedding light on which publications are at the forefront of disseminating knowledge in this rapidly evolving domain.
The following part of this paper is organized into four main sections. The first section identifies and categorizes the principal types of vulnerabilities discussed in the analysed literature, offering a comprehensive overview of IoT attack vectors. The second section explores the challenges associated with these vulnerabilities, examining proposed solutions such as frameworks, methodologies, and mechanisms for attack detection and prevention. Additionally, this section addresses strategies designed to secure sensitive user data and protect privacy, reflecting the increasing importance of safeguarding information in IoT ecosystems.
The discussion section highlights key areas of active research and identifies unresolved challenges that warrant future exploration. Finally, the conclusion synthesizes the key insights derived from this review and proposes potential future research directions for each identified category.

3. Category Identification and Analysis

By analysing the current state of the art from the articles subject to this review, Table 3 realizes a classification of them according to the methodology in the field of IoT systems. For each category, a subclassification of the targeted issues of related articles was identified.

3.1. Attack Detection

With the spread of IoT devices, cyberattacks favored by the poor security of these devices have also increased [60]. The attacks can address different levels of the system such as sensor, network, support, or application. These attacks are intended to cause damage to the system or to gain unauthorized access to the system or its data [61,66]. The larger the area the system encompasses, the more damage these attacks can generate. Also, the rapid spread of the 5G network thanks to the expansion of IoT systems and the increase in data volume has enabled the development of innovative applications, but at the same time has also led to an increase in network-level attacks [62,69]. In order to prevent these attacks, network level intrusion detection systems have been developed that are capable of detecting anomalies in data transmission between devices [69,70]. IoT networks differ from traditional ones; thus, it is necessary to develop advanced intrusion detection systems; in most studies, the use of ML is recommended; however, this poses new challenges [66,73]. First of all, the models need to be trained; the lack of the necessary amount of data and the disadvantage of the long training duration intervene here [72]. Secondly, there is the problem of the adaptability of the models to new conditions materialized by new attack methods [65], detection, and adaptability to concept drift.
One specific type of cyberattack explored in the selected articles is those initiated by botnet armies. These botnets exploit the vulnerabilities of smart devices connected to IoT systems, which users often neglect to secure properly [61,77]. Unlike traditional Internet-connected devices such as computers or smartphones, which typically benefit from robust security measures, smart home appliances are frequently overlooked, despite their internet connectivity and inherent risk exposure.
Although botnet detection solutions exist outside of IoT ecosystems, their effectiveness significantly diminishes within IoT environments [61,63,76,77,78]. Among the attacks facilitated or intensified by these botnets, Distributed Denial of Service attacks stand out as a prominent threat [59,75]. Figure 7 shows typical DDoS attack components using botnets, managed by a botmaster.

3.2. Data Management and Protection

This category includes studies on the management and protection of data in IoT systems, highlighting the vulnerabilities that can arise in data storage and transfer. This is a critical topic given the huge amount of data collected, stored, processed and transmitted within the system. It also changes the way data is accessed. Before, users received data from a specialised service. In IoT, users can communicate directly with sensors. They can obtain data directly, but they can also transmit instructions to devices [92]. In this context, there is an increasing need to ensure a seamless data flow, while at the same time ensuring data privacy through secure, efficient, and scalable identity management [92].
The problem of ensuring trust management, data confidentiality, and integrity arises in the deployment of IoT systems in domains such as the medical and automotive industries, as well as in the financial sector, where critical decisions are made based on the data provided by the system [84]. The application of Blockchain technology [84,85,86] is becoming a method of interest due to the security features it can bring by incorporating it into IoT systems, but there is the issue of scalability and interoperability.
Due to the Internet connectivity of IoT devices that have access to personal data, problems related to the digital identity of users arise, such as unauthorised access to data or identity forgery [87,88,91]. There is, thus, a need to develop advanced identity systems capable of reducing unauthorised access.
There is a trend to use Generative AI within the IoT ecosystem to make it more efficient, but this integration leads to new vulnerabilities and risks [89,143]. Due to the large volume of data handled by Generative AI technology, poor system protection can lead to data privacy breaches and damage data integrity. Also, the generation process itself may contain risks of information leakage [90].

3.3. Securing Identity Management

Identity security management is a critical component of data protection in IoT environments, primarily focusing on authenticating entities involved in data transfer and granting them the necessary authorization [98]. This process is essential to restrict access to sensitive information exclusively to authorized users and devices, thereby mitigating risks of unauthorized access and security breaches [99,100].
Device identification involves recognizing and categorizing devices connected to the network by analysing their distinctive attributes derived from data traffic [73]. Traditional methods for device identification face challenges in terms of adaptability to newly connected devices and are prone to errors. Emerging solutions leverage blockchain technology, but these approaches present limitations, including the potential exposure of sensitive metadata, which could compromise user privacy [85], and the challenge of achieving scalability while maintaining data security [97]. Relying on centralized servers for authentication introduces vulnerabilities such as a single point of failure [96].
Traditional user authentication methods, such as credentials, certificates, and 2FA, can pose challenges in an IoT system due to the limited resources and capabilities of the devices [106,107]. Furthermore, vulnerabilities arising from poor identity management can be exploited in this context, given the specific characteristics of devices connected to the system.
Studies [101,102,103] highlight the importance of secure communication and controlled access to stored data. Currently, these processes are often managed through PKI [104,105]. While PKI has been an effective standard for securing communication in traditional systems, emerging challenges in the context of large-scale IoT suggest that it may struggle to meet increasingly complex requirements. Moreover, there is no well-defined protocol for efficiently transferring trust or updating PKI credentials when the responsibility for device maintenance transitions from one service provider to another [104,105].
Key issues include the high costs associated with implementing and maintaining a PKI system, as well as its substantial resource requirements, which can pose significant obstacles for organizations aiming to deploy large-scale IoT solutions [104,105]. Another notable concern is the risk of a single point of failure, where the entire responsibility for access authorization relies on the PKI infrastructure [101,102,103]. This means that if the PKI infrastructure is compromised or becomes inoperative, the entire security framework of the IoT network could be severely impacted.
The adoption of digital identities introduces additional challenges. For instance, study [87] draws attention to issues in the medical field related to identity management. Digital identities have proven insufficient for accurately identifying patients, with a lack of system integration and limited scalability further complicating the situation. Study [88] examines the limitations of blockchain-based digital identities in terms of authenticity and controllability while also addressing privacy requirements. Challenges also arise in establishing a trusted network and coordinating digital identity management [91].

3.4. Communication and Networking

To develop a massive IoT ecosystem, it is essential to ensure secure communication and scalable networks that meet security and performance requirements [72] in the context of a large number of devices with limited resources [119,120,121]. The creation of such networks requires the implementation of specific protocols, each tailored to the scope of the IoT system in question. These protocols are fundamental to guarantee the integrity, confidentiality and availability of data transmitted between devices. They impose security measures that are essential to cope with cyberattacks, such as DDoS attacks, communication eavesdropping, or man-in-the-middle attacks [125].
Firmware plays a crucial role in the communication within an IoT ecosystem, as it directly affects how devices connect, communicate, and interact with the system. Consequently, network-level security must be analysed with consideration of potential firmware vulnerabilities. Paper [124] highlights this aspect by reviewing studies that focus on addressing these vulnerabilities.
As previously mentioned, the introduction of 5G networks has brought a series of vulnerabilities, partly due to its specific features and partly because of device limitations [62]. Its potential successor, the 6G network, is continuously undergoing tests and studies. The integration of AI technology with 6G in IoT systems offers significant opportunities but also introduces new challenges, particularly with the anticipated increase in the number of connected devices and the volume of data transmitted [123]. This growth necessitates optimising energy consumption and resource allocation to meet performance requirements [122].

3.5. Emergent Technologies

The integration of artificial intelligence and machine learning into IoT systems significantly enhances cognitive capabilities [78,85,89,90,123,141] and offers a promising approach for detecting and mitigating cyberattacks in IoT environments [62,76]. The reviewed articles include studies focused on ML algorithm [35,59,62,65,73,75,137,138,139]; others exploring deep learning through the use of neural networks [70,72]; and some examining ML training techniques such as transfer learning, federated learning, and split learning [71,77,102,140]. However, implementing these technologies introduces new challenges due to the nature of connected devices, the substantial resource demands required for their deployment, and the time-intensive process of model training. Additionally, adapting these models to real-time conditions remains a significant difficulty.
There is also a significant number of studies of blockchain technology in IoT systems. Blockchain, due to its characteristics of data immutability, decentralisation, and transparency [84,86,87,88,91,92,96,102,138], has become a point of interest to secure the IoT system. Blockchain technology provides a decentralised network; it eliminates the single point of control; thus, attacks on the system become much more difficult [31]. Challenges in blockchain arise due to the heterogeneity of devices using different communication protocols and relying on other technologies and requiring connection to blockchain. Response delays introduced by transaction confirmation in blockchain can be a negative aspect.
To address the need for processing large volumes of data from diverse devices, edge computing has emerged as a solution to enhance computational performance in IoT systems [69,119,121]. This approach involves positioning computational resources closer to the data source at the network’s edge [123]. Additionally, edge computing can be integrated with fog computing to facilitate IoT interoperability with Cloud technology [64]. However, incorporating these technologies into IoT systems introduces new security challenges, particularly when compromised devices launch attacks targeting fog layer services.

3.6. Risk Management

Risk management in IoT systems plays a critical role in assessing and addressing cyber risks that could impact the system. Several types of risks can be identified, including those related to IoT ethics, data security and privacy risks, and technical risks [145]. The complexity of IoT systems poses significant challenges in analysing and identifying these risks [147]. Human involvement, the diversity of IoT application domains, and IoT-specific cybersecurity challenges add further difficulties to the risk management process [146]. Additional challenges include the lack of robust management strategies, the absence of standardised IoT security measures, and a reactive approach to developing strategies in response to attacks rather than adopting a proactive stance [148].

4. Identified Challenges and Solutions

4.1. Attack Detection

An essential step in securing the IoT ecosystem lies in the detection of attacks. IoT network security specialists are focused on developing the most effective methods for detecting and preventing cyberattacks, aiming to mitigate their impact on critical infrastructures as well as on sensitive data. While numerous solutions have been proposed and analysed to address the current challenges in IoT security, these approaches are not without vulnerabilities. What follows is an overview of recent proposals put forth by researchers to enhance security within IoT systems.

4.1.1. Intrusion and Anomaly Detection and Concept Drift Detection and Adaption

To protect IoT infrastructures, it is essential to employ two major categories of systems: Intrusion Detection Systems and Intrusion Prevention Systems [60]. The study in [60] focuses specifically on developing an anomaly detection system, analysing various detection techniques within IoT ecosystems while identifying several challenges and limitations of current methods. To address these challenges, the authors propose integrating Incremental Learning, Transfer Learning, and Deep Learning techniques to develop scalable detection models capable of continuous updates, enhancing system performance, and reducing costs and resource requirements. These models can also adapt to contextual changes, a phenomenon known as concept drift.
Another approach to developing an efficient detection system is presented in [62], where the authors examine detection methods used in IoT, including signature-based recognition, anomaly-based detection, hybrid methods, and collaborative approaches among IoT devices. They also draw comparisons between their strengths and weaknesses. Collaborative methods are further explored in [66] to ensure information availability during an attack. This approach relies on secondary devices supporting primary devices in case of an attack, ensuring the continuity of critical information delivery to users. By employing redundancy and cooperation among devices, this strategy enhances the system’s resilience and availability in attack scenarios.
The effectiveness of modern methods based on emerging technologies is also highlighted in [62], which discusses the development of detection systems based on Deep Learning. This technique has proven highly effective in detecting attacks within 5G networks. Using deep learning, intrusion detection pipelines have been created to leverage powerful algorithms capable of identifying and mitigating security threats in real time [69].
An adaptive and high-performing IDS was implemented in the context of electric vehicle charging stations using neural network architectures that combined LSTM and GRU models [70].
One challenge in implementing IDS systems is the prevalence of false-positive alarms. To address this issue and improve classification accuracy, TL and the CBAM [71] can be used. These techniques, through the utilization of channel and spatial attention, refine feature maps for greater precision.
In anomaly detection systems, careful consideration must be given to the selection of the network architecture, as it is a key factor in achieving more effective anomaly detection. This was demonstrated in [72,74] where two architectures, EPA and MUD, were compared. The authors showed the superior performance of EPA over MUD. While MUD focuses solely on stateless communication states, EPA provides a comprehensive evaluation of all communication states, offering more detailed analysis for anomaly detection.
Further advancements are presented in a Deep Learning-based IDS for IoT devices, capable of detecting diverse attack types, including Blackhole, DDoS, Sinkhole, and Wormhole attacks. The system employs a four-layer deep Fully Connected (FC) network architecture, making it communication protocol-independent and reducing deployment complexity [83].

4.1.2. DDoS Attacks

The reviewed articles highlight a strong interest in addressing specific cyberattacks that can cause significant damage. For instance, study [64] proposes a tailored solution for detecting DDoS attacks, considering the phenomenon of concept drift. The solution involves an adaptive online framework capable of adjusting its performance in real-time based on changes in the network environment. Concept drift detection is achieved using ADWIN and DDM methods, while learning capabilities are enhanced through ARF, SRPs, and KNN methods.
One significant challenge in developing an effective framework for detecting DDoS and Botnet attacks is the imbalanced and limited availability nature of data for accurately simulating such attacks. The scarcity of comprehensive real-world datasets constrains the ability to train robust and generalizable detection models. Moreover, many traditional detection solutions rely on unlabeled or untrustworthy datasets, which can degrade model performance, particularly when faced with zero-day threats [75]. To address this limitation, studies [59,75] proposed leveraging Conditional Tabular Generative Adversarial Networks (CTGAN) to generate synthetic data that closely mimics real-world traffic patterns. This approach not only enriches the training datasets but also incorporates a discriminator framework, which enhances the system’s capability to accurately distinguish between legitimate and malicious traffic, thereby improving the overall effectiveness of the detection mechanism.
To address the class imbalance issue, researchers [79] have explored the use of ensemble learning techniques, such as the Bagging classifier, which employs a deep neural network as a base estimator. By incorporating class weights into the training process, this method ensures the creation of balanced training subsets for the DNN, improving both the coherence and effectiveness of intrusion detection and classification systems.
In [35], a solution is proposed for detecting DDoS attacks in Information-Centric Networking for IoT networks using machine learning algorithms such as SVM, RF, and KNN. However, the best results were obtained by applying DT and RF classifiers [65] trained on features selected using GA.
Feature extraction was further improved by converting non-image data into image data through deep learning techniques, particularly VGG16 and Inception [71,72]. The Inception technique, specifically the TCN model within the Inception structure, is proposed in [73] for identifying devices connecting to the network. This method focuses on packet feature extraction, feature selection, and, ultimately, extracting the temporal characteristics of the packets.
To address the challenges associated with IoT devices’ limited computational resources and storage capacities, a lightweight and efficient intrusion detection method has been proposed [82]. This solution incorporates a fast protocol parsing approach on raw packet capture files to generate semantic-level features, followed by session merging and feature grouping techniques to improve detection accuracy. These characteristics make it an efficient, extensible, and suitable approach for IoT intrusion detection in resource-constrained environments.

4.1.3. Botnet

As IoT systems proliferate, the risk of botnet-driven attacks also increases. The study in [63] examines traditional attack detection methods, which, despite their high resource consumption, are effective in identifying attacks generated by IoT-based botnets. Such approaches can serve as a valid starting point for developing new detection and prevention techniques.
To address the limitations of traditional methods in the IoT context, a botnet attack mitigation framework called IMTIBot was developed [61]. This framework segregates network traffic into normal and abnormal categories and leverages ensemble learning classifiers, combining multiple machine learning models to enhance detection accuracy. Another innovative solution is the strategic amalgamation of Hybrid Feature Selection methods—Categorical Analysis, Mutual Information, and Principal Component Analysis—with an ensemble of machine learning techniques [81]. This approach refines the input space for ensemble learners, with Extra Trees as the primary technique.
Paper [76] introduces BotStop, a machine learning-based framework for detecting botnet activity in IoT devices through the analysis of individual network packet features. The approach emphasizes the selection of a minimal set of seven essential features.
Another botnet attack detection framework is proposed by [78]. This study presents a lightweight deep learning approach for detecting five types of botnet attacks—DoS, DDoS, fuzzing, Boofuzz, OS fingerprinting, and port scanning—in IoT networks. The proposed model, designed with a streamlined architecture featuring four convolutional layers and global average pooling, achieves high classification performance with minimal computational and memory requirements. The approach eliminates the need for extensive feature engineering, providing an efficient and scalable solution for real-time botnet detection.
A novel optimisation-based solution addresses the persistent challenge of low detection accuracy in IoT botnet detection [80]. By improving the initial population generation strategy of the Dung Beetle Optimiser (DBO) with a centroid opposition-based learning approach, this method optimises Catboost parameters for enhanced detection performance.
Article [77] proposes a decentralized model for mitigating DDoS attacks in corporate local networks by integrating Host Intrusion Detection Systems (HIDS) and Network Intrusion Detection Systems (NIDS) with federated learning. Deployed within a fog computing infrastructure, the model enables real-time detection and mitigation of malicious traffic while preserving privacy and reducing the risk of a single point of failure.

4.1.4. Eavesdropping Attacks

The studies [66,67] address the issue of eavesdropping, a challenge that has received relatively little attention in specialised literature. The collaborative method described in [67] ensures signal accuracy for devices within the network while simultaneously disrupting signals to devices attempting unauthorised interception of messages.
In [67], a BP neural network model is proposed for detecting eavesdropping attacks in environments with a low signal-to-noise ratio. Meanwhile, study [68] highlights infrared communication and the risk of “listening” to signals emitted by remote controls. To prevent data theft in this context, the authors propose an encryption method that regenerates keys each time the remote control’s power button is pressed.
Table 4 provides an overview of the key challenges and solutions in attack detection, emphasizing the main issues and proposed strategies to mitigate them.

4.2. Data Management and Protection

In the domain of data management and protection, the primary challenges revolve around device and user authorization, ensuring data integrity, and maintaining data confidentiality. Effective solutions must address the verification of identities to prevent unauthorised access, protect data from unauthorised modifications to guarantee its accuracy, and implement robust encryption mechanisms to safeguard sensitive information from breaches and interception.

4.2.1. Data Security and Privacy

Building on the Hyperledger Fabric framework, the authors of [84] propose an innovative concept based on the idea of Blockchain as a Service (BaaS) for securing and protecting data. This integration is achieved through a novel architecture combined with an encrypted data structure utilising public and private keys, offering a high level of security for data management.
Conversely, study [92] introduces a blockchain-based platform that leverages smart contracts to enhance data protection. This solution builds upon a three-tier architecture with the addition of a new layer called the Blockchain Composite Layer. This extra layer improves functionality and security, enabling decentralised and automated management of transactions and data. To increase trust in transactions within Ethereum-based blockchain frameworks, study [85] proposes introducing a legitimacy rating mechanism through a consensus method and a decentralised proof matrix. Cloud environment security is further enhanced using neural networks for anomaly prediction, providing an additional layer of protection against emerging threats.
Expanding on these approaches, study [93] proposes a lightweight group management model for IoT networks using Hyperledger Fabric, aimed at improving data security. It utilizes group keys to ensure that only authorized users within a group can access sensitive data, thereby reducing the risk of information leakage. To address the overhead of rekeying in resource-constrained IoT devices, the model introduces a trusted agent for efficient key distribution. This approach enhances network lifetime, reduces storage costs, and improves processing time compared to existing methods.
The study in [86] emphasises cloud data security, proposing blockchain technology combined with a distributed agent model as a solution. Files are assigned a unique hash value generated using a Merkle hash tree, enabling continuous monitoring to verify their integrity. In case of discrepancies, real-time alerts are sent to the file owners.
Extending these approaches, study [94] introduces an innovative integration of lightweight blockchain technology within IoT systems designed to mitigate the computational overhead typically associated with conventional blockchain implementations. This integration not only streamlines the implementation process but also reduces overall complexity. Furthermore, the incorporation of the Okamoto–Uchiyama encryption algorithm significantly bolsters data privacy. As a result, the proposed framework establishes a secure, decentralized platform for the storage and analysis of sensitive supply chain data, allowing decentralized applications to perform computations on encrypted data while ensuring data confidentiality.
Study [95] presents a multi-dimensional chaotic encryption scheme to enhance data security in IoT systems. By leveraging fixed-point operations, it minimises computational overhead and power consumption, making it suitable for resource-constrained environments. A chaotic dynamic analysis scheme improves system evaluation, while a multi-dimensional encryption method enhances sequence randomness, strengthening cryptographic resilience. This adaptable framework enables optimised security configurations based on data sensitivity and real-time demands, reinforcing privacy and secure data transmission in decentralized IoT networks.

4.2.2. Digital Identity and Identity-Based Encryption

The study in [86] highlights the role of blockchain technology in securing digital identity through decentralised identity solutions, consent management, and lifecycle management to ensure relevance and accuracy. Blockchain technology also addresses challenges such as scalability and unauthorised access.
In blockchain-based digital identity systems, proposed solutions for enhancing data security include separating identity verification from credential issuance, utilising linkable ring signatures to protect the verifier’s identity, employing cryptographic methods for revocation to maintain privacy, and leveraging smart contracts for system management and auditability [88].
Another blockchain-based solution is proposed in [91], featuring high-resistance dynamic encryption, encrypted SSL-VPN channels, and dynamic key mechanisms. The proposed system emphasises anonymous authentication, robust security classifications, and access controls to prevent unauthorised data access and brute-force attacks.

4.2.3. Generative AI

Protecting data privacy and integrity in the context of the proliferation of Generative AI is crucial. In this regard, the authors of [89,90] propose a multi-faceted approach that includes techniques such as encryption, anonymization, access control, continuous monitoring, protocol development, multi-layered security mechanisms, and AI-powered safeguards.
Federated Learning combined with partial training can protect privacy in machine learning applications within IoT systems [90]. In this approach, IoT devices train smaller sub-models based on a large model hosted on a cloud server, and the server aggregates these sub-models to update the global model. TEE are employed to secure sensitive user data, protecting it from external threats before it is sent to generative models for inference.
Table 5 summarises the key challenges and solutions in data management and protection, highlighting the main issues and proposed strategies to address them.

4.3. Securing Identity Management

Identity security management in IoT addresses key issues such as authentication, authorization and identity management of connected devices. Researchers are exploring and developing new protocols, technologies, and frameworks to ensure secure interactions in the IoT ecosystem, given the limited resources and vulnerability of devices.

4.3.1. Device Identification

Paper [73] proposes a device identification scheme based on extracting time series characteristics of data packets, which are subsequently used as unique fingerprints of the devices. Another approach, presented in [101], involves using the wireless channel state characteristics of devices for identification. Although wireless channels can be unstable, this drawback is compensated for by using a locally sensitive hashing algorithm, which improves the stability and accuracy of the identification. An alternative method, based on Paillier homomorphic encryption, is described in [100], allowing verification of device identity without decrypting the message, an efficient approach for privacy preserving.
Adding to these advancements, study [108] introduces a mutual authentication protocol that integrates Physically Unclonable Functions (PUFs) as a hardware-based security measure. This approach replaces static secret keys with dynamic responses derived from the physical characteristics of devices, ensuring enhanced resistance to physical and cloning attacks. To address the inherent noise in PUF outputs, a Fuzzy Extractor (FE) is employed for consistent cryptographic key generation. Further, study [109] refines the use of PUFs by proposing a lightweight authentication scheme that leverages geometric threshold secret-sharing to avoid explicit storage of challenge-response pairs. This design mitigates risks such as side-channel and machine-learning attacks while maintaining computational efficiency, making it well-suited for resource-constrained IoT environments. Study [112] proposed a Firmware-Secure Multi-Factor Authentication to enhance both the physical and software security of IoT devices. FSMFA integrates PUFs with firmware integrity verification to enable mutual authentication and secure key negotiation between devices and servers. Additionally, it incorporates a challenge-response mechanism and a secure firmware update scheme to ensure security throughout the device lifecycle.
To address vulnerabilities in traditional PUF-based schemes, a quantum-safe authentication method is proposed [113], utilizing CRYSTALS-Kyber homomorphic encryption and a two-server model to secure PUF responses without helper data. Complementing these methods, study [118] underscores the critical IoT security challenges—such as weak password enforcement, unencrypted communications, and physical sensor tampering—and reinforces the benefits of a PUF and lightweight encryption technique-based solution for energy-constrained devices.
Expanding on these approaches, study [110] introduces a blockchain-based IoT framework that integrates advanced computational methods for secure device identification and authentication in digital healthcare systems. By utilizing a hybrid predictive model combining CNNs and GRUs, this system extracts complex patterns and critical directional features from IoT-generated data. Coupled with the Jellyfish Search Optimisation (JSO) algorithm for feature selection and the Twofish encryption algorithm for data protection, the framework ensures both robust device identification and secure data management.
On the other hand, the paper in [102] proposes a multi-layered solution for securely distributing data to users in IoT networks based on blockchain technology. This solution manages authentication, key, and message exchange in a decentralised and secure way. The framework uses the ACE protocol for data encryption, ensuring robust protection of information transmitted between devices and users.
To prevent attacks and ensure the authenticity and integrity of data, study [107] proposes a framework based on Bloom filters and hash chains. This system could serve as a viable solution in the context of an increasingly complex IoT ecosystem, providing enhanced protection against cyberattacks and ensuring a secure and efficient data flow.
Digital identity, as a method of representing devices within the IoT ecosystem, is discussed in works [87,88,91,96]. Despite the advantages of blockchain-based digital identity systems, they have several drawbacks, such as issues with identity authenticity, controllability, and privacy protection [88,96]. The study in [87] provides an overview of the challenges and solutions in the medical field. To address these weaknesses, works [88,96] propose a system where the roles of identity verification and credential issuance are separated to reduce the risk of identity-related information leakage. Privacy is enhanced by linkable ring signatures, zero-knowledge proof encryption techniques, and AES. Using a similar approach, the authors of [88,96] developed a Multi-Factor Authentication method utilising blockchain and zero-knowledge proofs. They address weaknesses such as single points of failure and privacy vulnerabilities in blockchain technology through a DAM. Part of the proposed MFA process also includes using NFTs as authentication tokens.
The paper at [91] identifies several dimensions of digital identity characteristics for users. It proposes a collaborative framework between governmental institutions and non-governmental blockchain alliances, based on a delegated model. It proposes a zero-trust model for digital identity management and big data security.

4.3.2. Authentication

A new framework proposed in [97], based on edge computing and blockchain, explores the use of Ethereum 2 Layer roll-ups to enhance scalability and reduce bottlenecks in the device authentication process. This approach could alleviate the pressure on authentication systems and enable more efficient resource management, given the exponential growth in the number of connected devices. At the same time, study [85] introduces an Ethereum-based mechanism that ensures data security through a unique legitimacy score, applicable both at the device level and at the cloud level.
Regarding authentication, study [106] suggests a mutual authentication and key agreement protocol designed to address threats in the edge–fog–cloud architecture of 5G networks. This protocol involves mutual identity verification between devices and fog nodes, adding an extra layer of security in the resource access process.
A significant enhancement in handover authentication protocols is proposed in [111], which addresses critical deficiencies in traditional methods. Traditional handover authentication protocols, often reliant on bilinear pairing and elliptic curve cryptography, are susceptible to quantum attacks and session key compromise. To overcome these vulnerabilities, refy introduces a lightweight two-party handover authentication protocol based on the lattice cipher NTRU, designed to resist quantum attacks. This protocol eliminates the dependency on a home agent, reducing communication delays and improving session key security. Expanding on lattice-based cryptography, ACPRE enhances proxy re-encryption by embedding dual access policies and securing data via the LWE problem [115]. It achieves HRA security with formal proofs while optimising efficiency through plaintext space expansion, reducing performance overhead and complementing lattice-based handover authentication.
In addition to advancements in handover authentication, securing digital data exchange in IoT environments against quantum threats is paramount. Traditional cryptographic schemes struggle against the computational power of quantum computers, necessitating novel encryption frameworks. A recently proposed approach integrates bit-plane extraction, chaotic sine models, hyperchaotic maps, and quantum operations to enhance data security [114]. By leveraging quantum-state superposition, chaotic diffusion, and selective scrambling at the bit level, this method ensures robust encryption while maintaining efficiency for real-time IoT applications. Experimental results confirm its effectiveness, demonstrating strong security metrics and rapid execution.
A flexible and secure IoT access control scheme enhances user identity sovereignty while mitigating single points of failure. Unlike traditional CP-ABE schemes, it decentralizes key generation via proxy clusters and employs self-sovereign identity for privacy-preserving attribute validation [116]. A modified CP-ABE scheme is proposed [117] to enhance data confidentiality and access control in IoT-based healthcare by offloading computationally intensive encryption tasks to multiple cooperative nodes. This approach optimises workload distribution based on node capacity, reducing computation time and energy consumption.
Another notable contribution, study [103] proposes a one-time pad protocol to ensure secure communication in IoT, where keys are generated through a multiparty sum of random numbers derived from noise and physical phenomena detected by sensors. This method adds an additional layer of security by using natural phenomena in the encryption process. Similarly, study [98] explores the use of sensors to support authentication, suggesting that factors such as the sensor’s state and the environment in which it operates can play a crucial role in determining a device’s legitimacy. Furthermore, study [99] proposes a three-phase authentication protocol, the first phase being user registration, followed by data encryption using the ECC-AES model and key generation via the SI-AO.
The study [104] addresses the lack of protocols for trust transfer from one service provider to another by developing a framework that minimises the need for manual intervention by automating the IoT device registration process and issuing operational certificates for new service providers. Paper [105] introduces a new architecture to eliminate the single point of failure issue in the use of PKI, which is easily applicable in IoT systems with resource-constrained devices. This architecture involves the use of ECC cryptography, certificates, and a decentralized PKI system divided into zones, with each zone having a master zone responsible for the devices within that specific zone.
Table 6 provides a summary of the key challenges and solutions in identity security, outlining the main issues and proposed approaches to address them.

4.4. Communication and Networking

Communication and networking in IoT relies on different protocols and technologies, i.e., a variety of networks, each of which involves certain vulnerabilities. Some of the studied articles also propose solutions to mitigate these risks.

4.4.1. Network Security

The solution proposed in article [72], described in the Attack Detection subsection, also addresses the issue of network security and communication between system components by improving device identification. This ensures enhanced network security against device-specific attacks. For detecting representative attacks within a network, study [120] proposes a solution utilising 110 neural networks. Additionally, it improves the attack-sharing loss function, reducing the number of false alarms and thus contributing to a higher detection rate of actual attacks on the system.
In study [125], the focus began with the goal of increasing the security of the MQTT protocol, ideal for use in systems where devices have limited resources. To this end, it concentrated on the impact of task-specific feature selection. For anomaly detection, five ML algorithms were analysed: DT, KNN, RF, AdaBoost, and XGBoost, with RF proving to deliver the best results.
A broader comparative analysis in study [128] explored the effectiveness of feature reduction and ML techniques across datasets, employing six ML models (DFF, CNN, RNN, DT, Logistic Regression, and Naive Bayes) and three feature extraction algorithms (PCA, AE, and LDA). While PCA and AE showed strong performance when dimensionality was optimised, LDA degraded outcomes on certain datasets. These findings underscore the need for a universal benchmark feature set to standardize NIDS evaluations.
Deep learning techniques have also been extensively utilized for robust detection systems. Study [126] proposed a NIDS tailored for cloud environments, using a transformer model with advanced attention mechanisms to analyse feature relationships, enhancing detection accuracy and adaptability to evolving threats. Similarly, paper [127] addressed DDoS attacks with an online SDN defense system that combines CNN and LSTM models for anomaly detection and flow-rule-based mitigation. By tracing malicious traffic back to its source through IP tracing, this system provides a robust real-time defense against such attacks.
In a novel approach to large-scale network security threats, a knowledge graph-based detection method was constructed by combining a feature template with CNN, BiLSTM, and CRF layers, forming the FT-CNN-BiLSTM-CRF model [129]. This method excelled in detecting multi-step network attacks, outperforming other techniques in terms of speed and accuracy.
Article [121] introduces the concept of an IoT Proxy, aimed at offloading security aspects to a more powerful gateway supplied with VNSFs. This approach would mitigate the limitations of devices, such as constrained computational capacity and memory. Addressing the challenges encountered in IoT systems, study [119] proposes a protocol and an algorithm for grouping devices based on coverage, storage capacity, and power. This solution would lead to better network scalability, optimised consumption, and improved load balancing. To enhance IoT network efficiency, study [136] introduces a two-layer NOMA-based architecture with caching, addressing bandwidth constraints, latency, and congestion in large-scale deployments in the context of smart cities. By optimising resource allocation through block coordinate descent and inner approximation, the approach maximizes data rates while maintaining low computational complexity.

4.4.2. Firmware

Another critical aspect in IoT systems is the vulnerability of IoT devices at the firmware level. Study [134] highlights significant security vulnerabilities in smart home IoT firmware, revealing ten critical network-based flaws, with five scoring a maximum CVSS of 10.0. The findings underscore the widespread use of unsafe functions and the absence of essential security features. Study [124] provides a review of firmware vulnerabilities, identifying the challenges encountered at this level and methods to mitigate them. To achieve the desired level of security, the proposed solutions include the development of standards and guidelines for stakeholders involved in IoT system development, the application of emerging technologies to deliver intelligent and adaptive solutions, the use of reverse engineering for firmware analysis, and the development of hybrid frameworks to unify various approaches.
A key issue in firmware security is ensuring timely and cost-effective updates. To address this, study [130] proposes a decentralized, blockchain-based firmware update mechanism. This approach stimulates distributors via smart contracts and rewards IoT devices for successful installations, using verifiable proof-of-delivery and proof-of-installation to ensure security and fairness.
Another approach focuses on improving Firmware Update Over the Air efficiency, particularly for IoT devices using LoRaWAN [131]. A proposed modular firmware development framework allows partial and dynamic updates without requiring a system reboot, significantly reducing update size and network traffic compared to traditional monolithic firmware updates.
Beyond update mechanisms, outdated open-source components in firmware pose additional security risks, as they often contain unpatched N-day vulnerabilities. Study [132] introduces VERI, a system for large-scale vulnerability detection through lightweight version identification. VERI leverages symbolic execution with static analysis to accurately determine open-source components versions and employs deep learning to extract version-vulnerability relationships from vulnerability descriptions.
Beyond updates, IoT repackaging presents a serious threat, where attackers modify legitimate firmware by injecting malicious code before redistribution. To mitigate this, study [133] introduces PARIOT, a self-protecting scheme that integrates anti-tampering controls directly into firmware, enabling runtime detection of unauthorized modifications without relying on internet access, secure storage, or external trust anchors.

4.4.3. 5G and 6G Networks

The challenges introduced by the characteristics of 5G and 6G networks have been explored in a series of articles. Among the challenges addressed in study [122] are spectrum scarcity and network security. It proposes solutions such as dynamic spectrum sharing and blockchain-based security. Study [135] presents a mechanism for dynamic spectrum sharing, which introduces superior spectral and energy efficiency. This framework is based on ACEDA algorithm for spectrum allocation decisions. Studies [62,123] complement these by recommending the use of emerging technologies like AI for anomaly detection at the network level, aiming to reduce response time and optimise resource consumption [123].
The development of ML methods provides scalability for protection systems as the attack surface expands, while maintaining efficiency and detection accuracy [62]. Another proposal from the authors of study [62] focuses on designing and evaluating robust models based on open, standardised datasets tailored for IoT in 5G/6G environments, which also incorporate new forms of attacks.
Table 7 summarises the key challenges and corresponding solutions in communication and networking, highlighting the main issues and proposed approaches to address them.

4.5. Emergent Technologies

Recent studies are increasingly focusing on developing solutions using emerging technologies such as machine learning, artificial intelligence, edge computing, behavioural analytics, and blockchain technology [65]. According to the analysis conducted by the authors of study [138], there has been a noticeable rise in interest among researchers since 2023 regarding the integration of these technologies into IoT system security methods. To provide a comprehensive understanding of the growing interest in emergent technologies and their application, it is important to contextualize their integration not only within the specific domain of IoT security but also in broader, interdisciplinary fields. This approach allows for a holistic assessment of the maturity and adoption trajectory of these technologies, as well as the scale of their potential impact.
To support this analysis, a chart, Figure 8, illustrating the overall growth of interest in emergent technologies across all research fields is presented. The chart is based on data collected through a comprehensive search of articles in four major academic and publishing platforms: MDPI, Science Direct, Springer, and IEEEXplore.
The chart results reveal key insights into the research momentum surrounding emergent technologies. Specifically, the data highlight a period of stagnation in research activity until 2018, followed by a phase of linear growth between 2020 and 2022. Notably, from 2023 onward, there is a marked rise in research interest, signaling a significant shift in focus toward these technologies.
This trend reflects the increasing integration of emergent technologies across diverse disciplines, providing evidence that the heightened interest in their application to IoT security is part of a broader, global research movement rather than a localized phenomenon. Such widespread growth validates the assertion that these technologies are gaining traction and aligns with the notion of a global technological shift.
Furthermore, the observed trend indicates a maturing phase for emergent technologies, as their growing adoption across fields demonstrates progress in their development and readiness for implementation. This overall increase in research activity suggests that these technologies are advancing toward higher feasibility and reliability, making them more suitable for integration into specialized domains, including IoT security.
With this broader context established, the focus shifts to IoT security to examine the specific contributions of these technologies within the field. The following section explores key emergent technologies individually, detailing their distinct roles and capabilities in strengthening IoT system security.

4.5.1. Machine Learning

The use of ML methods is proposed due to their ability to mitigate and prevent cyberattacks by continuously updating databases with potential attack signatures and performing real-time network traffic analysis for anomaly detection [35,62]. ML proves valuable in predicting potential threats, making decisions, and optimising resource allocation during an attack [138]. The reviewed articles include evaluations of algorithms to determine which is most effective for classification and feature selection [61,65,76,80,81,82,120,127,128,129,137,139]. By optimising model complexity and selecting lightweight algorithms, a balance can be achieved between anomaly detection efficiency and computational performance. However, one of the significant challenges in developing an efficient ML-based framework lies in the imbalanced nature of the available datasets, which often feature a disproportionately low number of malicious instances [79]. This imbalance can lead to imbalanced learning of the model, where the algorithm becomes biased towards the majority class, thereby compromising its ability to accurately detect and classify minority class instances such as rare or novel cyberattacks [59,75].
The increasing adoption of smart home systems, driven by the advancement of IoT technologies, has amplified the demand for robust security mechanisms to address vulnerabilities and ensure user privacy [142]. Traditionally, ML models are deployed on cloud-based infrastructures with high computational capacity, but this approach introduces latency issues and exposes user data to privacy risks. In response, on-device ML models are gaining attention as they allow data to remain local, enhancing security and supporting real-time applications such as intrusion detection [142].
The use of Deep Learning, as a subset of ML, is recommended due to its capabilities in processing complex patterns, ensuring efficient detection of anomalies and intrusions, reducing false positives, and enabling device identification based on unique features extracted from network traffic [73,83,132]. In this context, advanced neural network models are analysed, focusing on their architecture, training methodologies, and ability to capture intricate patterns in high-dimensional data [110]. These models are evaluated for their potential to enhance predictive accuracy, robustness against adversarial scenarios, and adaptability to dynamic environments, particularly in scenarios involving complex anomaly detection and intrusion prevention systems [70,72,78,120]. Additionally, the deployment of lightweight ML algorithms, such as Decision Trees, has demonstrated superior performance in terms of computational efficiency and energy consumption during both training and inference phases, making them suitable for resource-constrained IoT devices [142].
The reviewed articles also address the issue of selecting a training strategy for ML models. Transfer learning emerges as a solution to reduce the time and computational effort required for training new models [71], leveraging prior knowledge during the training process. Collaborative training solutions are also proposed, such as federated learning [77], which enables distributed model training across IoT devices. This strategy involves sharing model updates while preserving data privacy [102], effectively reducing the risk of man-in-the-middle attacks, malware, eavesdropping, and energy theft [141]. Complementing this approach, split learning is proposed, which divides the model training task between devices and a server, ensuring privacy by sharing only intermediate representations instead of raw data or complete models [140]. This method also enhances the efficiency and scalability of the training process.

4.5.2. Blockchain

Blockchain technology is recommended for integration into IoT systems due to its numerous advantages. Blockchain replaces traditional data management systems with a decentralised architecture, enabling direct data transactions without intermediaries [92,138]. This technology can handle large volumes of transactions while simplifying processes within the system [110,138]. Through smart contracts, transactions can be automated based on well-defined rules, reducing the need for manual interventions and lowering transaction costs [88,92,102].
The management of large data volumes can be improved using off-chain data storage, with only data hashes stored on the blockchain [84]. This approach ensures data integrity without overloading the blockchain. Ethereum-based frameworks can function as a trapdoor to ensure data confidentiality in IoT systems [85,130]. During the off-chain data repositioning process, encryption and decentralised operations are employed to maintain data privacy. Another blockchain and Trusted Execution Environment (TEE)-based framework for distributed data sharing and authentication is proposed in the paper at [144]. Blockchain is utilized for on-chain security and access control, while TEE is employed for off-chain data protection. Furthermore, an SGX-based distributed storage system is integrated to enhance data integrity, availability, and resilience against rollback attacks.
Thanks to ledgers that record every transaction, traceability is enhanced, fostering greater trust in the system [86,92,93,102,138]. Frameworks like Hyperledger Fabric reduce the risk of unauthorised data access by restricting it to authorised nodes only [84].
Blockchain ensures confidentiality, integrity, and availability [87]. Data confidentiality is achieved through digital identity encryption methods. Immutable records on the blockchain prevent unauthorised data modifications, maintaining integrity [88,91,138]. The decentralised nature of blockchain technology enhances availability, with data stored across multiple nodes [87].
Blockchain technology has also been proposed to enhance authentication processes by integrating Zero-Knowledge Proofs. This method ensures privacy without disclosing sensitive data while verifying the authenticity of OTPs and confirming user identity [96].

4.5.3. Artificial Intelligence

The use of Artificial Intelligence, particularly Artificial Immune Systems, aids in detecting and mitigating malware attacks at the IoT device or gateway level, addressing risks without requiring extensive resources [141]. AI methods incorporating Differential Privacy can protect sensitive biometric data by adding controlled noise to the data, mitigating the risk of data leakage during transfer [141].
AI in IoT facilitates the development of intelligent, adaptive security solutions tailored to the diverse applications of IoT systems [141]. It can also complement blockchain technology through its analytical capabilities, particularly in handling large data volumes. AI identifies patterns and anomalies, assisting in transaction validation within blockchain systems [85] Additionally, it can optimise transactions by dynamically adjusting parameters [85].
AI enhances ML capabilities, and Generative AI can be employed to create diverse datasets for training models when real-world datasets are limited [89]. Additionally, it can simulate scenarios to improve decision-making and predictive capabilities, strengthening both defensive and proactive security strategies [89,90]. Moreover, this technology enhances human-device interaction, as AI models can interpret human voice with greater accuracy [90]. AI can further reduce failure risks by analysing historical data to predict maintenance requirements for devices [85]. While these advancements strengthen IoT security and functionality, Generative AI also introduces new threats. Recent research, [143], highlights that adversaries can exploit AI to bypass existing security mechanisms, particularly NN-based IDSs. A novel offensive strategy called Attack Obfuscation, leveraging Conditional GANs, has been proposed to evade IDS by injecting synthetic traffic designed to deceive detection algorithms.
AI is also pivotal in addressing challenges associated with the introduction of 6G networks. It can optimise network performance, deliver personalised services in 6G based on user behaviour, and enable innovative applications such as holographic communication and augmented reality [123].

4.5.4. Edge Computing and Fog Computing

Edge computing and fog computing can enhance the efficiency of cooperation between IoT systems and the Cloud while also improving their security and scalability [63]. These technologies involve performing computational processes closer to the data source [119], although this approach may result in higher energy consumption for the selected devices [71]. Nevertheless, the proposed solution reduces latency, enabling faster attack detection [64] and preventing their propagation within the system [69,121].
Additionally, these approaches decrease the amount of data transmitted to the Cloud, reducing bandwidth requirements [70] and optimising data transmission across the network [123].
The accompanying heatmap, Figure 9, illustrates the utilization of emerging technologies within the identified categories.
In the context of Risk Management, the reviewed articles do not employ emergent technologies. Instead, they focus on developing frameworks to achieve standardizations and risk management models that guide organizations in formulating cybersecurity implementation policies for Internet of Things systems. However, even within this area, the cognitive capabilities of Machine Learning and Artificial Intelligence could be utilized to adapt rules based on the application domain, identify latent risks, and update regulations in response to emerging threats and technological advancements.
The heatmap illustrates that the four emergent technologies exhibit varying levels of adoption across the identified categories. Machine Learning is most frequently suggested as a solution for attack detection due to its capabilities in traffic analysis, anomaly detection, and resource optimisation. Blockchain technology demonstrates its prominence in the data management and protection category, attributed to its decentralization features and ability to ensure data integrity and confidentiality. This category also sees significant utilization of Artificial Intelligence, particularly Generative AI, which can generate necessary conditions, such as test data for training ML models, validate transactions within blockchain systems, and support data integrity assurance. Edge and Fog Computing emerge as deployment suggestions for attack detection systems and solutions for securing networks and facilitating communication between edge devices and servers. These technologies contribute by reducing latency, enhancing security, and ensuring efficient network operations.

4.6. Risk Management

The complexity and dynamic nature of the IoT ecosystem have necessitated the development of strategies tailored to this context. To address this need, various risk management methodologies have been proposed. For instance, study [145] outlines several types of risks and identifies the main frameworks employed in managing them. Similarly, study [146] conducts a literature review on risk management, also examining the frameworks discussed in [145]. Both studies highlight vulnerabilities in existing methodologies.
A novel framework for risk management, IOTA-SRM, is introduced in [147] to address the limitations of current frameworks. This systematic approach manages risk across different architectural levels within IoT systems. Additionally, the IoTSRM2 proposed in [148] underscores the necessity for comprehensive solutions. These approaches emphasize multi-layered cybersecurity strategies, incorporating encryption, machine learning for threat detection, and blockchain to ensure secure communications. A critical aspect of these frameworks is the focus on security at various architectural levels within IoT systems, particularly at the device and network levels, which are highly vulnerable to attacks such as DDoS and data interception.
Study [150] presents a lightweight dynamic risk assessment approach that integrates scenario-based simulations. By utilizing synthetic data and threat models, this method provides a comprehensive understanding of emerging threats in healthcare settings. The adaptability of such models facilitates continuous risk assessment and mitigation, thereby enhancing the security and resilience of MIoT infrastructures against evolving cyber threats.
Despite these advancements, existing security policy models often lack the versatility to integrate comprehensive risk assessments, regulatory compliance, and AI/ML-driven adaptability. To address this gap, study [151] introduces an adaptive edge security framework that dynamically generates and adjusts security policies for IoT edge devices. This framework incorporates AI-driven adaptability, conflict resolution mechanisms, and compliance analysis to ensure that security policies remain responsive to emerging threats, regulatory changes, and variations in device status.
Additionally, a novel vulnerability-oriented risk identification framework addresses these limitations by employing a structured four-step process that enhances IoT security risk assessments [152]. By applying this framework to a smart healthcare system, researchers successfully identified critical attack scenarios arising from improper security measures, mobility concerns, and intercommunication vulnerabilities.
Beyond these technical frameworks, regulatory measures also play a crucial role in IoT cybersecurity. The Cyber Resilience Act, examined in [149], represents a broad yet necessary regulatory approach to mitigating IoT security risks, though ambiguities in its provisions could hinder its effectiveness. Key challenges include legal uncertainties in risk assessment, vague security requirements, and limitations on manufacturers’ responsibility for vulnerability management. While not a definitive solution, the CRA lays an essential foundation for enhancing IoT security, with its ultimate success depending on industry adoption and regulatory clarity.
Table 8 provides an overview of the key challenges and solutions in risk management, outlining the primary issues and proposed strategies to address them.

5. Discussion

Based on the analysis of the selected articles and the identification of the categories of topics addressed by them, a bar chart (Figure 10) was constructed to visualize the relative weight of concern pertaining to the listed categories. It is noteworthy that articles that encompassed multiple categories were considered for each category separately.
The bar chart analysis demonstrates that three of the six categories—Securing Identity Management, Attack Detection, and Emergent Technologies—attract the most attention. Among these, Emergent Technologies has the tallest bar in the chart, reflecting their extensive adoption in proposed solutions. This widespread utilization is attributed to their capability to process large datasets, reduce anomaly detection time, and adapt to the rapidly evolving landscape of threats and attack types specific to IoT systems. Suggested approaches include employing machine learning techniques for predicting and preventing attacks, utilizing blockchain technology to enhance security through decentralization, and deploying Edge and Fog Computing to minimise latency and prevent the propagation of attacks across systems.
However, integrating emergent technologies presents new challenges, such as vulnerabilities and resource constraints inherent to IoT devices. Training artificial intelligence and machine learning models requires substantial computational resources, posing a significant obstacle. Furthermore, regulatory issues and ethical dilemmas arise, particularly when systems must make decisions that may involve trade-offs or sacrifices. Addressing these challenges will necessitate innovative solutions to maximize the benefits of these technologies while mitigating their drawbacks.

5.1. Securing Identity Management

This category reflects the imperative to ensure that only authorized entities have access to the network. The escalating prevalence of threats targeting identity theft, unauthorized system access, and credential theft underscores the urgency of developing robust identity protection mechanisms. These mechanisms encompass multi-factor authentication and stringent access controls. Future implementations may integrate emerging technologies such as artificial intelligence, blockchain, and machine learning with biometric identification methods. Such an approach could enhance the accuracy of biometric authentication, fortify data security, and ensure adaptability to novel threats.

5.2. Attack Detection

Attack detection is a cornerstone of IoT security, crucial for promptly identifying and mitigating threats to prevent substantial losses for both systems and users. The focus of this category underscores the significance of real-time system monitoring, adaptability to evolving threats, incident response capabilities, and resource optimisation. The reviewed studies emphasize integrating machine learning techniques to develop adaptive detection systems with enhanced response times and collaborative methods that distribute detection tasks across system components.

5.3. Communication and Networking and Data Management and Protection

These two categories received equal attention, reflecting their continued importance in establishing a secure infrastructure.

5.3.1. Communication and Networking

Secure communication and networking are essential to maintaining a reliable flow of data within IoT systems. The studies reviewed propose protocols tailored for 5G and 6G networks and methods to integrate AI for faster response times and reduced resource consumption. Dynamic spectrum sharing is suggested as a solution to bandwidth limitations; however, it introduces challenges such as interference and unauthorised access that need to be addressed.

5.3.2. Data Management and Protection

This category focuses on ensuring encryption, implementing backup strategies, and adhering to data protection regulations to mitigate data breaches that could lead to financial or reputational damage. The advent of quantum computing poses a significant challenge to classical encryption systems, as quantum computers could easily break traditional cryptographic algorithms.

5.4. Risk Management

As a complementary category, risk management underscores the importance of regulations in building robust cybersecurity methodologies for IoT systems. This domain has fewer studies, as it is often reactive, requiring the occurrence of specific limitations to inspire experimentation and the development of effective frameworks. Incorporating ML and AI into risk management could enable dynamic rule adaptation based on application domains, identification of latent risks, and updates to guidelines in response to emerging threats and technological evolution.
Following the analysis of the selected articles based on the identified categories, the proposed solutions highlight efforts to implement scalable and adaptable attack detection and prevention systems capable of handling concept drift. Another key focus in the attack detection field is optimising response time and reducing false alarms. These systems also need to function effectively in resource-constrained environments with limited computational capacity. Researchers are experimenting with machine learning techniques to address these challenges; however, issues such as long model training times and the need for continuous adaptability remain significant.
In the area of data security and management, several articles propose blockchain-based frameworks to ensure authorized data access and protect data integrity during distribution and storage. These frameworks can be enhanced with Edge Computing, encryption techniques like zero-knowledge proofs, and secure data-sharing protocols.
For the Network and Communication category, solutions address challenges arising from the diversity of connected devices and spectrum allocation. Proposed approaches include grouping devices by capacity and coverage, enabling dynamic spectrum sharing, and developing IoT security standards to secure device firmware.
The Risk Management category also emphasizes the need for standardization. Articles in this category propose the development of compliance-oriented frameworks, threat modelling techniques, and risk assessment models.

5.5. Identified Challenges and Limitations of Integrating Emerging Technologies

The analysis of the papers shows that most of the authors proposed emerging technologies-based solutions. Integrating these technologies introduces new challenges and limitations that may impede their practical implementation.

5.5.1. Robust ML-Based Frameworks

Elaborating robust security frameworks for real-world applications is the goal of most papers analysed in this review. There are solutions proposing the use of model training methods such as Transfer Learning, Incremental Learning, Deep Learning and Federated Learning to achieve this goal. However, analysing them separately, using them comes with numerous limitations from the perspective of adaptability, scalability and concept drift.
IoT devices often operate in resource-constrained environments, limiting their ability to implement robust security measures. For instance, ML models require significant computational resources for training and operation, which may exceed the capacity of low-power IoT devices. Smart home appliances could serve as an example of such devices. These appliances, ranging from smart thermostats and light bulbs to security cameras and home assistants, often operate on minimal resources to reduce costs and enhance energy efficiency.
The extended training times required for many ML models poses a substantial barrier. Additionally, the dynamic nature of cyber threats—concept drift—necessitates frequent retraining of models to ensure their effectiveness against evolving attack patterns. This process is both resource-intensive and time-consuming, often delaying the deployment of updated models in real-world scenarios. These limitations underscore the need for innovative approaches to optimise training efficiency, such as the learning methods analysed in Table 9. However, all these methods involve significant computational resources to achieve high level performance. Moreover, there are issues with continuous training and transferring or sharing data among heterogenous devices. A framework using all methods could mitigate the limitations of them, while also engaging new challenges such as:
  • Architecture complexity which involves difficult diagnose process, maintenance, optimisation and scalability;
  • Training pipeline sophistication to keep a stable model behavior;
  • Incremental learning could deteriorate pretrained foundation, introducing errors and vulnerabilities;
  • Communication overhead introduced by the need of data exchange between devices and central server, as well as between source domain and target domain;
  • Computational effort persists.

5.5.2. AI and Blockchain-Based Frameworks

Emergent technologies, including artificial intelligence and blockchain, offer transformative potential for enhancing IoT security. However, their adoption introduces unique vulnerabilities that require careful consideration. AI systems, for instance, are susceptible to adversarial attacks, where malicious inputs are crafted to manipulate the model’s predictions or decision-making processes. Similarly, blockchain technology, while providing decentralized and tamper-resistant solutions, remains vulnerable to specific threats such as 51% attacks, in which an entity gains control of the network’s hashing power, potentially compromising its integrity. Other consensus-based exploits, such as double-spending or transaction malleability, further highlight the risks associated with blockchain deployment. Some of the primary challenges in deploying blockchain technology include the lack of expertise in this domain, the complexity of architectures such as Hyperledger Fabric, and the initial configuration, update, and maintenance efforts.
To ensure the secure integration of these technologies into IoT frameworks, it is essential to develop robust defense mechanisms, such as adversarial training for AI and improved consensus algorithms for blockchain. Additionally, comprehensive risk assessment and continuous monitoring are necessary to anticipate and mitigate potential vulnerabilities, ensuring the resilience of IoT systems against emerging threats.
Additionally, a comprehensive regulatory framework must be established to define standards, establish a consensus mechanism, facilitate governmental and policy management, and implement data management strategies.
Table 10 provides a comprehensive summary of the discussion section, consolidating key findings, research trends, and challenges identified after the review process. The distribution of research focus indicates that Emergent Technologies (thirty-seven articles), Attack Detection (twenty-six articles), and Identity Management (twenty-one articles) are the most explored topics, while Risk Management remains underdeveloped (four articles). This table highlights the critical areas shaping IoT security research and the ongoing challenges that must be addressed.

6. Conclusions and Future Work

This paper presented a systematic review of the latest IoT security research, aiming to identify key directions for enhancing both the security and trustworthiness of IoT systems.
The paper starts by identifying and categorising critical aspects of IoT security, specifically focusing on Attack Detection, Communication and Networking, Securing Identity Management, Data Management and Protection, Risk Management and using Emergent Technologies.
After the conducted analysis from the paper, it can be concluded that attack detection techniques are increasingly relying on advanced ML and deep learning models for precise anomaly detection, reduced false positives, and real-time responsiveness. Data management and protection emphasise dynamic, blockchain-based solutions to secure sensitive information while ensuring scalability. Identity management has advanced through blockchain and Edge Computing-based multilevel frameworks, cryptographic techniques such as zero-knowledge proofs, AES, ring signatures, distributed authentication mechanisms, and secure data-sharing protocols. Device identification using time series, Ethereum Layer 2 roll-ups, mutual authentication, decentralised PKI, one-time pad encryption, sensor-based verification, ECC-AES encryption, and automated IoT trust transfer further enhances the security of IoT systems.
Networking and communication challenges, particularly with 5G/6G environments, are being tackled through dynamic spectrum sharing and secure protocols. Emerging technologies such as AI and Edge Computing are proving instrumental in adaptive security measures, offering real-time anomaly detection and resource efficiency. Despite these advancements, challenges remain, including the need for standardised datasets, robust evaluation methods, and scalable solutions that can adapt to an expanding attack surface.
To address the identified challenges and further strengthen IoT security, the following directions are proposed:
  • Quantum-Resistant Cryptography
    With the impending rise of quantum computing, the exploration and adoption of quantum-resistant cryptographic techniques must be prioritized. Algorithms like lattice-based cryptography, hash-based signatures, and quantum key distribution could offer robust protection against future threats posed by quantum computers.
  • Data Integrity and Privacy-Preserving Techniques
    Secure management of LSTM IoT data should focus on blockchain-based frameworks for data integrity. Privacy-preserving methods, such as homomorphic encryption and differential privacy, must be integrated to ensure secure data sharing without compromising user privacy.
  • System Resilience and Fallback Strategies
    Research should focus on developing secure fallback mechanisms to ensure system resilience during failures or breaches. Techniques like redundant architectures, automated recovery protocols, and distributed denial-of-service (DDoS) mitigation frameworks are essential for reliable IoT deployments.
  • Optimising Resource Management Using AI and ML
    Efficient resource allocation in IoT systems remains a pressing challenge, particularly for resource-constrained devices. AI-driven solutions should be explored to optimise computational efficiency, improve adaptability to evolving threats, and minimise latency.
  • Policy and Standards Development
    The establishment of international standards and regulatory frameworks is crucial to promote consistency and interoperability across IoT ecosystems. Policymakers, researchers, and industry stakeholders should collaborate to develop compliance-oriented guidelines that address security and privacy concerns. Future policies should focus on harmonized global compliance, mandatory security baselines, legal accountability, and emergent technologies integration. Simultaneously, international standardization bodies should develop adaptive, interoperable security frameworks, advance post-quantum cryptography adoption, and explore self-healing IoT architectures. These directions will pave the way for a secure, resilient, and trustworthy IoT ecosystem, ensuring long-term sustainability and public confidence in IoT technologies.
  • Focus on Securing Neglected IoT Devices
    Many IoT devices, particularly in smart homes, remain overlooked in terms of security. Targeted research is needed to develop lightweight security protocols, automated firmware updates, and user-friendly mechanisms to protect these devices, which often operate in resource-constrained environments.
  • Interference Mitigation in Dynamic Spectrum Sharing
    As dynamic spectrum sharing grows, mitigating interference and unauthorized spectrum access is critical. Future research should explore AI-driven spectrum sensing, cognitive radio techniques, adaptive interference control, and blockchain-based spectrum management to enhance secure and efficient spectrum utilization.
Table 11 summarizes the research directions derived from the analysis.

Author Contributions

Conceptualization, H.S. and D.E.P.; methodology, H.S., D.E.P. and R.D.Z.; resources, H.S. and D.E.P.; writing—original draft preparation, H.S. and D.E.P.; writing—review and editing, D.E.P., R.D.Z. and H.S.; visualization D.E.P.; supervision, D.E.P. and R.D.Z.; project administration D.E.P. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

Not applicable.

Conflicts of Interest

The authors declare no conflicts of interest.

Abbreviations

The following abbreviations are used in this manuscript:
2FATwo-factor authentication
ACEAssociative Cryptographic Encryption
ADWINAdaptive Windowing
AIArtificial Intelligence
ARFAdaptive Random Forest
CBAMConvolutional Block Attention Module
CoAPThe Constrained Application Protocol
CP-ABECiphertext-Policy Attribute-Based Encryption
CRACyber Resilience Act
CTGANConditional Tabular Generative Adversarial Networks
CVSSCommon Vulnerability Scoring System
DAMDistributed Authentication Mechanism
DBODung Beetle Optimiser
DDMDeep Drift Model
DDoSDistributed Denial of Service
DNNDeep Neural Network
DTDecision Tree
ECCElliptic Curve Cryptography
ECC-AESElliptic Curve Cryptography with Advanced Encryption Standard
EPAExtended Protocol Architecture
FSMFAFirmware-Secure Multi-Factor Authentication
GAGenetic Algorithms
GDPRGeneral Data Protection Regulation
GRUGated Recurrent Unit
HIDSHost Intrusion Detection Systems
HRAHonest Re-encryption Attacks
ICN-IoTInformation-Centric Networking for IoT
ICSIndustrial Control Systems
IDSIntrusion Detection Systems
IoTInternet of Things
IOTA-SRMIoT architecture-based Security Risk Management
IoTSRM2IoT Security Risk Management Strategy Model
IPSIntrusion Prevention Systems
ISOInternational Organization for Standardization
KNNk-Nearest Neighbours
LPWANLow-Power Wide-Area Networks
LSTMLong Short-Term Memory
LTE-MLong Term Evolution for Machines
LWELearning With Errors
MFAMulti-factor authentication
MLMachine Learning
MQTTMessage Queuing Telemetry Transport
MUDManufacturer Usage Description
NB-IoTNarrow Band-Internet of Things
NIDSNetwork Intrusion Detection Systems
NFTNon-Fungible Token
NISTNational Institute of Standards and Technology
OTPOne-Time Password
PKIPublic Key Infrastructure
PUFPhysically Unclonable Function
RFRandom Forest
RFCRequest For Comments
RFIDRadio Frequency Identification
SCADASupervisory Control and Data Acquisition
SI-AOSelf-Improved Aquila Optimiser
SRPsSampled Randomized Pooling Strategy
SSL-VPNSecure Sockets Layer Virtual Private Network
SVMSupport Vector Machine
TCNTemporal Convolutional Network
TEETrusted Execution Environment
TLTransfer Learning
VGG16Visual Geometry Group 16 (number of layers with learnable parameters)
VNSFsVirtual Network Security Functions

References

  1. Greengard, S. Internet of Things. In Encyclopedia Britannica; 2024; Available online: https://www.britannica.com/science/Internet-of-Things (accessed on 3 January 2025).
  2. Satyajit, S. State of IoT 2024: Number of Connected IoT Devices Growing 13% to 18.8 Billion Globally; IoT Analytics: Hamburg, Germany, 2024. [Google Scholar]
  3. Greenberg, A. Hackers Remotely Kill a Jeep on the Highway—With Me in It. Available online: https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ (accessed on 17 January 2025).
  4. Antonakakis, M.; April, T.; Bailey, M. Understanding the Mirai Botnet. In Proceedings of the 26th USENIX Security Symposium, Vancouver, BC, Canada, 16 August 2017. [Google Scholar]
  5. Smart, W. Lessons Learned Review of the WannaCry Ransomware Cyber Attack; Department of Health and Social Care: London, UK, 2018. [Google Scholar]
  6. Brewster, T. Hackers Used a Fish Tank to Breach a Casino’s High-Roller Database. Forbes. 2018. Available online: https://www.forbes.com/sites/thomasbrewster/2018/07/19/fish-tank-hack-into-casino/ (accessed on 17 January 2025).
  7. Kari, P. Dozens Sue Amazon’s Ring after Camera Hack Leads to Threats and Racial Slurs. The Guardian, 23 December 2020. Available online: https://www.theguardian.com/technology/2020/dec/23/amazon-ring-camera-hack-lawsuit-threats (accessed on 17 January 2025).
  8. Cimpanu, C. Garmin Services and Production Go Down After Ransomware Attack. Available online: https://www.zdnet.com/article/garmin-services-and-production-go-down-after-ransomware-attack/ (accessed on 17 January 2025).
  9. Easterly, J. The Attack on Colonial Pipeline: What We’ve Learned & What We’ve Done Over the Past Two Years. 2023. Available online: https://www.cisa.gov/news-events/news/attack-colonial-pipeline-what-weve-learned-what-weve-done-over-past-two-years (accessed on 15 November 2024).
  10. Montalbano, E. Breach Exposes Verkada Security Camera Footage at Tesla, Cloudflare. Threatpost 10 March 2021. Available online: https://threatpost.com/breach-verkada-security-camera-tesla-cloudflare/164635/ (accessed on 17 January 2025).
  11. Gartenberg, C. Security Startup Verkada Hack Exposes 150,000 Security Cameras in Tesla Factories, Jails, and More. 2021. Available online: https://www.theverge.com/2021/3/9/22322122/verkada-hack-150000-security-cameras-tesla-factory-cloudflare-jails-hospitals (accessed on 15 November 2024).
  12. Greenberg, A. A Hacker Tried to Poison a Florida City’s Water Supply, Officials Say. Available online: https://www.wired.com/story/oldsmar-florida-water-utility-hack/ (accessed on 17 January 2025).
  13. Kapko, M. MOVEit Liabilities Mount for Progress Software. Cybersecurity Dive. 2024. Available online: https://www.cybersecuritydive.com/news/moveit-liabilities-progress/706015/ (accessed on 17 January 2025).
  14. Ptrosyan, A. Annual Number of Internet of Things (IoT) Malware Attacks Worldwide from 2018 to 2022. Statista, Cyber Crime & Security. 2024. Available online: https://www.statista.com/statistics/1377569/worldwide-annual-internet-of-things-attacks/ (accessed on 17 January 2025).
  15. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). Off. J. Eur. Union 2016, L119, 1–88.
  16. H.R.1668—IoT Cybersecurity Improvement Act of 2020. Available online: https://www.congress.gov/bill/116th-congress/house-bill/1668 (accessed on 17 January 2025).
  17. AT&T, IBM, Nokia, Palo Alto Networks, Symantec and Trustonic Form IoT Cybersecurity Alliance. 2017. Available online: https://about.att.com/story/iot_cybersecurity_alliance.html (accessed on 1 February 2025).
  18. Caindec, K.; Buchheit, M.; Zarkout, B.; Schrecker, S.; Hirsch, F.; Dungana, I.; Martin, R.; Tseng, M. An Industry IoT Foundational Publication; AT&T Inc.: Dallas, TX, USA, 2017. [Google Scholar]
  19. CoAP RFC 7252 Constrained Application Protocol. Available online: https://datatracker.ietf.org/doc/html/rfc7252 (accessed on 15 November 2024).
  20. ISO/IEC 30141:2024; Internet of Things (IoT)—Reference Architecture. International Organization for Standardization: Geneva, Switzerland, 2024.
  21. ETSI EN 303 645; Cyber Security for Consumer Internet of Things: Baseline Requirements. European Standard. June 2020. Available online: https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf (accessed on 9 January 2025).
  22. Dritsas, E.; Trigka, M. A Survey on Cybersecurity in IoT. Future Internet 2025, 17, 30. [Google Scholar] [CrossRef]
  23. Szymoniak, S.; Piątkowski, J.; Kurkowski, M. Defense and Security Mechanisms in the Internet of Things: A Review. Appl. Sci. 2025, 15, 499. [Google Scholar] [CrossRef]
  24. Singh, N.; Buyya, R.; Kim, H. Securing Cloud-Based Internet of Things: Challenges and Mitigations. Sensors 2024, 25, 79. [Google Scholar] [CrossRef]
  25. Krzysztoń, E.; Rojek, I.; Mikołajewski, D. A Comparative Analysis of Anomaly Detection Methods in IoT Networks: An Experimental Study. Appl. Sci. 2024, 14, 11545. [Google Scholar] [CrossRef]
  26. Alshamsi, O.; Shaalan, K.; Butt, U. Towards Securing Smart Homes: A Systematic Literature Review of Malware Detection Techniques and Recommended Prevention Approach. Information 2024, 15, 631. [Google Scholar] [CrossRef]
  27. Fatima, M.; Rehman, O.; Rahman, I.M.H.; Ajmal, A.; Park, S.J. Towards Ensemble Feature Selection for Lightweight Intrusion Detection in Resource-Constrained IoT Devices. Future Internet 2024, 16, 368. [Google Scholar] [CrossRef]
  28. Kikissagbe, B.R.; Adda, M. Machine Learning-Based Intrusion Detection Methods in IoT Systems: A Comprehensive Review. Electronics 2024, 13, 3601. [Google Scholar] [CrossRef]
  29. Dritsas, E.; Trigka, M. Machine Learning for Blockchain and IoT Systems in Smart Cities: A Survey. Future Internet 2024, 16, 324. [Google Scholar] [CrossRef]
  30. Roy, S.; Sankaran, S.; Zeng, M. Green Intrusion Detection Systems: A Comprehensive Review and Directions. Sensors 2024, 24, 5516. [Google Scholar] [CrossRef]
  31. Alkhayyal, M.; Mostafa, A. Recent Developments in AI and ML for IoT: A Systematic Literature Review on LoRaWAN Energy Efficiency and Performance Optimization. Sensors 2024, 24, 4482. [Google Scholar] [CrossRef] [PubMed]
  32. Isong, B.; Kgote, O.; Abu-Mahfouz, A. Insights into Modern Intrusion Detection Strategies for Internet of Things Ecosystems. Electronics 2024, 13, 2370. [Google Scholar] [CrossRef]
  33. Gelgi, M.; Guan, Y.; Arunachala, S.; Samba Siva Rao, M.; Dragoni, N. Systematic Literature Review of IoT Botnet DDOS Attacks and Evaluation of Detection Techniques. Sensors 2024, 24, 3571. [Google Scholar] [CrossRef]
  34. Rafique, S.H.; Abdallah, A.; Musa, N.S.; Murugan, T. Machine Learning and Deep Learning Techniques for Internet of Things Network Anomaly Detection—Current Research Trends. Sensors 2024, 24, 1968. [Google Scholar] [CrossRef]
  35. Bukhowah, R.; Aljughaiman, A.; Rahman, M.M.H. Detection of DoS Attacks for IoT in Information-Centric Networks Using Machine Learning: Opportunities, Challenges, and Future Research Directions. Electronics 2024, 13, 1031. [Google Scholar] [CrossRef]
  36. Alhamarneh, R.A.; Mahinderjit Singh, M. Strengthening Internet of Things Security: Surveying Physical Unclonable Functions for Authentication, Communication Protocols, Challenges, and Applications. Appl. Sci. 2024, 14, 1700. [Google Scholar] [CrossRef]
  37. Hossain, M.; Kayas, G.; Hasan, R.; Skjellum, A.; Noor, S.; Islam, S.M.R. A Holistic Analysis of Internet of Things (IoT) Security: Principles, Practices, and New Perspectives. Future Internet 2024, 16, 40. [Google Scholar] [CrossRef]
  38. AlSalem, T.; Almaiah, M.; Lutfi, A. Cybersecurity Risk Analysis in the IoT: A Systematic Review. Electronics 2023, 12, 3958. [Google Scholar] [CrossRef]
  39. Alotaibi, B. A Survey on Industrial Internet of Things Security: Requirements, Attacks, AI-Based Solutions, and Edge Computing Opportunities. Sensors 2023, 23, 7470. [Google Scholar] [CrossRef] [PubMed]
  40. Alahmadi, A.A.; Aljabri, M.; Alhaidari, F.; Alharthi, D.J.; Rayani, G.E.; Marghalani, L.A.; Alotaibi, O.B.; Bajandouh, S.A. DDoS Attack Detection in IoT-Based Networks Using Machine Learning Models: A Survey and Research Directions. Electronics 2023, 12, 3103. [Google Scholar] [CrossRef]
  41. Chui, K.T.; Gupta, B.B.; Liu, J.; Arya, V.; Nedjah, N.; Almomani, A.; Chaurasia, P. A Survey of Internet of Things and Cyber-Physical Systems: Standards, Algorithms, Applications, Security, Challenges, and Future Directions. Information 2023, 14, 388. [Google Scholar] [CrossRef]
  42. Pritika, P.; Shanmugam, B.; Azam, S. Risk Assessment of Heterogeneous IoMT Devices: A Review. Technologies 2023, 11, 31. [Google Scholar] [CrossRef]
  43. Aslan, Ö.; Aktuğ, S.S.; Ozkan-Okay, M.; Yilmaz, A.A.; Akin, E. A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions. Electronics 2023, 12, 1333. [Google Scholar] [CrossRef]
  44. Taherdoost, H. Security and Internet of Things: Benefits, Challenges, and Future Perspectives. Electronics 2023, 12, 1901. [Google Scholar] [CrossRef]
  45. Tariq, U.; Ahmed, I.; Bashir, A.K.; Shaukat, K. A Critical Cybersecurity Analysis and Future Research Directions for the Internet of Things: A Comprehensive Review. Sensors 2023, 23, 4117. [Google Scholar] [CrossRef]
  46. Sun, P.; Wan, Y.; Wu, Z.; Fang, Z.; Li, Q. A Survey on Privacy and Security Issues in IoT-Based Environments: Technologies, Protection Measures and Future Directions. Comput. Secur. 2025, 148, 104097. [Google Scholar] [CrossRef]
  47. Kumar, S.; Kumar, D.; Dangi, R.; Choudhary, G.; Dragoni, N.; You, I. A Review of Lightweight Security and Privacy for Resource-Constrained IoT Devices. Comput. Mater. Contin. 2024, 78, 31–63. [Google Scholar] [CrossRef]
  48. Chaurasia, N.; Kumar, P. A Comprehensive Study on Issues and Challenges Related to Privacy and Security in IoT. e-Prime—Adv. Electr. Eng. Electron. Energy 2023, 4, 100158. [Google Scholar] [CrossRef]
  49. Narciandi-Rodriguez, D.; Aveleira-Mata, J.; García-Ordás, M.T.; Alfonso-Cendón, J.; Benavides, C.; Alaiz-Moretón, H. A Cybersecurity Review in IoT 5G Networks. Internet Things 2025, 30, 101478. [Google Scholar] [CrossRef]
  50. Bala, B.; Behal, S. AI Techniques for IoT-Based DDoS Attack Detection: Taxonomies, Comprehensive Review and Research Challenges. Comput. Sci. Rev. 2024, 52, 100631. [Google Scholar] [CrossRef]
  51. Kumari, P.; Jain, A.K. A Comprehensive Study of DDoS Attacks over IoT Network and Their Countermeasures. Comput. Secur. 2023, 127, 103096. [Google Scholar] [CrossRef]
  52. Makhdoom, I.; Abolhasan, M.; Franklin, D.; Lipman, J.; Zimmermann, C.; Piccardi, M.; Shariati, N. Detecting Compromised IoT Devices: Existing Techniques, Challenges, and a Way Forward. Comput. Secur. 2023, 132, 103384. [Google Scholar] [CrossRef]
  53. Unpacking IoT Architecture: Layers and Components Explained. Available online: https://deviceauthority.com/unpacking-iot-architecture-layers-and-components-explained/ (accessed on 3 December 2024).
  54. Domínguez-Bolaño, T.; Campos, O.; Barral, V.; Escudero, C.J.; García-Naya, J.A. An Overview of IoT Architectures, Technologies, and Existing Open-Source Projects. Internet Things 2022, 20, 100626. [Google Scholar] [CrossRef]
  55. Rai, S. How to Greatly Improve Battery Power Efficiency for IoT Devices, Analog Devices, Technical Articles, March 6 2023. Available online: https://www.analog.com/en/resources/technical-articles/greatly-improve-battery-power-efficiency-for-iot-devices.html (accessed on 18 January 2025).
  56. Borres, B.; Tenorio, N. How Integrated On/Off Controllers Contribute to Energy Efficient System Designs. Available online: https://www.analog.com/en/resources/analog-dialogue/articles/integrated-on-off-controllers-contribute-to-energy-eff.html (accessed on 1 February 2025).
  57. Rottleuthner, M.; Schmidt, T.C.; Wählisch, M. Dynamic Clock Reconfiguration for the Constrained IoT and Its Application to Energy-Efficient Networking. arXiv 2021, arXiv:2102.10353. [Google Scholar]
  58. Tkhir, P. 4 Types of IoT Networks: Overview and Use Cases. 2023. Available online: https://euristiq.com/types-of-iot-networks/ (accessed on 18 January 2025).
  59. Alabsi, B.; Anbar, M.; Rihan, S. Conditional Tabular Generative Adversarial Based Intrusion Detection System for Detecting Ddos and Dos Attacks on the Internet of Things Networks. Sensors 2023, 23, 5644. [Google Scholar] [CrossRef]
  60. Mishra, N.; Pandya, S. Internet of Things Applications, Security Challenges, Attacks, Intrusion Detection, and Future Visions: A Systematic Review. IEEE Access 2021, 9, 59353–59377. [Google Scholar] [CrossRef]
  61. Garg, U.; Kumar, S.; Mahanti, A. IMTIBOT: An Intelligent Mitigation Technique for IoT Botnets. Future Internet 2024, 16, 212. [Google Scholar] [CrossRef]
  62. Chen, Z.; Liu, J.; Shen, Y.; Simsek, M.; Kantarci, B.; Mouftah, H.T.; Djukic, P. Machine Learning-Enabled IoT Security: Open Issues and Challenges Under Advanced Persistent Threats. ACM Comput. Surv. 2023, 55, 105. [Google Scholar] [CrossRef]
  63. Woodiss-Field, A.; Johnstone, M.N.; Haskell-Dowland, P. Examination of Traditional Botnet Detection on IoT-Based Bots. Sensors 2024, 24, 1027. [Google Scholar] [CrossRef] [PubMed]
  64. Beshah, Y.K.; Abebe, S.L.; Melaku, H.M. Drift Adaptive Online DDoS Attack Detection Framework for IoT System. Electronics 2024, 13, 1004. [Google Scholar] [CrossRef]
  65. Altulaihan, E.; Almaiah, M.A.; Aljughaiman, A. Anomaly Detection IDS for Detecting DoS Attacks in IoT Networks Based on Machine Learning Algorithms. Sensors 2024, 24, 713. [Google Scholar] [CrossRef] [PubMed]
  66. Farraj, A.; Hammad, E. A Physical-Layer Security Cooperative Framework for Mitigating Interference and Eavesdropping Attacks in Internet of Things Environments. Sensors 2024, 24, 5171. [Google Scholar] [CrossRef]
  67. Li, M.; Dou, Z. Active Eavesdropping Detection: A Novel Physical Layer Security in Wireless IoT. EURASIP J. Adv. Signal Process. 2023, 2023, 119. [Google Scholar] [CrossRef]
  68. Kim, M.; Suh, T. Eavesdropping Vulnerability and Countermeasure in Infrared Communication for IoT Devices. Sensors 2021, 21, 8207. [Google Scholar] [CrossRef] [PubMed]
  69. Moubayed, A. A Complete EDA and DL Pipeline for Softwarized 5G Network Intrusion Detection. Future Internet 2024, 16, 331. [Google Scholar] [CrossRef]
  70. Kilichev, D.; Turimov, D.; Kim, W. Next–Generation Intrusion Detection for IoT EVCS: Integrating CNN, LSTM, and GRU Models. Mathematics 2024, 12, 571. [Google Scholar] [CrossRef]
  71. Abdelhamid, S.; Hegazy, I.; Aref, M.; Roushdy, M. Attention-Driven Transfer Learning Model for Improved IoT Intrusion Detection. BDCC 2024, 8, 116. [Google Scholar] [CrossRef]
  72. Chen, J.; Xiao, J.; Xu, J. VGGIncepNet: Enhancing Network Intrusion Detection and Network Security through Non-Image-to-Image Conversion and Deep Learning. Electronics 2024, 13, 3639. [Google Scholar] [CrossRef]
  73. Hu, L.; Zhao, B.; Wang, G. A Network Device Identification Method Based on Packet Temporal Features and Machine Learning. Appl. Sci. 2024, 14, 7954. [Google Scholar] [CrossRef]
  74. Aroon, N.; Liu, V.; Kane, L.; Li, Y.; Tesfamicael, A.D.; McKague, M. An Architecture of Enhanced Profiling Assurance for IoT Networks. Electronics 2024, 13, 2832. [Google Scholar] [CrossRef]
  75. Habibi, O.; Chemmakha, M.; Lazaar, M. Imbalanced Tabular Data Modelization Using CTGAN and Machine Learning to Improve IoT Botnet Attacks Detection. Eng. Appl. Artif. Intell. 2023, 118, 105669. [Google Scholar] [CrossRef]
  76. Alani, M.M. BotStop: Packet-Based Efficient and Explainable IoT Botnet Detection Using Machine Learning. Comput. Commun. 2022, 193, 53–62. [Google Scholar] [CrossRef]
  77. de Caldas Filho, F.L.; Soares, S.C.M.; Oroski, E.; de Oliveira Albuquerque, R.; da Mata, R.Z.A.; de Mendonça, F.L.L.; de Sousa Júnior, R.T. Botnet Detection and Mitigation Model for IoT Networks Using Federated Learning. Sensors 2023, 23, 6305. [Google Scholar] [CrossRef]
  78. Negera, W.G.; Schwenker, F.; Debelee, T.G.; Melaku, H.M.; Feyisa, D.W. Lightweight Model for Botnet Attack Detection in Software Defined Network-Orchestrated IoT. Appl. Sci. 2023, 13, 4699. [Google Scholar] [CrossRef]
  79. Thakkar, A.; Lohiya, R. Attack Classification of Imbalanced Intrusion Data for IoT Network Using Ensemble-Learning-Based Deep Neural Network. IEEE Internet Things J. 2023, 10, 11888–11895. [Google Scholar] [CrossRef]
  80. Yang, C.; Guan, W.; Fang, Z. IoT Botnet Attack Detection Model Based on DBO-Catboost. Appl. Sci. 2023, 13, 7169. [Google Scholar] [CrossRef]
  81. Hossain, M.A.; Islam, M.S. A Novel Hybrid Feature Selection and Ensemble-Based Machine Learning Approach for Botnet Detection. Sci. Rep. 2023, 13, 21207. [Google Scholar] [CrossRef] [PubMed]
  82. He, M.; Huang, Y.; Wang, X.; Wei, P.; Wang, X. A Lightweight and Efficient IoT Intrusion Detection Method Based on Feature Grouping. IEEE Internet Things J. 2024, 11, 2935–2949. [Google Scholar] [CrossRef]
  83. Awajan, A. A Novel Deep Learning-Based Intrusion Detection System for IoT Networks. Computers 2023, 12, 34. [Google Scholar] [CrossRef]
  84. Eghmazi, A.; Ataei, M.; Landry, R.J.; Chevrette, G. Enhancing IoT Data Security: Using the Blockchain to Boost Data Integrity and Privacy. IoT 2024, 5, 20–34. [Google Scholar] [CrossRef]
  85. Khan, B.U.I.; Goh, K.W.; Khan, A.R.; Zuhairi, M.F.; Chaimanee, M. Integrating AI and Blockchain for Enhanced Data Security in IoT-Driven Smart Cities. Processes 2024, 12, 1825. [Google Scholar] [CrossRef]
  86. Wei, P.; Wang, D.; Zhao, Y.; Tyagi, S.K.S.; Kumar, N. Blockchain Data-Based Cloud Data Integrity Protection Mechanism. Future Gener. Comput. Syst. 2020, 102, 902–911. [Google Scholar] [CrossRef]
  87. Jena, S.K.; Barik, R.C.; Priyadarshini, R. A Systematic State-of-Art Review on Digital Identity Challenges with Solutions Using Conjugation of IOT and Blockchain in Healthcare. Internet Things 2024, 25, 101111. [Google Scholar] [CrossRef]
  88. Song, Z.; Yan, E.; Song, J.; Jiang, R.; Yu, Y.; Chen, T. A Blockchain-Based Digital Identity System with Privacy, Controllability, and Auditability. Arab. J. Sci. Eng. 2024. [Google Scholar] [CrossRef]
  89. Xu, H.; Li, Y.; Balogun, O.; Wu, S.; Wang, Y.; Cai, Z. Security Risks Concerns of Generative AI in the IoT. IEEE Internet Things Mag. 2024, 7, 62–67. [Google Scholar] [CrossRef]
  90. Wang, X.; Wan, Z.; Hekmati, A.; Zong, M.; Alam, S.; Zhang, M.; Krishnamachari, B. IoT in the Era of Generative AI: Vision and Challenges. arXiv 2024, arXiv:2401.01923. [Google Scholar]
  91. Wang, F.; Gai, Y.; Zhang, H. Blockchain User Digital Identity Big Data and Information Security Process Protection Based on Network Trust. J. King Saud. Univ.—Comput. Inf. Sci. 2024, 36, 102031. [Google Scholar] [CrossRef]
  92. Yang, Z.; Liu, Y.; Jin, X.; Luo, X.; Xu, Y.; Li, M.; Chen, P.; Tang, B.; Lin, B. BDIDA-IoT: A Blockchain-Based Decentralized Identity Architecture Enhances the Efficiency of IoT Data Flow. Appl. Sci. 2024, 14, 1807. [Google Scholar] [CrossRef]
  93. Maeng, J.; Heo, Y.; Joe, I. Hyperledger Fabric-Based Lightweight Group Management (H-LGM) for IoT Devices. IEEE Access 2022, 10, 56401–56409. [Google Scholar] [CrossRef]
  94. Mohammed, M.A.; Wahab, H.B.A. Enhancing IoT Data Security with Lightweight Blockchain and Okamoto Uchiyama Homomorphic Encryption. Comput. Model. Eng. Sci. 2024, 138, 1731–1748. [Google Scholar] [CrossRef]
  95. Fan, S.; Wang, J. Multi-Dimension-Precision Chaotic Encryption Mechanism for Internet of Things. Internet Things 2024, 26, 101202. [Google Scholar] [CrossRef]
  96. Jose Diaz Rivera, J.; Muhammad, A.; Song, W.-C. Securing Digital Identity in the Zero Trust Architecture: A Blockchain Approach to Privacy-Focused Multi-Factor Authentication. IEEE Open J. Commun. Soc. 2024, 5, 2792–2814. [Google Scholar] [CrossRef]
  97. Bojič Burgos, J.; Pustišek, M. Decentralized IoT Data Authentication with Signature Aggregation. Sensors 2024, 24, 1037. [Google Scholar] [CrossRef] [PubMed]
  98. Saideh, M.; Jamont, J.-P.; Vercouter, L. Opportunistic Sensor-Based Authentication Factors in and for the Internet of Things. Sensors 2024, 24, 4621. [Google Scholar] [CrossRef] [PubMed]
  99. Munshi, A.; Alshawi, B. Hybrid Encryption Model for Secured Three-Phase Authentication Protocol in IoT. J. Sens. Actuator Netw. 2024, 13, 41. [Google Scholar] [CrossRef]
  100. Tun, N.W.; Mambo, M. Secure PUF-Based Authentication Systems. Sensors 2024, 24, 5295. [Google Scholar] [CrossRef]
  101. Zhang, B.; Zhang, T.; Xi, Z.; Chen, P.; Wei, J.; Liu, Y. Secure Device-to-Device Communication in IoT: Fuzzy Identity from Wireless Channel State Information for Identity-Based Encryption. Electronics 2024, 13, 984. [Google Scholar] [CrossRef]
  102. Wang, J.; Li, J. Blockchain and Access Control Encryption-Empowered IoT Knowledge Sharing for Cloud-Edge Orchestrated Personalized Privacy-Preserving Federated Learning. Appl. Sci. 2024, 14, 1743. [Google Scholar] [CrossRef]
  103. Fenner, J.; Galeas, P.; Escobar, F.; Neira, R. Secure IoT Communication: Implementing a One-Time Pad Protocol with True Random Numbers and Secure Multiparty Sums. Appl. Sci. 2024, 14, 5354. [Google Scholar] [CrossRef]
  104. Höglund, J.; Bouget, S.; Furuhed, M.; Preuß Mattsson, J.; Selander, G.; Raza, S. AutoPKI: Public Key Infrastructure for IoT with Automated Trust Transfer. Int. J. Inf. Secur. 2024, 23, 1859–1875. [Google Scholar] [CrossRef]
  105. El-Hajj, M.; Beune, P. Decentralized Zone-Based PKI: A Lightweight Security Framework for IoT Ecosystems. Information 2024, 15, 304. [Google Scholar] [CrossRef]
  106. Zhang, J.; Ouda, A.; Abu-Rukba, R. Authentication and Key Agreement Protocol in Hybrid Edge–Fog–Cloud Computing Enhanced by 5G Networks. Future Internet 2024, 16, 209. [Google Scholar] [CrossRef]
  107. Baird, I.; Ghaleb, B.; Wadhaj, I.; Russell, G.; Buchanan, W.J. Securing IoT: Mitigating Sybil Flood Attacks with Bloom Filters and Hash Chains. Electronics 2024, 13, 3467. [Google Scholar] [CrossRef]
  108. Zerrouki, F.; Ouchani, S.; Bouarfa, H. PUF-Based Mutual Authentication and Session Key Establishment Protocol for IoT Devices. J. Ambient. Intell. Humaniz. Comput. 2023, 14, 12575–12593. [Google Scholar] [CrossRef]
  109. Nimmy, K.; Sankaran, S.; Achuthan, K. A Novel Lightweight PUF Based Authentication Protocol for IoT without Explicit CRPs in Verifier Database. J. Ambient. Intell. Humaniz. Comput. 2023, 14, 6227–6242. [Google Scholar] [CrossRef]
  110. Ramachandraiah, K.R.D.; Bommagani, N.J.; Jayapal, P.K. Enhancing Healthcare Data Security in IoT Environments Using Blockchain and DCGRU with Twofish Encryption. Inf. Dyn. Appl. 2023, 2, 173–185. [Google Scholar] [CrossRef]
  111. Zhang, S.; Du, X.; Liu, X. A Novel and Quantum-Resistant Handover Authentication Protocol in IoT Environment. Wirel. Netw. 2023, 29, 2873–2890. [Google Scholar] [CrossRef]
  112. Chen, Z.; Cheng, Z.; Luo, W.; Ao, J.; Liu, Y.; Sheng, K.; Chen, L. FSMFA: Efficient Firmware-Secure Multi-Factor Authentication Protocol for IoT Devices. Internet Things 2023, 21, 100685. [Google Scholar] [CrossRef]
  113. Román, R.; Arjona, R.; Baturone, I. A Quantum-Safe Authentication Scheme for IoT Devices Using Homomorphic Encryption and Weak Physical Unclonable Functions with No Helper Data. Internet Things 2024, 28, 101389. [Google Scholar] [CrossRef]
  114. Rehman, M.U.; Shafqiue, A. Robust Encryption Framework for IoT Devices Based on Bit-Plane Extraction, Chaotic Sine Models, and Quantum Operations. Internet Things 2024, 27, 101241. [Google Scholar] [CrossRef]
  115. Hou, J.; Peng, C.; Tan, W. A Lattice-Based Data Sharing Functional Encryption Scheme with HRA Security for IoT. Expert. Syst. Appl. 2024, 254, 124355. [Google Scholar] [CrossRef]
  116. Deng, W.; Li, J.; Yan, H.; Voundi Koe, A.S.; Huang, T.; Wang, J.; Peng, C. Self-Sovereign Identity Management in Ciphertext Policy Attribute Based Encryption for IoT Protocols. J. Inf. Secur. Appl. 2024, 86, 103885. [Google Scholar] [CrossRef]
  117. Gasmi, M.; Kerdoudi, M.L.; Bachir, A. Load-Balanced Attribute-Based Outsourced Encryption for Constrained IoT Devices. Comput. Electr. Eng. 2024, 118, 109424. [Google Scholar] [CrossRef]
  118. Velmurugan, P.; Senthil kumar, K.; Sridhar, S.S.; Gotham, E. An Advanced and Effective Encryption Methodology Used for Modern IoT Security. Mater. Today Proc. 2023, 81, 389–394. [Google Scholar] [CrossRef]
  119. Achkouty, F.; Gallon, L.; Chbeir, R. RDSC: Range-Based Device Spatial Clustering for IoT Networks. Sensors 2024, 24, 5851. [Google Scholar] [CrossRef]
  120. Ehmer, J.; Savaria, Y.; Granado, B.; David, J.-P.; Denoulet, J. Network Attack Classification with a Shallow Neural Network for Internet and Internet of Things (IoT) Traffic. Electronics 2024, 13, 3318. [Google Scholar] [CrossRef]
  121. Canavese, D.; Mannella, L.; Regano, L.; Basile, C. Security at the Edge for Resource-Limited IoT Devices. Sensors 2024, 24, 590. [Google Scholar] [CrossRef]
  122. Singh, C.; Kumar, M.; Upadhyay, M.; Chauhan, P.; Sharma, M. A 6G Network: Future of Nations? Challenges in 6G Communications. Tuijin Jishu/J. Propuls. Technol. 2023, 44, 73–76. [Google Scholar]
  123. Maduranga, M.W.P.; Tilwari, V.; Rathnayake, R.M.M.R.; Sandamini, C. AI-Enabled 6G Internet of Things: Opportunities, Key Technologies, Challenges, and Future Directions. Telecom 2024, 5, 804–822. [Google Scholar] [CrossRef]
  124. Bakhshi, T.; Ghita, B.; Kuzminykh, I. A Review of IoT Firmware Vulnerabilities and Auditing Techniques. Sensors 2024, 24, 708. [Google Scholar] [CrossRef]
  125. Al Hanif, A.; Ilyas, M. Effective Feature Engineering Framework for Securing MQTT Protocol in IoT Environments. Sensors 2024, 24, 1782. [Google Scholar] [CrossRef]
  126. Long, Z.; Yan, H.; Shen, G.; Zhang, X.; He, H.; Cheng, L. A Transformer-Based Network Intrusion Detection Approach for Cloud Security. J. Cloud Comput. 2024, 13, 5. [Google Scholar] [CrossRef]
  127. Rajan, D.M.; Aravindhar, D.J. Detection and Mitigation of DDOS Attack in SDN Environment Using Hybrid CNN-LSTM. Migr. Lett. 2023, 20, 407–419. [Google Scholar] [CrossRef]
  128. Sarhan, M.; Layeghy, S.; Moustafa, N.; Gallagher, M.; Portmann, M. Feature Extraction for Machine Learning-Based Intrusion Detection in IoT Networks. Digit. Commun. Netw. 2024, 10, 205–216. [Google Scholar] [CrossRef]
  129. Hu, Z. Knowledge Graph Based Large Scale Network Security Threat Detection Techniques. Appl. Math. Nonlinear Sci. 2024, 9. [Google Scholar] [CrossRef]
  130. Oktian, Y.E.; Le, T.-T.-H.; Jo, U.; Laksmono, A.M.A.; Kim, H. Secure Decentralized Firmware Update Delivery Service for Internet of Things. Internet Things 2024, 26, 101136. [Google Scholar] [CrossRef]
  131. Nguyen, H.D.; Le Sommer, N.; Mahéo, Y. Over-the-Air Firmware Update in LoRaWAN Networks: A New Module-Based Approach. Procedia Comput. Sci. 2024, 241, 154–161. [Google Scholar] [CrossRef]
  132. Cheng, Y.; Yang, S.; Lang, Z.; Shi, Z.; Sun, L. VERI: A Large-Scale Open-Source Components Vulnerability Detection in IoT Firmware. Comput. Secur. 2023, 126, 103068. [Google Scholar] [CrossRef]
  133. Verderame, L.; Ruggia, A.; Merlo, A. PARIOT: Anti-Repackaging for IoT Firmware Integrity. J. Netw. Comput. Appl. 2023, 217, 103699. [Google Scholar] [CrossRef]
  134. Kaushik, K.; Bhardwaj, A.; Dahiya, S. Framework to Analyze and Exploit the Smart Home IoT Firmware. Meas. Sens. 2025, 37, 101406. [Google Scholar] [CrossRef]
  135. Xu, J.; Zhaojun, X.; Wenli, Y.; Hu, W.; Cabani, A.; Xinrong, H. An Intelligent Mechanism for Dynamic Spectrum Sharing in 5G IoT Networks. Expert Syst. Appl. 2024, 252, 124122. [Google Scholar] [CrossRef]
  136. Alkhaldi, T.M.; Darem, A.A.; Alhashmi, A.A.; Al-Hadhrami, T.; Osman, A.E. Enhancing Smart City IoT Communication: A Two-Layer NOMA-Based Network with Caching Mechanisms and Optimized Resource Allocation. Comput. Netw. 2024, 255, 110857. [Google Scholar] [CrossRef]
  137. Ortiz-Ruiz, E.; Bermejo, J.R.; Sicilia, J.A.; Bermejo, J. Machine Learning Techniques for Cyberattack Prevention in IoT Systems: A Comparative Perspective of Cybersecurity and Cyberdefense in Colombia. Electronics 2024, 13, 824. [Google Scholar] [CrossRef]
  138. Valencia-Arias, A.; González-Ruiz, J.D.; Verde Flores, L.; Vega-Mori, L.; Rodríguez-Correa, P.; Sánchez Santos, G. Machine Learning and Blockchain: A Bibliometric Study on Security and Privacy. Information 2024, 15, 65. [Google Scholar] [CrossRef]
  139. El-Sofany, H.; El-Seoud, S.A.; Karam, O.H.; Bouallegue, B. Using Machine Learning Algorithms to Enhance IoT System Security. Sci. Rep. 2024, 14, 12077. [Google Scholar] [CrossRef]
  140. Priyadarshini, I. Anomaly Detection of IoT Cyberattacks in Smart Cities Using Federated Learning and Split Learning. Big Data Cogn. Comput. 2024, 8, 21. [Google Scholar] [CrossRef]
  141. Alrubayyi, H.; Alshareef, M.S.; Nadeem, Z.; Abdelmoniem, A.M.; Jaber, M. Security Threats and Promising Solutions Arising from the Intersection of AI and IoT: A Study of IoMT and IoET Applications. Future Internet 2024, 16, 85. [Google Scholar] [CrossRef]
  142. Tekin, N.; Acar, A.; Aris, A.; Uluagac, A.S.; Gungor, V.C. Energy Consumption of On-Device Machine Learning Models for IoT Intrusion Detection. Internet Things 2023, 21, 100670. [Google Scholar] [CrossRef]
  143. Coppolino, L.; D’Antonio, S.; Mazzeo, G.; Uccello, F. The Good, the Bad, and the Algorithm: The Impact of Generative AI on Cybersecurity. Neurocomputing 2025, 623, 129406. [Google Scholar] [CrossRef]
  144. Xie, H.; Zheng, J.; He, T.; Wei, S.; Hu, C. TEBDS: A Trusted Execution Environment-and-Blockchain-Supported IoT Data Sharing System. Future Gener. Comput. Syst. 2023, 140, 321–330. [Google Scholar] [CrossRef]
  145. Kandasamy, K.; Srinivas, S.; Achuthan, K.; Rangan, V.P. IoT Cyber Risk: A Holistic Analysis of Cyber Risk Assessment Frameworks, Risk Vectors, and Risk Ranking Process. EURASIP J. Inf. Secur. 2020, 2020, 8. [Google Scholar] [CrossRef]
  146. Parsons, E.K.; Panaousis, E.; Loukas, G.; Sakellari, G. A Survey on Cyber Risk Management for the Internet of Things. Appl. Sci. 2023, 13, 9032. [Google Scholar] [CrossRef]
  147. Affia, A.O.; Nolte, A.; Matulevičius, R. IoT Security Risk Management: A Framework and Teaching Approach. Inform. Educ. 2023, 22, 555–588. [Google Scholar] [CrossRef]
  148. Popescu, T.; Popescu, A.; Prostean, G. IoT Security Risk Management Strategy Reference Model (IoTSRM2). Future Internet 2021, 13, 148. [Google Scholar] [CrossRef]
  149. Shaffique, M.R. Cyber Resilience Act 2022: A Silver Bullet for Cybersecurity of IoT Devices or a Shot in the Dark? Comput. Law Secur. Rev. 2024, 54, 106009. [Google Scholar] [CrossRef]
  150. Czekster, R.M.; Webber, T.; Furstenau, L.B.; Marcon, C. Dynamic Risk Assessment Approach for Analysing Cyber Security Events in Medical IoT Networks. Internet Things 2025, 29, 101437. [Google Scholar] [CrossRef]
  151. Halgamuge, M.N.; Niyato, D. Adaptive Edge Security Framework for Dynamic IoT Security Policies in Diverse Environments. Comput. Secur. 2025, 148, 104128. [Google Scholar] [CrossRef]
  152. Beyrouti, M.; Lounis, A.; Lussier, B.; Bouabdallah, A.; Samhat, A.E. Vulnerability-Oriented Risk Identification Framework for IoT Risk Assessment. Internet Things 2024, 27, 101333. [Google Scholar] [CrossRef]
Computers 14 00061 g001
Figure 1. Estimated IoT-connected devices (in billions) in the past 10 years [2].
Figure 1. Estimated IoT-connected devices (in billions) in the past 10 years [2].
Computers 14 00061 g001
Computers 14 00061 g002
Figure 2. Estimated annual number of IoT malware attacks (in millions) 2018–2022 [14].
Figure 2. Estimated annual number of IoT malware attacks (in millions) 2018–2022 [14].
Computers 14 00061 g002
Computers 14 00061 g003
Figure 3. Three-layered IoT system architecture [35].
Figure 3. Three-layered IoT system architecture [35].
Computers 14 00061 g003
Computers 14 00061 g004
Figure 4. PRISMA Flow—the selection procedure.
Figure 4. PRISMA Flow—the selection procedure.
Computers 14 00061 g004
Computers 14 00061 g005
Figure 5. Number of articles by sources.
Figure 5. Number of articles by sources.
Computers 14 00061 g005
Computers 14 00061 g006
Figure 6. Articles from MDPI by journals.
Figure 6. Articles from MDPI by journals.
Computers 14 00061 g006
Computers 14 00061 g007
Figure 7. DDoS attack by botnets.
Figure 7. DDoS attack by botnets.
Computers 14 00061 g007
Computers 14 00061 g008
Figure 8. Emergent technologies: research interest trends.
Figure 8. Emergent technologies: research interest trends.
Computers 14 00061 g008
Computers 14 00061 g009
Figure 9. Heatmap depicting the prevalence of Emergent Technologies across identified categories (red—0% prevalence, yellow—below 20% prevalence, green and its varying shades represent prevalence above 20%, with darker shades signifying higher prevalence).
Figure 9. Heatmap depicting the prevalence of Emergent Technologies across identified categories (red—0% prevalence, yellow—below 20% prevalence, green and its varying shades represent prevalence above 20%, with darker shades signifying higher prevalence).
Computers 14 00061 g009
Computers 14 00061 g010
Figure 10. Articles classified by identified categories.
Figure 10. Articles classified by identified categories.
Computers 14 00061 g010
Table 1. Significant IoT-related attacks 2015–2024.
Table 1. Significant IoT-related attacks 2015–2024.
YearAttackTargeted IoT DomainProcess DescriptionImpact
2015Jeep Cherokee Hack [3,4]Automotive IoTSecurity researchers remotely controlled a Jeep via its IoT-connected systems.Chrysler recalled 1.4M vehicles for security upgrades.
2016Mirai Botnet Attack [4]IoT Consumer DevicesMalware infected IoT devices like routers and cameras, creating a massive botnet.Major websites disrupted; large-scale DDoS attacks.
2017WannaCry Ransomware [5]Industrial IoTExploited unpatched systems in IoT-connected healthcare devices and networks.$4 billion in damages globally; disrupted hospitals and critical infrastructure.
2018Casino IoT Thermometer Hack [6]Smart AquariumAttackers used an IoT-connected thermometer to access a casino’s high-roller database.Sensitive customer data stolen; significant reputational damage.
2019Ring Doorbell Hacks [7]Consumer IoT DevicesHackers accessed poorly secured Ring IoT cameras, spying on and harassing users.Privacy violations; public outcry over security flaws.
2020Garmin Ransomware Attack [8]IoT Fitness DevicesRansomware disabled Garmin’s IoT-connected services, including aviation and fitness.Multi-day outage; $10M ransom reportedly paid.
2021Colonial Pipeline Ransomware [9]Energy InfrastructureHackers exploited compromised credentials to access pipeline’s IoT-linked systems.Shutdown of pipeline; $4.4M ransom paid; fuel shortages.
2021Verkada Camera Hack [10,11]IoT Surveillance CamerasAttackers accessed 150,000 IoT cameras due to exposed admin credentials.Exposure of videos from Tesla, hospitals, and jails.
2023Oldsmar Water Treatment Attack [12]Public UtilitiesHackers attempted to change chemical levels in drinking water via IoT SCADA systems.Potential public health threat; system restored quickly.
2023–2024MOVEit Data Breach [13]Managed File Transfer ToolExploitation of a zero-day vulnerability in IoT-adjacent systems.Data of millions exposed; over $100M in regulatory fines/penalties.
Table 2. Comparative analysis of recent IoT security review papers, categorized by key security focus areas.
Table 2. Comparative analysis of recent IoT security review papers, categorized by key security focus areas.
ReviewAttack DetectionData Management and ProtectionSecuring Identity ManagementCommunication and NetworkingEmerging TechnologiesRisk ManagementDomain
Our Work
[22]-partially-General
[23]----General
[24]---General
[25]---partially-Consumer
[26]----Smart Homes
[27]---partially-General
[28]---partially-General
[29]----Smart cities
[30]---partially-General
[31]----General
[32]---partially-General
[33]---partially-General
[34]---partially-General
[35]---partially-ICN-IoT
[36]----General
[37]partially-General
[38]--partially-General
[39]--partially-IIoT
[40]---partially-General
[41]---partially-General
[42]-----IoMT
[43]--General
[44]---General
[45]----General
[46]-partially-General
[47]----Resource-constrained
[48]-----General
[49]-----General
[50]partially-General
[51]---partially-General
[52]----General
√ indicates the presence of a discussion about the category. - denotes the absence of a discussion.
Table 3. Category identification and targeted issues.
Table 3. Category identification and targeted issues.
CategoriesRelated ChallengesTargeted IssuesReferences
Attack detectionIncreasing number of cyberattacks on IoT devices, difficulty in detecting attacks in real time.Intrusion and
anomaly detection;
DDoS attacks;
Eavesdropping attacks;
Concept drift detection and adaptation;
Botnet detection;
Cyberattacks		[35,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83]
Data management and protectionVulnerabilities in the storage and transfer of sensitive data, privacy risks.Data security;
Data privacy;
Digital Identity and Identity-based encryption;
Generative AI		[84,85,86,87,88,89,90,91,92,93,94,95]
Securing identity managementAuthentication of users and devices, management of unauthorised access.Device identification;
Authorization;		[73,85,87,88,91,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118]
Communication and NetworkingSecurity of communications between IoT devices, risks associated with open networks.Network security;
Firmware;
5G and 6G networks		[62,72,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136]
Emergent technologiesIntegrating emerging technologies into IoT security solutions.Machine learning;
Blockchain;
Artificial intelligence;
Edge Computing;
Fog Computing		[35,59,61,62,63,64,65,69,70,71,72,73,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,96,102,110,119,120,121,123,127,128,129,130,132,137,138,139,140,141,142,143,144]
Risk managementIdentify, address, and mitigate potential risks associated with security and privacy in IoT.Risk management frameworks[145,146,147,148,149,150,151,152]
Table 4. Key challenges and solutions in attack detection.
Table 4. Key challenges and solutions in attack detection.
ChallengeRelated ChallengesKey ThreatsSolutions
Anomaly detection in IoTManaging data diversity and scalability in the IoT ecosystemLimited scalability and resilience in detecting cyberattacksIntegration of ML techniques such as Incremental Learning, Transfer Learning, and Deep Learning to obtain scalable and adaptable models able to handle concept drift
References[60,69,70,71,83]
Detection and Prevention of DDoS and Botnet attacksResponse time optimisation, limited computational resources of devicesContinuous evolution of DDoS, Botnet attacks, and inability of the system to adapt in real timeUsing ML techniques to improve response time, system adaptability, and network traffic classification
References[35,59,61,62,63,64,65,72,73,75,76,77,78,80,81,82]
Anomaly detection efficiencyHigh number of false alarms, balancing detection accuracy and resource consumptionHigh resource consumption required by traditional detection systemsUse of ML methods for intrusion detection, collaborative systems for effort sharing;
Selection of the right architecture
References[61,66,71,74,79]
Eavesdropping attack detectionUnauthorised interception of communication signal, difficulty of detection in low signal-to-noise ratio environmentsBalancing the effectiveness of signal disruption for malicious devices without degradation of quality for legitimate users, detection of interception when signal is weakIntroducing intentional signal perturbations to disrupt eavesdroppers;
Backpropagation neural network model specifically designed for detecting eavesdropping attacks in low SNR scenarios;
Signal encryption or modulation techniques to protect against unauthorised interception
References[66,67,68]
Table 5. Key challenges and solutions in data management and protection.
Table 5. Key challenges and solutions in data management and protection.
ChallengeRelated ChallengesKey ThreatsSolutions
Data Privacy and SecurityEnsuring data integrity and secure storage on decentralised networks and in the CloudData access by unauthorised entities and attacks on data integrityBlockchain-based frameworks (Hyperledger Fabric), decentralised data management, encrypted data structures, and federated learning to ensure data privacy by preventing unauthorised access
References[84,85,86,92,93,94,95]
Securing Digital IdentityMitigating unauthorised access and maintaining accurate lifecycle management of identitiesHandling a large number of transactions and identity verifications efficiently in a decentralised system,
protecting against brute-force and advanced cryptographic attacks, ensuring encryption mechanisms are robust and dynamic		Separation of identity verification and credential issuance;
Linkable ring signatures, smart contracts, encrypted SSL-VPN channels;
Robust security classifications and access controls
References[87,88,91]
Data privacy and integrity in context of Generative AI technologiesProtecting sensitive data across distributed systems while balancing security, computational efficiency, and privacy during AI model training, aggregation, and inferenceData breaches, unauthorised access, exploitation of sensitive user inputs, and privacy leakage during Federated Learning model aggregationEmploying encryption, anonymization, and multi-level security mechanisms,
Using Trusted Execution Environments to protect data inputs during model inference
References[89,90]
Table 6. Key challenges and solutions in securing identity management.
Table 6. Key challenges and solutions in securing identity management.
ChallengeRelated ChallengesKey ThreatsSolutions
Device identificationDevice identification managementUnauthorised access, data breaches, instability of wireless channels, single points of failure, identity privacy vulnerabilities, and insufficient protection in IoT and blockchain-based identity systemsBlockchain and Edge Computing based multilevel frameworks;
Cryptographic techniques like zero-knowledge proofs, AES, ring signatures, distributed authentication mechanisms, and secure data-sharing protocols;
Device identification using time series;
Physically Unclonable Functions with Fuzzy Extractors;
Geometric threshold secret-sharing in PUFs;
Firmware-Secure Multi-Factor Authentication;
Zero-trust digital identity model;
References[73,87,88,91,96,100,101,102,107,108,109,110,112,113,118]
AuthenticationSecuring credentials in low-resource environmentsIncreased vulnerability due to limited resources in the authentication contextUsing Ethereum Layer 2 roll-ups; mutual authentication, decentralised PKI, one-time pad encryption, sensor-based verification, ECC-AES encryption, and automated IoT trust transfer;
Lattice cipher NTRU based protocol;
Lattice-based proxy re-encryption (ACPRE) with dual access policies;
Quantum-enhanced encryption frameworks;
References[85,97,98,99,103,104,105,106,111,114,115,116,117]
Table 7. Key challenges and solutions in communication and networking.
Table 7. Key challenges and solutions in communication and networking.
ChallengeRelated ChallengesKey ThreatsSolutions
Firmware securityEnsuring firmware security in context of diverse IoT device ecosystemsFirmware vulnerabilities leading to unauthorised access, data breaches, and exploitation by attackers through unpatched or outdated software.Developing IoT security standards, leveraging emerging technologies for adaptive solutions, employing reverse engineering for firmware analysis, and implementing hybrid frameworks for unified security approaches;
Blockchain-based decentralized firmware update mechanism;
Large-scale vulnerability detection system;
Self-protecting anti-tampering firmware scheme
References[124,130,131,132,133,134]
Network Scalability and Load BalancingDealing with the diversity of connected device types and resource requirements;
Optimise resource allocation		Scalability with increasing devices connected to the system, impacting load management and resource utilisationGrouping devices based on capacity and coverage;
Load balancing optimisation protocols;
Dynamic feature selection for efficient data processing
References[72,119,120,121,125,126,127,128,129,136]
Integrating 6G in IoTManaging high-speed data transfer, spectrum allocation, and latency requirementsSpectrum availability and security issues in 6G applicationsDynamic spectrum-sharing, AI and blockchain integration for secure 6G applications and protocol development for real-time response in 6G networks in IoT systems
References[72,122,123,135]
Table 8. Key challenges and solutions in risk management.
Table 8. Key challenges and solutions in risk management.
ChallengeRelated ChallengesKey ThreatsSolutions
Lack of standardisation in risk management approachIdentifying threats and managing vulnerabilities, ensuring resilience in compliance with data protection standardsBalancing security constraints and devices;
Performing real-time updates;
Complying with GDPR and IoT-specific regulations while maintaining system functionality		Creating risk assessment models;
Threat modelling;
Using ML for real-time risk assessment;
Compliance-oriented frameworks;
IOTA-SRM framework for risk management;
Lightweight dynamic risk assessment using scenario-based simulations;
Adaptive edge security framework;
Regulatory approaches such as the Cyber Resilience Act;
References[145,146,147,148,149,150,151,152]
Table 9. Challenges of learning methods implementation in real-world systems.
Table 9. Challenges of learning methods implementation in real-world systems.
Learning MethodChallenges
Transfer LearningNeed of closely related source and target domains;
Model performance degradation if knowledge from source is conflicting or not relevant to target domain;
Could inherit vulnerabilities from source domain;
Improper adjustment may lead to loss of generalization capabilities;
Adjusting the target involves high computational and memory costs;
Selecting the right source model not to waste computational resources.
Incremental LearningNot suitable for systems with large amount of data because of possibility of forgetting issues when new data is included;
Could involve accidental model drift degrading model performance;
Unexpected domain changes lead to instability;
Used in resource constrained environments conducts to suboptimal updates.
Deep LearningVulnerable to adversarial attacks, causing prediction alteration;
Difficulties with distribution shift between training and real-world data;
Need of large amount of labeled training data;
Failures on edge cases;
Training involves substantial computational resources.
Federated LearningLearning based on non-IID devices generated data leads to poor generalization;
Model poisoning caused by an infected device;
Adversarial attacks targeting local or global data;
Data synchronization issues because of different speed of the connected devices;
Computational limitations lead to incorrect model updates.
Table 10. Discussion section key points summarized.
Table 10. Discussion section key points summarized.
Focus pointSummaryNumber of Articles
Most Addressed CategoriesThe most studied areas are Emergent Technologies, Attack Detection, and Securing Identity Management, highlighting their significance in IoT security. Risk Management is the least explored51 (Emergent Technologies),
26 (Attack Detection),
28 (Identity Management),
8 (Risk Management)
Emergent Technologies AdoptionWidely used for attack detection, anomaly detection, and secure identity management. ML, Blockchain, and AI are the most discussed51
Challenges of Emergent TechnologiesVulnerabilities and resource constraints inherent to IoT devices, training artificial intelligence and machine learning models requires substantial computational resources, and regulatory issues and ethical dilemmas arise-
Identity ProtectionFocuses on preventing unauthorized access and credential theft through multi-factor authentication, access controls, and blockchain-based identity management. Future directions suggest biometric authentication with AI for enhanced security28
Attack DetectionHighlights the need for real-time monitoring, fast response times, and adaptability to evolving threats. ML-based approaches improve accuracy but face issues with concept drift, false alarms, and resource limitations.26
Secure Communication and NetworkingProtocols tailored for 5G and 6G networks, along with AI integration, are proposed to enhance data flow reliability
Addresses challenges from diverse connected devices and spectrum allocation, proposing solutions like grouping devices by capacity and coverage, dynamic spectrum sharing, and IoT security standards		20
Data SecurityEncryption, backup strategies, and compliance with data protection regulations are emphasized to prevent breaches. Post-quantum cryptography is identified as a growing area of concern.12
Risk ManagementBuilding robust cybersecurity methodologies for IoT systems, incorporating ML and AI for dynamic rule adaptation and identification of latent risks
Emphasizes the need for standardization, proposing compliance-oriented frameworks, threat modelling techniques, and risk assessment models		8
Regulatory FrameworkHighlights the need for global standards to govern IoT security. Future efforts should focus on AI governance, blockchain compliance, and adaptive regulations to keep up with evolving threats.-
Table 11. Future research directions in IoT security.
Table 11. Future research directions in IoT security.
CategoryFuture Directions
Attack detectionDevelop AI and ML-based techniques to improve real-time anomaly detection and threat prediction
Securing smart home systems with weak credentials
Data management and protectionIntegrating blockchain and privacy-preserving techniques
Securing identity managementDecentralized identity solutions and advanced authentication mechanisms
Communication and NetworkingQuantum-resistant cryptography
Interference mitigation strategies in dynamic spectrum sharing
Emergent technologiesOptimise resource management using AI and ML
Risk managementInvestigate secure fallback strategies
International standards and regulatory framework development
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Sebestyen, H.; Popescu, D.E.; Zmaranda, R.D. A Literature Review on Security in the Internet of Things: Identifying and Analysing Critical Categories. Computers 2025, 14, 61. https://doi.org/10.3390/computers14020061

AMA Style

Sebestyen H, Popescu DE, Zmaranda RD. A Literature Review on Security in the Internet of Things: Identifying and Analysing Critical Categories. Computers. 2025; 14(2):61. https://doi.org/10.3390/computers14020061

Chicago/Turabian Style

Sebestyen, Hannelore, Daniela Elena Popescu, and Rodica Doina Zmaranda. 2025. "A Literature Review on Security in the Internet of Things: Identifying and Analysing Critical Categories" Computers 14, no. 2: 61. https://doi.org/10.3390/computers14020061

APA Style

Sebestyen, H., Popescu, D. E., & Zmaranda, R. D. (2025). A Literature Review on Security in the Internet of Things: Identifying and Analysing Critical Categories. Computers, 14(2), 61. https://doi.org/10.3390/computers14020061

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop