Next Article in Journal
Structural Optimisation of a Suspension Control Arm Using a Bi-Evolutionary Bone Remodelling Inspired Algorithm and the Radial Point Interpolation Method
Previous Article in Journal
A Comparative Science-Based Viability Assessment Among Current and Emerging Hydrogen Production Technologies
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 15
Issue 2
10.3390/app15020499
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Defense and Security Mechanisms in the Internet of Things: A Review

by
Sabina Szymoniak
1,*,†,
Jacek Piątkowski
1,† and
Mirosław Kurkowski
2,‡
1
Department of Computer Science, Czestochowa University of Technology, 42-201 Częstochowa, Poland
2
Institute of Computer Science, Cardinal St. Wyszynski University, 01-815 Warsaw, Poland
*
Author to whom correspondence should be addressed.
These authors contributed equally to this work.
Prof. Kurkowski contributed significantly to this work. We dedicate this article to his memory.
Appl. Sci. 2025, 15(2), 499; https://doi.org/10.3390/app15020499
Submission received: 5 December 2024 / Revised: 3 January 2025 / Accepted: 5 January 2025 / Published: 7 January 2025
(This article belongs to the Section Electrical, Electronics and Communications Engineering)
Browse Figures
Versions Notes

Abstract

:
The Internet of Things (IoT) transforms traditional technology by introducing smart devices into almost every field, enabling real-time monitoring and automation. Despite the obvious benefits, the rapid deployment of IoT presents numerous security challenges, including vulnerabilities in network attacks and communication protocol weaknesses. While several surveys have addressed these aspects, there remains a lack of understanding of integrating all potential defense mechanisms, such as intrusion detection systems (IDSs), anomaly detection frameworks, and authentication protocols, into a comprehensive security framework. To overcome this, the following survey aims to critically review existing security mechanisms in IoT environments and significantly fill these gaps. In particular, this paper reviews state-of-the-art approaches for intrusion detection, key agreement protocols, and anomaly detection systems, pointing out their advantages and disadvantages and identifying the gaps in each field requiring more research. We identify innovative strategies by systematically analysing existing approaches and propose a roadmap for enhancing IoT security. This work contributes to the field by offering a fresh perspective on defense mechanisms and delivering actionable insights for researchers and practitioners securing IoT ecosystems.

1. Introduction

Smart devices have become a part of our daily life. Some examples include intelligent light bulbs, motion sensors, cameras, and vacuum cleaners in smart home devices. This is because, through them, we can manage and control the various aspects of our homes in real time from a remote location. Smart devices can also improve efficiency and quality of life in smart cities (for example, intelligent street lighting, traffic, or waste management systems). In industry, intelligent devices help monitor and optimise production processes and automate production lines. Health care (such as heart rhythm control), agriculture (such as soil moisture monitoring), the transport sector, sports, and security can also utilise these devices. Smart devices can function independently or receive remote control and monitoring. These devices can also perform specific actions without human intervention [1,2,3,4].
The Internet of Things (IoT) denotes a worldwide network of interconnecting devices capable of collecting data from the environment, analysing the aggregated information, and reacting accordingly based on autonomous or human-directed commands. Through vast arrays of sensors and actuators amalgamated into one coordinated system, IoT technologies will continue to drive innovation in how we interact with appliances, vehicles, infrastructure, and more. IoT integrates the physical world with the Internet, creating more effective, intelligent, and innovative solutions. This connection to the network enables everyday objects, industrial machines, and the entire urban infrastructure to become more intelligent and unlock additional possibilities. IoT creates a coherent system that enhances the capabilities of participating entities and introduces network intelligence to facilitate decision-making and easy data exchange [5,6].
The use of smart devices has its advantages and disadvantages. First, these devices can be designed to perceive their working environment, gather information, and carry out particular tasks depending on particular circumstances [7,8]. For instance, in the context of intelligent vehicles, we can enhance the protection of road users (pedestrians, cyclists, drivers) through the monitoring of their well-being as well as the vehicle itself [9,10].
Conversely, using smart devices may engender issues related to technology or security. Establishing networks that connect such devices frequently necessitates the development of an infrastructure that integrates several technologies. Issues emerge with device interoperability, restricted processing and storage capacities, or Internet connectivity [7]. These challenges may pertain to communication security, users, and data. Communication between IoT devices can be facilitated by employing a wireless network that serves users operating within a specific building, utilising a local wireless network with Internet connectivity, or establishing Internet connections that enable each device to access the Internet. Network administrators must guarantee communication security between devices and users and the integrity of sent and processed data in each specified solution [11].
Threats to internet access include hacking of users, devices, data, and complete computer systems and networks. Many protective countermeasures are also possible in IoT to prevent cyber-attacks [12,13]. We can categorise several forms of attacks. For example, in a sensor node/IoT device-based capture attack, the attacker gains control over the device to control the network. He then separately withdraws the node from the network and replaces it as a malicious node [14,15,16]. In an impersonation attack, the attacker abuses the identities of different network entities, including a user, a server, and an IoT device [17,18]. In a guessing assault, the assailant attempts to deduce the user’s password or other authentication credentials [19]. In a significant compromise impersonation attack [20], the adversary leverages the client’s certificate on its device to become the client.
We can approach defense and security mechanisms in IoT environments from two perspectives. The first perspective is connected with the primary goal of these mechanisms, which is to protect against network attacks (defense mechanisms). Some more significant tools incorporate these methods, such as the Intrusion Detection System (IDS) or Intrusion Prevention System (IPS). IDS and IPS are high-end security measures to prevent different kinds of threats. An IDS is a device that analyses the network traffic and searches for any abnormal behaviour that could indicate an attack. The IDS system notifies administrators about the incident when it detects a potential threat. However, it does not take any automatic action to stop the attack. IPS, on the other hand, works similarly to IDS. Still, in addition to detecting threats, it can also take steps to block them, such as blocking network packets, resetting connections, or deactivating infected user accounts. IPS offers preventive measures and reactions at the moment. This is very important in preventing threats from becoming bigger [21,22,23].
From the second perspective point of view, we can also look at different techniques that can be used to safeguard users, devices, data, or even networks, referred to as security mechanisms. In this category of security mechanisms, communication security protocols implement various cryptographic methods such as encryption, anonymisation, or hashing for the messages to be exchanged. Thus, they are considered the primary security mechanism in IoT systems [24,25,26].

1.1. Motivations and Contributions

Technology is a part of our life. We utilise a range of sophisticated technologies that primarily enhance our daily lives while facilitating the transfer of substantial volumes of data. Frequently, the transmitted communications include confidential information about users’ devices. Thus, data protection is an essential part of intelligent systems’ functioning. Users require the endorsement of safety while using technical facilities, thereby ensuring the protection of human life in the real and virtual world.
Malicious users in IoT environments expose several stages of the communication process to security vulnerabilities. For instance, these users attempt to intercept data and subsequently exploit it. As IoT technology moves forward, so do the methods used to attack it. We must keep reviewing and updating our defense and security measures regularly. Appropriately chosen methods will undoubtedly enhance the security level of connected devices. Thus, this review provides an overview of existing defense and security mechanisms in IoT environments, including Intrusion Detection Systems and Intrusion Prevention Systems and security protocols ensuring data security.
How defense and security systems work in IoT can give readers insight into the latest theory and real-world application developments. In this section, we will shed light on the security problems and weak points IoT devices face when they are part of these networks. We will also discuss the security levels of IDSs, IPSs, and security protocols used in IoTs. We will also focus on the challenges and needs of the newly developed defense mechanisms.
The main points of this article are as follows:
  • This paper provides a detailed analysis of the current state of defense and security of the IoT, focusing on protocols and systems such as IDSs, IPSs, and secure communication protocols.
  • This paper also outlines the vulnerabilities of the IoT communication mechanisms and the risks of data interception and misuse by adversaries. It highlights the stages where such vulnerabilities are most likely to occur.
  • This paper also seeks to explain how cyber-attacks have advanced with the advancement in technology in the area of IoT. Therefore, there is a need to develop and look at the security measures in light of the current technology.
  • This paper analyses the efficiency of IDS, IPS, and security protocols to understand the efforts made towards enhancing data protection and the IoT system.
  • This article aims at discussing the challenges that would be encountered when implementing security in IoT. The article addresses the practical challenges and requirements for implementing modern defense systems, considering the limitations and prerequisites of recently developed IoT security solutions.
  • The article provides a balanced perspective for academic researchers and practitioners in the field by bridging the gap between theoretical insights and practical applications of IoT security.
  • The article emphasises the need for regular updates on defense mechanisms and points out future research opportunities, encouraging ongoing advancements in IoT security.
This research paper presents a deep and thorough survey of IoT security and defensive mechanisms by providing an integrated taxonomy of how security protocols integrate with anomaly detection systems. In contrast to all earlier reviews, this library-focused work gives pertinent detail about the functionality of such mechanisms in real-world IoT scenarios, including strengths and weaknesses.
This study innovatively contributes a detailed analysis of interdependencies among various attacks and defense approaches. This topic has not been previously covered in reviews. Another aspect of this paper is the emerging concerns in IoT security, like scalability, energy efficiency, and privacy, with possible actionable solutions, such as lightweight protocols and AI-based anomaly detection.

1.2. Methodology

The requirements of systematic literature reviews motivated us to establish a systematic review of the security mechanisms in IoT. First, we identified relevant keywords and phrases, such as “IoT security”, “authentication protocols”, “anomaly detection”, and “cyber-attacks”, to search across various academic databases (mainly Google Scholar, DBLP, IEEE Xplore). Inclusion criteria target articles published in the last decade, emphasising peer-reviewed papers and high-impact journals.
To this end, we adopted a snowball sampling technique, studying the citations and references in the selected articles to complement our dataset. We thoroughly read all the publications to understand the proposed mechanisms, their application in IoT scenarios, and their performance under various conditions. This approach helped us collect the best contributions to IoT security and defense while reducing duplication.
The review was carried out at four levels: (1) identification of relevant literature, (2) a preliminary screening of title and abstract texts, (3) a detailed evaluation of entire texts, and (4) synthesis of findings into thematic categories. By building a solid scientific framework piece by piece, readers from various fields can comprehend recent trends and challenges on the Internet of Things, just as they would in their research areas.

1.3. Organization

Apart from Section 1, this article consists of six sections. Some examples of authoring practices over the past few years will be provided in Section 2, where we will critically evaluate the retrieved literature’s strengths and weaknesses. Section 3 provides a somewhat detailed and comprehensive analysis of the essential ways and methods concerning the security of IoT systems, such as the basic theory of this technology protection, the principles of cryptography, the most common cyber-attacks on IoT-based networks, and the counterparties employed for event processing and detection of anomaly data. Section 4 overviews a suite of security mechanisms for IoT systems, focusing on authentication and key agreement protocols. We also provide an in-depth analysis of the defense schemes, which are tailor-designed for the IoT, highlighting their strengths and weaknesses. Section 5 overviews existing defense mechanisms dedicated to IoT environment IDSs, anomaly and cyber-attack detection systems, and malware detection systems). In Section 6, the synthesis of our findings presents a comprehensive examination and framework for future study in IoT security. Lastly, Section 7 summarises this manuscript, including conclusions from the analyses carried out and plans for the future.

2. Literature Survey

The latest scientific articles connected with IoT security consider these issues differently. Table 1 summarises the latest reviews in this scope, including their contributions, advantages, and limitations.
For example, the existing reviews such as [34,35,37] review topics related to IoT security such as network vulnerabilities, intrusion detection systems, and data security concerns. Although the prior research offers important findings, it often focusses on specific mechanisms or types of attacks. On the other hand, our survey organises these mechanisms under one umbrella, which links cryptographic protocols, IDSs, and anomaly detection techniques to applications for IoT. We also map protocol to attack and protocol to dataset, making our results more relevant to the IoT environment.
The reviews above are informative; nonetheless, they emphasise specific themes of IoT security, networks, or technologies like blockchain or machine learning. On the other hand, the current survey aims to integrate these mechanisms into a common framework and connect cryptographic protocols, IDSs, and anomaly detection systems. In addition, this study focuses on real-world applicability and provides a systematic mapping of protocols, attacks, and datasets for improving real-world IoT systems. This, therefore, provides a proper perspective on how theoretical knowledge can be applied to address the practical challenges of IoT security; however, there is a need to consider the dynamic nature of threats.

3. Materials and Methods

This part of the paper focuses on analysing the security procedures in IoT systems and the significant role of cryptography and the blockchain in protecting such systems. Since Internet of Things devices have already or will eventually be part of people’s daily lives, addressing the security issue of these devices and data is crucial. This section deals with the theoretical side of IoT security, which will guide us to those cryptographical means whereby the communication in IoT networks is protected, including encryption, hash functions, and digital signatures. One efficient method to manage data is using blockchain technology, which can improve IoT security and become reliable in monitoring data integrity and decentralisation. In addition, we examine the hacks that have been made against IoT devices and the ways through which these threats can be identified and prevented. These basic concepts are crucial in developing and implementing secure IoT systems in various areas, including healthcare and industrial automation.
IoT applications are diverse and can be found in various sectors such as healthcare, home, industry, and agriculture. The following subsections illustrate that each domain has security risks that require developing specific secure platforms and protocols. The information presented in Table 2 includes a list of platforms used in the IoT environments that can be used to integrate security and defense mechanisms.
The Internet of Things is a concept in which physical devices are connected to the Internet, allowing them to collect, exchange, and analyse data. These devices can communicate with each other, other systems, or the user. In IoT, devices often have built-in sensors and software that allow them to process data. IoT applications cover a wide spectrum. Some typical applications are smart homes, where devices such as refrigerators, thermostats, or light bulbs can be controlled using mobile applications or health monitoring systems that automatically send data to a doctor [44,45,46]. The diversity of these applications is presented as a word cloud in Figure 1, highlighting the scale and varied impact of IoT technologies.
This paper considers that the aspect of communication in IoT is significant because of the interconnectedness of devices. It consists of several protocols and technologies depending on the application type and the requirements. The security of communication in IoT environments is achieved through the implementation of various cryptographic protocols as outlined in [1].

3.1. Encryption and Cryptographic Mechanisms

Cryptography is the process of developing mechanisms and techniques that help in enhancing the level of security of communication as well as data integrity [47,48,49]. Among the cryptographic mechanisms, we can indicate the following:
  • Encryption (symmetric or asymmetric) [48,50,51,52]—processing plain text using mathematical techniques into a secret text that can only be read by those who know the appropriate key (for example, AES [53], RSA [54]).
  • Hash functions [55,56]—a function that assigns a short value of fixed size to an arbitrarily large number (for example, SHA-256 [57], bcrypt [58]).
  • Digital signature algorithms—generating digital signatures that ensure the integrity and authentication of the sender (for example, Elliptic Curve Digital Signature Algorithm [59]).
Each of these techniques is widely used during communication via security protocols. A security protocol is simply a recipe that defines a sequence of steps that must be followed to conduct secure communication. It has a set of rules defining how devices in a computer network should communicate securely. There are a few main reasons for adopting security protocols. First, the data are encrypted thanks to protocols, i.e., converted into an unreadable code only authorised people can read. Second, protocols allow us to ensure that we communicate with the right person or device and not with an imposter. And finally, thanks to protocols, we can be sure that the transmitted data have not been changed during its journey through the network. This translates into the objectives that security protocols achieve: they can involve one side or mutual authentication among the parties engaged in communication. Maintaining the confidentiality of transmitted information is crucial; however, it also ensures the data’s integrity. Additionally, distributing the session key is essential for secure interactions. Although these elements are distinct, they collectively contribute to a robust security framework because they address various aspects of data protection. Security protocols can accomplish one or more goals, depending on what they were designed for. Security protocols designed for IoT systems also accomplish other tasks because they are usually dedicated to specific applications of the systems [1,60]. The security protocols achieve these goals using such cryptographic methods as blockchain [61], chaotic maps [62], visual cryptography [63], Physically Unclonable Functions (PUFs) [64], fuzzy extraction technology [65], hash functions and bitwise XOR operations, Elliptic Curve Cryptography (ECC) [66,67], Computational Diffie–Hellman [68], and the Schnorr signature protocol [69].
Once the necessity for security in IoT systems is addressed, the next step is to include the CIA triad into such systems: confidentiality, integrity, and availability. This piece aims to guide the formulation of security policy. Confidentiality prevents unauthorised access to sensitive information. Integrity ensures that data are accurate, complete, and not altered in an unauthorised manner. Availability ensures that data are readily available to the authorised users [70]. Also, the security protocols may achieve the following security features:
  • Mutual authentication—both parties to a communication, such as a client and a server, mutually confirm their identity to prevent fraud.
  • Message or data integrity—verifying that data or communications remain unaltered or untampered during transmission.
  • Anonymity—protecting the identities of communication participants so that their actions or data are not linked to their real identities.
  • Untraceability—makes it impossible to link actions or messages to a specific user, even after interception.
  • Authenticity—confirming that the sender of a message or data is authentic and comes from a trusted source.
  • Perfect forward secrecy—mechanism that ensures that even if a session key is compromised, previous sessions cannot be decrypted.
  • Session key establishment—the process of securely establishing a unique encryption key for each communication session between two parties.
There are various ways through which we can ensure that security protocols are effectively tested and are in line with the security goals that have been put forward for them by using both formal and informal methods and automated tools. For the formal method, we can employ the Random Oracle Model (ROM) [71], BAN (Burrows, Abadi, Needham) logic [72], or the Real-or-Random (ROR) model [73]. As for the automated tools, we can employ Scyther, AVISPA, or ProVerif tools [74].

3.2. Blockchain Technology

Another robust and secure technology is blockchain technology. This is a type of distributed ledger technology where data are shared in a network of computers. It assures the correctness of data using safe methods like hashing and digital signatures. A block contains a group of transactions, a timestamp, and a secure link to the last block in a tamper-proof blockchain. Thus, having a central authority in this arrangement is not essential. Because of this, the arrangement makes things clear and builds trust between the parties involved [75,76].
Some of the major characteristics of this technology are the following [77]:
  • Decentralisation entails the use of many inter-connected computers or nodes in a network instead of a centralised server or a single administration in the decision-making process and data storage.
  • Immutability of the data that are placed in the blockchain since it cannot be changed once added.
  • Transparency where the transactions are visible to the blockchain participants, either public or private network, depending the on cryptographic process and the security type where the data are secured with the help of public and private keys for ensuring privacy, integrity, and authentication.
  • Consensus mechanisms enable the nodes to agree on the state of the blockchain.
Security technology also has many advantages. A blockchain provides the data mentioned above with integrity, which manifests itself in the immutability of records and prevents unauthorised changes. The second advantage of the technology is decentralised security. In these solutions, no central server reduces vulnerability to attacks from a single point. We provide increased privacy thanks to cryptographic methods and access with permissions (in private blockchains). In turn, transparent and verifiable records allow for easy audits, and smart contracts allow for the automatic execution of contracts, reducing the risk of fraud. As a result, blockchain technology can be used to secure identity verification systems to prevent identity theft and secure supply chains because immutable ledgers ensure the authenticity and traceability of goods, protect data, prevent fraud, and secure voting systems [78,79].

3.3. Cyber-Attacks on IoT Environments

As mentioned, communication is a crucial element of IoT environments. It is exposed to various cyber-attacks during which data may be compromised, intercepted, or manipulated. We summarise typical cyber-attacks upon IoT environments in Table 3.

3.4. Malicious Software

A critical group of cyber threats consists of malicious software. Malware denotes software designed to harm or damage users, computer systems, or networks. Cybercriminals may use malware to steal data, hijack devices, eavesdrop on users, disrupt systems, and demand ransoms [92,93,94]. We can highlight the following malware types:
  • A virus is a computer program that replicates itself by infecting other computer programs or files. A virus typically gets triggered when a user executes an infected file.
  • A worm, which is similar to a virus but can propagate without any user intervention (typically across a network).
  • A trojan, which is malicious software that masquerades as legitimate applications or files to possess the user’s trust and net possess access to the system.
  • Ransomware, which is software that encrypts data on the victim’s device and demands a ransom to unlock it.
  • Spyware, which is a program that collects data about the user without their knowledge, such as login details, browsing history, or keystrokes.
  • Adware, which is software that displays unwanted advertisements, often in an aggressive and difficult-to-remove manner.
  • Rootkit, which is a tool that allows to hide the presence of other malware or an attacker, often allowing to gain administrator privileges.
  • Keylogger, which is a tool that registers all keystrokes, which allows to steal passwords, credit card numbers, etc.
  • Botnets are networks of devices (so-called zombies) taken over by malware, used to carry out DoS attacks, send spam, or mine cryptocurrencies.
Malware gets onto devices via email attachments (for example, fake invoices, photos, documents), infected websites (drive-by downloads), software downloaded from unreliable sources, exploiting system or application security holes or fake software updates. Protection against such software involves eliminating known security holes, using antivirus programs, preventing unauthorised access to the network, avoiding suspicious sites, links, and attachments, and, above all, educating users, as awareness of threats and the ability to recognise fraud attempts may prove to be an essential security and defense mechanism [92,93,94].

3.5. Anomaly and Cyber-Attack Detection

Anomaly and cyber-attack detection identifies abnormal behaviour and computer system and network threats. It employs various methods for watching, assessing, and handling threats, and some of the most important tools include Intrusion Detection Systems and Intrusion Prevention Systems. For instance, in corporate networks and systems, IDSs and IPSs can oversee the internal and external traffic and thus prevent DDoS attacks, intrusions, and unauthorised access. In addition, IDSs and IPSs can identify threats relevant to Cyber-Physical Systems and crucial industrial processes in smart systems [95,96].
Anomaly detection aims to recognise activity different from that of regular behaviour that could indicate an attack is in progress. Anomalies can be detected when there are variations from the standard practices that have attempted to set, or gain access to, unusual restricted user areas actions, or sharply increase the in-use network of traffic, machine learning models. These models are usually trained on historical data to determine “normal” behaviour and detect deviations from that pattern. Anomaly detection uses the following typical artificial intelligence (AI) methods: Gradient Boosting (GB) [97], Decision Tree (DT) [98], Long Short-Term Memory (LSTM) [99], Convolutional Neural Networks (CNNs) [100], Random Forest (RF) [101], K Nearest Neighbour (KNN) [102], and Support Vector Machines (SVMs) [103].
IPSs are similar to IDSs but are an active solution that detects and prevents threats. IPS stands for Intrusion Prevention System, and it works by monitoring and analysing traffic and taking automatic actions in case of threat detection, for instance, blocking packets, resetting connections, or even isolating the user [23,104,105]. The main characteristics of IPSs are the following:
  • Network-based IDS—observes network traffic to detect irregularities such as DDoS attacks, port scanning, intrusion attempts, etc. [106].
  • Host-based IDS—observes operating system-level activities, such as unauthorised changes to system files, illegal access to resources, and configuration manipulation [107].
IPSs work similarly to IDSs but are an active system that detects and prevents potential threats. An IPS monitors and analyses traffic and responds automatically to detected threats, for example, blocking packets, resetting connections, or isolating the user [23,108]. Key IPS features include the following:
  • Detection and blocking—IPS analyses data packets in real time and can immediately block traffic it identifies as malicious.
  • Responding to attacks on the fly—IPSs can modify or block suspicious traffic before it reaches potential targets.
There are differences in how IDSs and IPSs approach threat detection, for example, anomaly detection, where things that are out of the ordinary are identified and signature detection, where threats are matched against known attack patterns. It is also important to note that both systems now incorporate machine learning into their design to process large amounts of data and identify new threats. Identifying anomalies and cyber-attacks through IDSs and IPSs is crucial in protecting modern networks and systems. IDS/IPS, integrated with anomaly detection and machine learning, offer efficient cyber threat identification and prevention before they occur, effectively enhancing security [109].
This section presents the key cryptographic theoretical protocols concepts that govern the security of communications IoT between environments. The topics discussed include symmetric-key encryption, asymmetric-key encryption, hashing functions, and digital signatures. These cryptographic techniques ensure the security of data integrity, confidentiality, and authenticity. Security protocols are also emphasised in pursuing the above goals, and the details of the secure data exchange between devices are given. The section further explores blockchain technology in terms of decentralised security and immutability, which makes it key in trust maintenance in IoT.
Furthermore, we listed typical phenomena that can threaten IoT environments, such as malware, DoS attacks, and data breach attacks. Finally, anomaly detection and IDSs/IPSs were introduced to monitor and prevent these threats. Combined with sophisticated advances in machine learning, these remedies will be implemented in IoT networks to withstand emerging security challenges. Cryptographic protocols, blockchain technology, and other advanced detection systems are the building blocks for a secure IoT architecture.

4. Security Mechanisms in IoT Environments

This section will overview the authentication and key agreement protocols suitable for IoT scenarios. In this paper, these protocols are classified into three categories. The first category of protocols performs the authentication procedures. The protocols in the second category perform both the authentication and key agreement procedures. The protocols in the third category only perform the key agreement procedures.

4.1. Authentication Protocols for IoT Environments

In [110], Tanveer et al. presented a mutual authentication protocol for crowdsourcing IoT [111] with session key establishment. Their work incorporated the use of chaotic maps and authenticated encryption in communications. They stated that the protocol is secure due to ROM validation and an informal security analysis. They also used the Scyther tool to ensure the security of the proposed protocol. The investigations above established that the proposed protocol offers security services such as information and message integrity, anonymity, and untraceability. Also, this protocol is secure against replay, man-in-the-middle (MITM), impersonation, and Temporary Parameter Leakage attacks.
In the work by Stodt et al. published in [112], the authors proposed a cross-domain authentication protocol for the interaction between the blockchain-based infrastructure and the industrial IoT centralised networks. They applied the blockchain method in the safe and reliable verification process. Additionally, to ensure the security and privacy of the communication channels, they used an end-to-end encrypted communication architecture with the TLS (Transport Layer Security) protocol [113]. This approach ensures that the data exchange between the authenticated nodes is not interfered with or altered in transit. The authors have demonstrated the application of the suggested protocol in the factory IoT environment and increased security while maintaining efficiency.
Ehuil et al. in [114] focussed on solutions based on the IoT cloud. They proposed a secure mutual authentication mechanism based on visual cryptography for encrypting and decrypting sensitive images. This type of authentication involves two secure photos and tickets. The user requires a ticket from the authentication server to gain permission to use the cloud services. Three shared secret keys are used in the authentication process to encrypt and decrypt the authentication information. The system was also analysed through BAN logic, and the authors established that the system was secure with data integrity, secrecy, and authenticity properties.
In the paper by Li et al. published in [115], the authors proposed a PUF-based end-to-end anonymous authentication protocol. This protocol provides strong anonymity and the ability for the two parties to authenticate each other directly and simultaneously with the help of a third party. The authors proved their solution using the random oracle model and informal analysis. They checked its features and proved that the proposed protocol provides perfect forward secrecy and is invulnerable to physical and modelling attacks [116].
Ali et al. in [117] proposed an enhanced three-factor remote user authentication protocol. They applied passwords, smart cards, and biometrics to authenticate the users. The authors of this protocol evaluated it using BAN logic and the AVISPA tool. The research demonstrates that the presented protocol is immune to password-guessing attacks, identity-guessing attacks, user impersonation attacks, gateway node impersonation attacks, sensor node impersonation attacks, smart card stolen attacks, replay attacks, insider attacks, user untraceability attacks, sensor node capture attacks, and session key temporary information attacks. Also, it satisfies the mutual authentication property, the proper session key establishment, and the correct password change phase.
In the study by Fatima et al. published in [118], the authors suggested the blockchain and PUFs to implement an authentication protocol as an extension of Wang’s protocol [119]. The research was focused on medical IoT and aimed at providing a secure and efficient authentication mechanism for these devices. This protocol incorporates distributed and immutable ledgers, PUFs for device authentication, anomaly detection with AI, and data transmission through the IoT. The authors verified this protocol using the AVISPA tool and Random Oracle Model. The research confirmed that this protocol provides user anonymity, protection against password-guessing attacks, and resistance to impersonation of essential entities.
An authentication protocol is proposed by Li et al. in [120] for secure authentication in industrial IoT. The protocol affords mutual authentication of application servers with users while keeping the users anonymous using asymmetric and symmetric encryption. The authors also used BAN logic and the Scyther tool to provide protocol security proofs. Furthermore, they conducted simulations proving that protocols surpassed existing alternatives regarding computational costs, communication costs, and all total authentication costs.

4.2. Authentication and Key Agreement Protocols for IoT Environments

Rao et al. in [121] provided a deep learning-powered authentication and key agreement protocol dedicated to IoT and LTE systems. This protocol employs a Deep Residual Network-based dynamic shared secret key creation method. The authors confirmed that the proposed protocol ensures privacy protection, avoids signalling congestion issues, and protects from redirection, MITM, replay, and DoS attacks. Using deep learning techniques may improve the detection rates of attacks and decrease the time it takes to respond to them. Nevertheless, satellite-based systems may encounter scalability and resource availability limitations, which could result in substantial additional costs.
Zhao et al. proposed in [15] a protocol for user authentication and key agreement in multi-gateway environments. This protocol relied on fuzzy extraction technology for biometric verification. Through formal and informal analysis, the authors showed that their protocol is secure against theft of smart cards, internal impersonation, resilience against sensor capture, and MITM or temporary secret leakage attacks.
In the study by Ali et al. [122], the authors proposed an anonymous authentication and key agreement mechanism to minimise the delay in sending IoT data. The proposed scheme involved the use of hash functions and bitwise XOR operations. The protocol ensures that there is always strong mutual authentication between the IoT devices and the fog servers without needing a registration authority. It also establishes secure session keys created from unique random numbers without the involvement of the registration authority. The authors validated their solution and affirmed its resilience against MITM, replay, key exposure, known session key, IoT device impersonation, fog server impersonation, IoT device physical capture, fog server physical capture, IoT device traceability, unknown key-share, and privileged insider attacks.
Raza et al. [123] proposed a new authentication and key agreement protocol for smart home applications in the context of software-defined IoT. The protocol has registration, authentication, and key selection phases. The authors used a Software-Defined Network controller to encrypt low-power IoT devices. The security of the proposed protocol was validated with the AVISPA tool. Their system withstands replay, impersonation, modification, man-in-the-middle, and traceability assaults. Furthermore, it guarantees non-traceability, user anonymity, clock synchronisation, and absolute secrecy. Additionally, they simulated the protocol’s operations to evaluate running time, computational complexity, and energy consumption compared to alternative methods.
In [124] by Tomar et al., the focus was placed on the security of IoT devices in smart hospitals, digital health, and automated pathology laboratories. They proposed a mutual authentication and key agreement protocol to establish a shared and secured channel for authenticated devices, thus ensuring that only the authorised devices can access the channel. The suggested architecture includes the Hyperledger Fabric blockchain and fog servers as blockchain peers. This protocol comprises four phases: Initial System Setup, Blockchain Initialization, Device Registration, and Mutual Authentication and Key Exchange. The authors proved the effectiveness of their protocol with the help of formal and informal security and performance analyses, which were conducted on Hyperledger Fabric and with the usage of cryptographic libraries. Their confirmation affirmed the protocol’s ability to counter impersonation, man-in-the-middle, replay, and device capture threats. Also, they ensured that the proposed protocol meets the following security requirements: anonymity, untraceability, and session key agreement.
Wu et al. indicated in their article [125] that an enhanced authentication and key agreement mechanism has been devised for healthcare applications. Their protocol addressed the primary deficiencies in this category of communication systems while also fulfilling the criteria for secure dissemination of medical information and user confidentiality. The authors validate the security of this protocol via the ROR model, informal security analysis, and the AVISPA tool. The outcome indicates that the proposed protocol is among the established protocols suitable for healthcare IoT contexts, ensuring adequate security.
Abdussami et al. in [126] observed that the proliferation of wireless communication in IoT devices demands safe and efficient communication protocols, particularly in situations susceptible to cyber-attacks. Due to inadequate security, which requires strong authentication and key exchange mechanisms capable of withstanding attacks while ensuring minimal computational overhead in current protocols, they proposed a fog-enabled network architecture incorporating IoT devices and developed the DEAC-IoT protocol. This protocol employs ECC for secure authentication and key exchange. The protocol safeguards device-to-device communication against security risks in resource-limited IoT contexts. The authors proposed that their protocol accommodates both the static and dynamic behaviours of IoT devices and fog nodes. To ensure the protocol is secure, the authors used a tool called Scyther and checked it with the ROR model. The protocol has been proven to be difficult for most traditional cyber threats in the IoT environment.
In the study by Rani et al. published in [61], the authors proposed a blockchain-enabled solution for authentication and key establishment to enable the sharing of health information among the hospitals that are part of a network. This protocol employs an ECC-based authentication mechanism, storing all data on the blockchain and generating a secret key for safe communication among patients, hospital servers, and IoT devices. The authors employed a Hyperledger Fabric platform [127] for the installation of blockchain technology to guarantee security and transparency. They emphasised the efficiency of data transport by removing superfluous computations in the registration and authentication processes. The authors conducted formal and informal analyses of the proposed protocol utilising the ROR model and the Scyther tool.
Kumari et al. in [128] presented a protocol for authentication and key agreement that enables smart meters and neighbourhood gateways to authenticate one another and generate a shared session key. The proposed approach uses ECC, a lightweight cryptographic hash function, and the Schnorr signature mechanism. The Schnorr signature protocol ensures that privacy, untraceability, and user anonymity are well maintained. The proposed protocol has been tested using the ROM model and the AVISPA tool against adversary models such as Dolev–Yao [129] and Canetti–Krawczyk [130]. The authors used performance analysis to validate the protocol’s communication, computing, and storage cost efficiency.
Modarres et al. in [131] introduced a novel lightweight protocol utilising PUF for mutual robust authentication and key agreement across entities in medical IoT networks. It uses the XOR technique, a one-way hash function, and a Physical Unclonable Function (PUF). The proposed protocol is secure against physical attacks like impersonation, man-in-the-middle, insider, Known Session Key, and Known Session-Specific Temporary Information attacks as described in [132]. Also, it outperforms other existing systems in terms of security and efficiency. The authors have also established that the proposed protocol is computationally efficient and has used only essential cryptographic functions.

4.3. Key Agreement Protocols for IoT Environments

Ghani et al. in [133] introduced a key agreement protocol to enhance communication security in Decentralized Edge Computing Networks. This protocol uses the Computational Diffie–Hellman. The authors used the ROM model and ProVerif tool to analyse this protocol’s security. The protocol resists stolen verifier, impersonation, replay, DoS and eavesdropping attacks. They determined that their solution suits low-power and resource-constrained IoT environments.
Bahache et al. in [134] presented a novel cloud-based quantum secure framework with a key agreement protocol. This solution was dedicated to medical IoT environments. The authors built their framework on the Kyber post-quantum cryptosystem [135,136]. The authors verified their protocol using the AVISPA tool and informal analysis. These analyses confirmed that this protocol resists MITM, replay, impersonation, and node capture attacks. Also, it meets the following security features: anonymity, untraceability, data confidentiality, authentication, and session key agreement.
Goswami et al. in [137] proposed key agreement protocol for IoT environments based on Hyper Elliptic Curve Cryptography [138,139] and Chinese Remainder Theorem [140] built on four co-prime integers. This protocol allows multiple shared keys between devices, facilitating a subset construction with more excellent device support and full connectivity till depth four. The authentication mechanism treats device identities as secret information during the exchange, eliminating the selective device attack. The proposed solution is secure against various attacks, mainly reply attacks, impersonation attacks, user anonymity, and non-repudiation. The authors verified these features using the ROR model and informal analysis.

5. Defense Mechanisms in IoT Environments

This section will overview existing defense mechanisms dedicated to IoT environments. We divided these mechanisms into three groups. In the first group, we included the proposed IDSs. In the second group, we collected anomaly and cyber-attack detection systems. In the last group, we included malware detection systems.

5.1. Intrusion Detection Sysetems

Douibae et al. in [141] developed techniques like an IDS using machine learning and deep learning algorithms. They proposed using gradient boosting and a decision tree to develop an optimised intrusion detection approach for IoT security that was evaluated on enhanced datasets and with GPU. The proposed approach has been found to have accuracy, recall, precision, and F1-score of more than 99.9% improvements over the existing IDSs.
Aldhyani et al. in [142] concentrated on detecting Distributed Denial of Service attacks. The authors constructed some network intrusion detection systems that used long short-term memory and convolutional neural networks. To implement their DDoS attack detection proposal, they employed the CIC-DDoS2019 dataset and set their precision at 100%. They tested their approach on the CIC-DDoS2019 dataset.
Altulaihan et al. in [143] pointed out that cyber-attacks rise in IoT settings, mainly because of the nature of IoT devices that can auto-calibrate and are therefore vulnerable to internal and external threats. Thus, the authors proposed an IDS defense mechanism using anomaly detection and machine learning techniques to improve the security of an IoT network. The solution employs four supervised classifier algorithms: DT, RF, KNN, and SVM. The authors used the IoTID20 dataset to train the model. The authors obtained the best results with DT and RF classifiers when trained with GA-selected features.

5.2. Anomaly and Cyber-Attack Detection Systems

Xie et al. in [144] introduced an anomaly detection model to tackle the difficulties of identifying anomalies in multivariate time series data inside an IoT context. The proposed model utilises multi-scale discrete wavelet decomposition and a dual graph attention network to extract feature correlations and temporal dependencies. The authors integrated a gated recurrent unit with a multi-head self-attention network to produce prediction and reconstruction outcomes. This solution diminishes the parameter count and enhances the accuracy of anomaly detection.
Bhatia et al. in [145] proposed a methodology for anomaly detection to categorise normal and abnormal usage patterns in an Intrusion Detection System for an Internet of Things environment. The proposed research strategy for the study entails using a hybrid feature selection where a combination of filter-based methods and a wrapper approach is used, coupled with bagging as the final classification technique. The solution received 99.8% accuracy during the testing.
Alangari et al. in [146] presented an Advanced Hybridized Optimization Technique to deal with cyber-attacks. This method incorporated unsupervised machine learning in the MANET-IoT sensor system. The suggested model incorporates the Genetic Algorithm and Firefly Algorithm to choose secure and best paths for routing while detecting black hole attacks through routing responses. The proposed approach attained 98% accuracy during the evaluations.
Le et al. in [147] suggested a Variance Profile Exploitation method for anomaly detection. This approach employed discrete wavelet transform and k-means clustering. It is initiated with an expedited training phase and perpetually refined by incorporating new data segments. The overlapping data collection during the detection phase reveals correlations between successive data segments, enhancing detection accuracy. The authors utilised the Intel Berkeley Research Lab dataset, which had artificially introduced anomalies, for numerical experimentation. They attained 97% accuracy in the assessments. The authors also state that because the proposed approach has low computing complexity and can detect anomalies in real time with the help of the developed technique, it is suitable for real-time systems that work with big data.
Alsalman et al. in [148] bring together different machine learning models such as Random Forest, K-Nearest Neighbors, Support Vector Machine, and Multi-Layer Perceptron to enhance anomaly detection performance. The results indicate that the proposed method outperforms the conventional machine learning models, including SVM, KNN, and RF, in terms of accuracy, precision, recall, and F1-score for both datasets. The authors also stated that their approach can be helpful in security, health, and other areas that require anomaly detection.
Munoz et al. in [149] suggested a machine learning approach for anomaly detection in IoT scenarios. The model is designed to provide general detection capabilities where wrong packets are filtered out from inspected data in the ingestion order pipeline to identify abnormalities. The packets suggested in the model also allow for the identification of possible failures of the infrastructure as well as some irregularities in the sensors. Also, the authors noted some issues with the proposed solution, including the fact that it requires a lot of data, and the algorithm has to be trained again for every new configuration.
Souri et al. in [150] proposed a cloud-based architecture for cyber-attack detection using the Ensemble Bagged Trees Detection method. This technology identifies the dangerous behaviours and cyber-attack categories for the hyper-automation processes in the IoT environment. The architecture uses a priority-based feature selection and extraction approach to identify the best features derived from network traffic, computation time, malicious activities, and attack types. The experimental results show that the suggested architecture is superior to similar solutions and predictive models and, thus, can be effectively applied to complex cyber-attack detection systems for the critical hyper-automation processes in IoT environments.
Ehmer et al. in [151] designed a shallow neural network with only 110 artificial neurons with the ReLU activation function to identify the most representative attacks on a communication network. They also developed an enhanced attack-sharing loss function to deal with the data imbalance problem. The proposed method could identify the network attacks with the F1 score of 99% or more for different attacks available in the modern intrusion detection system datasets, mainly focusing on IoT device connectivity. The proposed particular loss function can decrease the false negative detection and thus increase the overall detection rate.

5.3. Malware Detection Systems

Yang et al. in [152] focused on how IoT malware data and detection mechanisms enhance the security posture of devices. The researchers proposed a Term Frequency–Inverse Document Frequency (TF-IDF) methodology to translate categorical properties into a numeric classification, thereby avoiding data reduction and minimising information storage space. The authors concluded that their method is by far better than direct encoding or the most common patterns that follow one-hot encoding; thus, the danger of information being lost is reduced, as there is no exposure to the shedding of features, and it can still limit the data dimensions to an acceptable range. Also, they suggested that this method can be used with N-grams [153] to produce more valuable patterns. The method achieved accuracy rates of 95.22%, 96.23%, 98.77%, and 99.56% on various datasets.
Liu et al. in [154] presented a method for identifying Android malware based on sensitive function call graphs (FCGs) and Graph Neural Networks (GNNs) [155]. They constructed sensitive FCGs, retrieved semantic properties for functional nodes, and subsequently embedded them into feature vectors via a GNN. A graph pruning technique safeguards sensitive API calls and diminishes the number of nodes in extensive FCGs. Additionally, they developed two models utilising the word2vec methodology [156], enhanced by API2vec [157] and opcode2vec [158] techniques to preserve graph semantics and facilitate expedited model convergence. A subsequent chapter introduces the FCG-based paradigm, highlighting the need to represent various nodes and demonstrating that specific APIs can be recognised as high-impact nodes. The proposed method achieved a 98% F1-score for malware binary classification and a 96% F1-score for malware family classification.
In their research [159], Thakur et al. suggested a method that finds a way to approach hybrids that utilise CNNs, LSTM, and Principal Component Analysis (PCA) for a problem such as malware detection. CNNs are used to capture the structure of the malware data, LSTM is used to model the time-dependent and sequential realisation patterns, and PCA is employed for the projection of data on a reduced number of subspaces. Applying the proposed hybrid approach enables the mission to combat participation in the public malware dataset with high model performance measures. Finally, the authors further state that it substantially decreases the time and resources needed for manual analysis and enhances such systems’ security.
Sun et al. in [160] introduced the concept of Temporal–Incremental Malware Learning (TIML), a new approach for dealing with the evolving nature of malware distributions and detecting new threats promptly with low overhead. The authors developed a large-scale Android malware dataset for the TIML framework that will benefit future research. They applied four CIL algorithms to the TIML problem and found that all the approaches can classify malware families efficiently with restricted resources. Also, they suggested a new multimodal TIML approach that enhances classification performance by incorporating different types of malware data. Both were deposited in an open repository for academics to make the dataset and source code available for further research and promote development in this field.

5.4. Summary

Considering the techniques and methods used for security mechanisms in IoT environments, we can indicate the following advantages and disadvantages.
  • Advantages:
    High protection effectiveness thanks to encryption (e.g., ECC, TLS) and multi-factor authentication.
    The use of blockchain technology ensures non-repudiation and data transparency.
    Lightweight protocols are optimised for devices with limited resources.
  • Disadvantages:
    High computational complexity for some protocols (for example, blockchain in low-power IoT systems).
    Lack of scalability in some protocols, especially in environments with many devices.
    Dependence on specific formal analysis tools, such as AVISPA or Scyther, limits solutions’ universality.
A similar list can be drawn in the context of defense mechanisms dedicated to IoT solutions:
  • Advantages:
    IDS and AI-based anomaly detection systems achieve high precision in detecting threats.
    System optimisations, such as feature selection and hybrid learning, improve detection efficiency.
    Machine learning-based protection mechanisms are flexible to new types of attacks.
  • Disadvantages:
    High demand for data for training AI models can be problematic in real time.
    Many false alarms in IDS can reduce the system’s operational efficiency.
    Hybrid mechanisms (e.g., TIML) can be challenging to implement in resource-constrained environments.

6. Discussion

This manuscript focuses on two security aspects of IoT environments: security protocols and anomaly and cyber-attack detection tools. Regarding security protocols, we concentrated on realising authentication and key agreement goals. The protocols may aim to achieve one or both goals throughout their functioning. The reviewed protocols use cryptographic algorithms to accomplish their objectives and communicate securely. The susceptibility of these protocols to attacks and the provision of crucial security features have been confirmed using a variety of instruments and techniques.
We provide a summary of the updated protocols’ goals in Table 4. According to the analyses performed, we have identified three categories of protocols. This illustrates the necessity of developing protocols primarily for user authentication. Since the reconciliation and agreement of session keys are crucial components of communication, creating and implementing this protocol is likewise crucial to communication security.
Table 5 summarises the protocols discussed regarding their uses and interoperability. We highlighted IoT solutions such as medicine and healthcare, edge or cloud computing, crowdsourcing, and smart homes. We assigned other protocols as cross-domain because they may be used in different resolutions.
In Table 6, we indicate what attacks the discussed security protocols are resistant to. The authors of the indicated papers provided formal and informal security proofs and highlighted the attacks to which their protocol is resistant. The indication + signifies that the authors have demonstrated the resilience of their proposed protocol against attacks. The indication - means that the protocol has not been verified to be vulnerable to attacks. We highlighted the fourteen most common attacks—the less common attacks we included in the Otherscolumn. By SKTI, we assigned a Session Key Temporary Information attack, and by KSK, we assigned a Known Session Key attack.
We observed that replay, MITM, and impersonation attacks are IoT environments’ most frequently verified threats. They were tested in almost all papers. In IoT environments, the effects of these three attacks can be hazardous because IoT devices often control critical systems and have fewer security resources. These attacks can lead to physical failures, endangering user safety, data theft, and compromising entire IoT systems, seriously affecting critical applications (for example, healthcare and industry).
Replay attacks can lead to repeating old, already executed commands (for example, commands to open doors, turn on/off a device, change temperature), which can cause undesirable and dangerous actions. In monitoring systems, the attacker can send old sensor data, misleading operators or decision algorithms. In the case of MITM attacks, confidential information sent between IoT devices, such as health monitoring data (for example, medical devices), vehicle location data, or data from monitoring cameras, can be intercepted. The attacker can also modify data sent to a device, for example, controlling critical operations (such as door locks, alarm systems, and water pumps), leading to dangerous failures. In addition, the attacker can manipulate data, gaining administrative access to IoT devices, which allows for controlling the operation of the devices. In impersonation assaults, the assailant can seize control of the system. By impersonating a trusted device or user, the attacker can penetrate the entire IoT network and subsequently gain control of systems such as heating, building automation, or smart locks. The attacker can also introduce their device into the IoT network, impersonating a legitimate one to track network traffic or send false data.
Table 7 gives a rundown of the security features in the protocols we looked at. We have compiled a list of features and marked whether each protocol has that feature (shown as +). The - sign means the authors did not submit any information about that feature. The analysis showed that anonymity and secrecy are the most desirable security properties for security protocols in IoT environments.
Both features in the IoT context are crucial in protecting privacy, data security, and user trust. Anonymity protects personal data and prevents the tracking of a user’s identity. This is especially important for devices monitoring users’ daily activities (for example, smartwatches and smart speakers). This helps maintain user anonymity and complicates the efforts of companies and third parties to build detailed behavioural profiles based on data collected from IoT devices. Furthermore, anonymity makes it more difficult for cybercriminals to target specific individuals, as linking device activity to a particular user becomes challenging. Confidentiality ensures that the data collected by IoT devices is safeguarded against unauthorised access, thereby minimising the risk of leaking sensitive information. Additionally, data transmission between IoT devices is secured against interception, which lowers the chances of MITM attacks. Moreover, ensuring data confidentiality increases users’ trust in IoT devices and service providers, which is crucial for adopting the technology and increasing its popularity.
All authors of the examined studies conducted performance evaluations of their regimens. They compared their proposals with similar communication, processing, and energy consumption options. According to their findings, the suggested techniques outperform similar solutions in every study.
The authentication process is a vital part of communication in IoT environments. It involves verifying the identities of the parties engaged in the communication. During this process, we can use one or more factors; the more factors we incorporate, the more secure the authentication becomes. Relying solely on passwords can be a weak and vulnerable security measure, as attackers can intercept, guess, or crack them. This is why biometrics is often considered a better option, as it helps prevent spoofing or impersonation attacks.
The session keys (in securing communication) are essential for IoT security. Timestamped and protected with one-time session keys, messages guard against replay and man-in-the-middle attacks. This strategy enables the system to determine whether a legitimate network node produced the processed message and assesses if an attacker has intercepted and resent it. However, this improves the audience’s understanding of this vital security mechanism because it highlights the complexity of maintaining secure communications. Although the technical aspects may seem daunting, grasping these concepts is necessary for effective security measures in the IoT landscape.
Besides security considerations, the scalability of IoT protocols is a crucial factor. IoT devices have limited processing power. Therefore, the protocol’s energy must not be depleted by computations on other devices while it is operating. To ensure this, lightweight cryptographic algorithms are highly recommended to create authentication or key agreement protocols. These algorithms provide a suitable level of data security without straining system resources, thereby reassuring the audience about these protocols’ efficiency and resource management.
The future challenges of the security mechanisms dedicated to the IoT environments include enhancing scalability and optimising energy consumption, privacy enhancements, resilience against various attacks, and validation (via formal and informal methods). Scalability depends on the cryptographic techniques and hardware parameters used. So, future research should focus on cloud environments, their optimisation, and methods for lightweight data processing in such infrastructures, including blockchain consensus algorithms. Low-power communication protocols (supported by low-computational-overhead encryption techniques) can enhance the energy efficiency of communication in IoT environments. Consequently, sophisticated cryptographic techniques can improve privacy. The examined defense mechanisms guarantee robustness against diverse attackers.
Considering the need for experimental verification of the analysed protocols, we conducted security and simulation performance tests of these protocols. We used the ProVerif tool for security tests, which did not find any attack on the discussed protocols. In the case of performance tests, we simulated the execution of the entire protocol. Each proposed protocol has been designed distinctively, featuring varying phases and stages, diverse cryptographic algorithms, and different sent objects. We simulated these protocols utilising a methodology that will incorporate the capability of calculating execution times for alternative cryptographic techniques, including elliptic curve cryptography and blockchain technology. We considered the simulation environment with the following technical parameters of IoT devices: RAM: 16 GB, CPU Cores: 8. Figure 2 presents obtained performance results. Protocols such as [61,121] with short execution times are optimal for applications requiring low latency, such as real-time IoT. Solutions with longer execution times, such as [131,137], may be better suited for environments where higher security is a priority at the expense of performance.
In the case of the reviewed anomaly and cyber-attack detection tools, in Table 8 we prepared a summary that contains the realised defense method, used AI techniques, dedicated environments, and used datasets and key results or findings. These considerations allow us to emphasise employing various AI methods for anomaly and cyber-attack detection. IDSs and IPSs play complementary roles in security systems. IDSs focus on monitoring network traffic and identifying suspicious events or anomalies, which allows analysts to respond quickly. On the other hand, IPSs actively block potential threats to minimise the risk of attacks in real time. It is worth emphasising that these systems should work together to provide comprehensive protection. IDSs and IPSs increasingly use advanced anomaly detection techniques like machine learning and behavioural analysis. Although these approaches increase the effectiveness of detecting new or unknown threats, they can generate false alarms, one of the main challenges in their practical implementation. IDSs offer a more reactive approach, enabling analysis and incident response after detection. IPSs, on the other hand, introduce an element of proactive protection, but their operation may introduce an additional risk of blocking legitimate traffic (so-called false positives).
Also, in Figure 3, we summarise the accuracy and precision of the proposed defense methods confirmed by the authors. Here, we assigned only solutions where such values are indicated. The authors of other papers did not highlight received accuracy. It is worth mentioning that the proposed methods achieve high accuracy in anomaly and cyber-attack detection.
Due to the limited amount of information available regarding the effectiveness (accuracy) of the methods considered for detecting attacks and anomalies in IoT environments, we decided to conduct experimental studies. These studies aimed to verify the effectiveness of selected defense mechanisms based on various datasets commonly used in the literature, such as CIC-DDoS2019 or IoTID20. The experiments focused on methods based on algorithms widely used in attack detection in IoT environments. The choice of algorithms such as Random Forest (RF), Long Short-Term Memory (LSTM), Support Vector Machines (SVMs), or Graph Neural Networks (GNNs) was derived from how frequently they appear in the scientific literature, the effectiveness reported in existing studies, and the potential for their application in various IoT contexts.
In particular, RF and LSTM were included based on their ability to work with big datasets and efficiently perform classification tasks. GNNs have been selected because they can work on graph-structured data and are promising in detecting more complex attack patterns. As a classical model, SVM is a reference point and allows for comparing results with more modern approaches. It is key for assessing essential parameters such as precision, sensitivity, F1-score, and false alarm rate for their use in large-scale analysis.
The findings from the conducted studies are shown in Table 9, which contrasts the obtained results with those reported in the reviewed literature. The analysis of these results indicates that the selected methods, such as using Random Forest and LSTM algorithms in IDSs, show higher effectiveness than classical methods, such as SVM. For example, RF-based models obtained the highest F1-score value on the IoTID20 set, which indicates their high ability to balance precision and sensitivity. In turn, the methods using GNN algorithms achieved lower values for some metrics, which suggests the need for further optimisation in the context of IoT. These studies emphasise that selecting the appropriate model should depend on the data’s specificity and the system’s requirements, which creates room for further experiments and improvements.
Furthermore, detecting anomalies in large systems, such as IoT, requires scalable algorithms to process enormous volumes of real-time data. With increasing devices and data, systems must maintain high performance and low latency. Cybercriminals are constantly developing new attack techniques, leading to new patterns and types of anomalies. Detection algorithms must be flexible enough to recognise new attacks (zero-day) and adapt to changing threats. The main challenge is to find a balance between minimising the number of false alarms and high-threat detection. False positives may result in reduced operational efficiency and increased incident management costs. Such systems also have to deal with the issue of available resources. Resource-constrained systems, like IoT devices, often have limited computing capabilities. Therefore, detection methods must be energy-efficient, lightweight, and resource-optimised models. Internal attacks also hold significant importance. Typically, traditional IDSs and IPSs concentrate on detecting external attacks. Detecting anomalies related to internal threats (for example, employee actions) is problematic because this activity can resemble typical behaviour. IoT networks and distributed systems experience various anomalies, from attacks to unexpected system failures. Detecting all anomalies with a single technique is challenging because each type requires specific characteristics and data processing techniques.
Detecting anomalies in large systems like IoT systems requires scalable algorithms for real-time data. As devices and data grow, systems must maintain high performance and low latency. Detection algorithms must be flexible to recognise new attacks and adapt to changing threats. Balancing false alarms with high-threat detection is crucial, as false positives can reduce operational efficiency and incident management costs. Detecting internal threats is also challenging due to specific characteristics and data processing techniques.
We also decided to present a detailed comparison of different security solutions for IoT environments, focusing on their applications, advantages, and limitations. This comparison is presented in Table 10. Each solution offers unique benefits in different IoT contexts but has limitations. Introducing such solutions requires understanding the trade-offs between computational requirements, implementation costs, and attack resistance. The presented comparison highlights the need for further research into solutions that can be more universal, scalable, and adapted to the constraints of IoT environments.

Research Limitations and Future Directions

While thoroughly observing defense and security in networks of connected devices, this research has several limitations. For starters, the rapid advancement of IoT technology and its security models makes it practically impossible to keep up with the unfolding events, a task that may not be achievable. Despite our efforts to include the most relevant and up-to-date research, this review may not cover emerging mechanisms. In this work, we reviewed the relevant methods from a theoretical perspective. Most surveyed methods do not consider practical implementation challenges regarding IoT devices’ scalability, computational overheads, and constrained energy resources. Therefore, this indicates a gap in the studies conducted, and further investigations should analyse the practical deployment of these mechanisms in realistic IoT scenarios.
Another significant limitation is the lack of thorough benchmarking regarding the IDS and anomaly detection frameworks considered. Typically, there is a lack of standard datasets or uniform metrics for comparing various approaches and drawing definitive conclusions about the relative merit of the competing methods. This work finally concentrates on the defense mechanisms, not extensively considering interdisciplinary factors, such as user behaviour, organisation policy, or economic factors that may influence IoT security.
Also, we can highlight here some directions for future work:
  • Future research should emphasise real-world testing of IDSs and anomaly detection frameworks, addressing false positives, adaptability, and long-term performance in dynamic IoT environments.
  • The development of consistent evaluation standards and publicly available datasets for the mechanisms in IoT security will help ensure fairness in innovation comparisons.
  • When designing low-power smart devices, creating power-efficient and computationally easy-to-perform security schemes is essential.

7. Conclusions

This manuscript comprehensively surveys security and defense mechanisms proposed for IoT environments. We focused on key agreement and authentication protocols (security mechanisms) and anomaly and cyber-attack detection methods (defense mechanisms). Our examination of the theoretical dimensions of IoT ecosystems, security and defense strategies, and potential cyber-attacks that may affect the security of these environments provides valuable insights and enhances the understanding of IoT security.
This review is distinctive by approaching the security mechanisms of IoT from a two-legged stance—the security protocols and security systems. It systematically compares authentication and key agreement protocols, highlighting their crucial role in securing communication in IoT, unlike similar works. Furthermore, the paper demonstrates the complementary nature of intrusion detection and prevention systems while stressing the need to integrate newer AI techniques for better anomaly detection.
This review is not like other reviews because apart from compiling previous works, it has also found some gaps in research that needed further investigation, such as energy-efficient designs and adaptable algorithms for combating persistent threats. Such leads are the pillars of possible future work, such as lightweight cryptographic protocols or scalable methods powered by AI against specific, localised attack scenarios.
Regarding the security mechanisms represented by security protocols, we highlighted the crucial role of authentication and key agreement processes during the communication between smart devices. The first process ensures the parties’ identities, and the second process improves the messages’ encryption. In reviewing anomaly and cyber-attack detection methods, we highlighted that we can use various AI techniques. The systems, like IDSs and IPSs, play complementary roles in security. They focus on monitoring network traffic and identifying suspicious events.
Furthermore, we emphasised the obstacles that security and defense systems must confront. Future security problems for IoT environments encompass enhancing scalability, optimising energy efficiency, augmenting privacy, and assuring resistance against cyber-attacks. We may address these concerns by optimising cloud infrastructure, blockchain consensus mechanisms, lightweight data processing algorithms, and sophisticated cryptographic protocols.
Detecting anomalies in large systems like IoT requires scalable algorithms for real-time data processing. As devices and data grow, systems must maintain high performance and low latency. Detection algorithms must be flexible to recognise new attacks and adapt to changing threats. Balancing false alarms with high-threat detection is crucial, as false positives can reduce operational efficiency and incident management costs. Energy-efficient and resource-optimised detection methods are essential in resource-constrained systems. Detecting internal threats is also challenging due to specific characteristics and data processing techniques.
Based on remarks from this review, our future research will focus on creating new security methods, such as lightweight, energy-efficient, and scalable security protocols. We will remember that IoT devices have limited resources, which makes implementing cryptographic algorithms too demanding. These limitations are connected to limited computing power, memory, or battery. Also, we will focus on testing AI methods in the case of less-known or niche attacks, which can have hazardous consequences for users and their data or devices.

Author Contributions

Conceptualization, S.S.; methodology, S.S. and J.P.; validation, S.S., J.P. and M.K.; investigation, S.S., J.P. and M.K.; data curation, S.S., J.P. and M.K.; writing—original draft preparation, S.S., J.P. and M.K.; writing—review and editing, S.S., J.P. and M.K.; visualization, S.S.; supervision, S.S.; project administration, S.S. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

Not applicable.

Acknowledgments

The authors would like to express their deep gratitude to Mirosław Kurkowski, whose invaluable contributions made this work possible. Mirosław Kurkowski sadly passed away during the preparation of this manuscript, and we dedicate this work to their memory.

Conflicts of Interest

The authors declare no conflicts of interest.

Abbreviations

The following abbreviations are used in this manuscript:
6LoWPANIPv6 over Low-Power Wireless Personal Area Network
AIArtificial Intelligence
BAN logicBurrows, Abadi, Needham logic
CILContinuous Incremental Learning
CNNConvolutional Neural Network
DTDecision Tree
ECCElliptic Curve Cryptography
(D)DoS(Distributed)Denial of Service
FCGFunction Call Graph
GBGradient Boosting
GNNGraph Neural Network
GTGenetic Algorithm
IoTInternet of Things
IDSIntrusion Detection System
IPSIntrusion Prevention System
KNNK Nearest Neighbour
LSTMLong Short-Term Memory
MITMMan in the Middle
PUFPhysically Unclonable Functions
PCAPrincipal Component Analysis
RFRandom Forest
ROMRandom Oracle Model
RORReal-or-Random Model
SVMSupport Vector Machine
TF-IDFTerm Frequency–Inverse Document Frequency
TIMLTemporal–Incremental Malware Learning
TLSTransport Layer Security

References

  1. Szymoniak, S. Key Distribution and Authentication Protocols in Wireless Sensor Networks: A Survey. ACM Comput. Surv. 2024, 56, 1–31. [Google Scholar] [CrossRef]
  2. Szymoniak, S. Security protocol for securing notifications about dangerous events in the agglomeration. Pervasive Mob. Comput. 2024, 105, 101977. [Google Scholar] [CrossRef]
  3. Zangaraki, S.; Mirabi, M.; Erfani, S.H.; Sahafi, A. SecShield: An IoT access control framework with edge caching using software defined network. Peer-to-Peer Netw. Appl. 2025, 18, 1–17. [Google Scholar] [CrossRef]
  4. Sun, P.; Shen, S.; Wan, Y.; Wu, Z.; Fang, Z.; Gao, X.z. A survey of iot privacy security: Architecture, technology, challenges, and trends. IEEE Internet Things J. 2024, 11, 34567–34591. [Google Scholar] [CrossRef]
  5. Khan, S.; Karthiga, I.; Palav, M.R.; Poorani, S.; Tejasri, V.; Maaliw III, R.R.; Shahul, A. IoE-Based Systems for Real-Time Health Data Analytics. In Role of Internet of Everything (IOE), VLSI Architecture, and AI in Real-Time Systems; IGI Global Scientific Publishing: Hershey, PA, USA, 2025; pp. 371–386. [Google Scholar]
  6. Mu, X.; Antwi-Afari, M.F. The applications of Internet of Things (IoT) in industrial management: A science mapping review. Int. J. Prod. Res. 2024, 62, 1928–1952. [Google Scholar] [CrossRef]
  7. Bahari, N.; Azmi, N.I.M.N.; Nasrudin, M.W.; Yob, R.C.; Ramli, N.H.; Lago, H. IoT Based Earthquake Detection System. J. Adv. Res. Appl. Sci. Eng. Technol. 2025, 51, 160–170. [Google Scholar] [CrossRef]
  8. Has, M.; Kreković, D.; Kušek, M.; Podnar Žarko, I. Efficient Data Management in Agricultural IoT: Compression, Security, and MQTT Protocol Analysis. Sensors 2024, 24, 3517. [Google Scholar] [CrossRef]
  9. Sahu, B.L.; Chandrakar, P. Blockchain-oriented secure communication and smart parking model for internet of electric vehicles in smart cities. Peer-to-Peer Netw. Appl. 2025, 18, 1–17. [Google Scholar] [CrossRef]
  10. Górski, T.; Stecz, W. A Method for Modeling and Testing Near-Real-Time System Scenarios. Appl. Sci. 2024, 14, 2023. [Google Scholar] [CrossRef]
  11. Rekeraho, A.; Cotfas, D.T.; Cotfas, P.A.; Bălan, T.C.; Tuyishime, E.; Acheampong, R. Cybersecurity challenges in IoT-based smart renewable energy. Int. J. Inf. Secur. 2024, 23, 101–117. [Google Scholar] [CrossRef]
  12. Alfatemi, A.; Rahouti, M.; Hsu, D.F.; Schweikert, C.; Ghani, N.; Solyman, A.; Assaqty, M.I.S. Identifying Distributed Denial of Service Attacks through Multi-Model Deep Learning Fusion and Combinatorial Analysis. J. Netw. Syst. Manag. 2025, 33, 8. [Google Scholar] [CrossRef]
  13. Im, H.; Lee, D.; Lee, S. A Novel Architecture for an Intrusion Detection System Utilizing Cross-Check Filters for In-Vehicle Networks. Sensors 2024, 24, 2807. [Google Scholar] [CrossRef] [PubMed]
  14. Abdalla*, A.S.; Tang, B.; Marojevic, V. AI at the Physical Layer for Wireless Network Security and Privacy. Artif. Intell. Future Netw. 2025, 341–380. [Google Scholar] [CrossRef]
  15. Zhao, J.; Huang, F.; Hu, H.; Liao, L.; Wang, D.; Fan, L. User security authentication protocol in multi gateway scenarios of the Internet of Things. Ad Hoc Netw. 2024, 156, 103427. [Google Scholar] [CrossRef]
  16. AlJabri, Z.; Abawajy, J.; Huda, S. MDS-Based Cloned Device Detection in IoT-Fog Network. IEEE Internet Things J. 2024, 11, 22128–22139. [Google Scholar] [CrossRef]
  17. Zhu, W.; Chen, X.; Jiang, L. A secure and efficient authentication key agreement scheme for industrial internet of things based on edge computing. Alex. Eng. J. 2024, 101, 52–61. [Google Scholar] [CrossRef]
  18. Thakur, G.; Prajapat, S.; Kumar, P.; Chen, C.M. A privacy-preserving three-factor authentication system for IoT-enabled wireless sensor networks. J. Syst. Archit. 2024, 154, 103245. [Google Scholar] [CrossRef]
  19. Liu, C.H.; Wu, Z.Y. Advanced authentication of IoT sensor network for industrial safety. Internet Things 2024, 27, 101297. [Google Scholar] [CrossRef]
  20. Manjula, H.; Chaitra, M.; Channaraju, A.; Nehashree, K.; Navya, K.; Kiran, C. Intrusion Detection System to detect impersonation attacks in IoT networks. In Proceedings of the 2024 International Conference on Intelligent and Innovative Technologies in Computing, Electrical and Electronics (IITCEE), Bangalore, India, 24–25 January 2024; pp. 1–6. [Google Scholar]
  21. Szymoniak, S.; Depta, F.; Karbowiak, Ł.; Kubanek, M. Trustworthy Artificial Intelligence Methods for Users’ Physical and Environmental Security: A Comprehensive Review. Appl. Sci. 2023, 13, 12068. [Google Scholar] [CrossRef]
  22. Reddy, D.K.K.; Nayak, J.; Behera, H.; Shanmuganathan, V.; Viriyasitavat, W.; Dhiman, G. A Systematic Literature Review on Swarm Intelligence Based Intrusion Detection System: Past, Present and Future. Arch. Comput. Methods Eng. 2024, 31, 2717–2784. [Google Scholar] [CrossRef]
  23. Prabu, K.; Sudhakar, P. A Comprehensive Survey: Exploring Current Trends and Challenges in Intrusion Detection and Prevention Systems in the Cloud Computing Paradigm. In Proceedings of the 2024 2nd International Conference on Intelligent Data Communication Technologies and Internet of Things (IDCIoT), Bengaluru, India, 4–6 January 2024; pp. 351–358. [Google Scholar]
  24. Bhattacharya, T.; Peddi, A.V.; Ponaganti, S.; Veeramalla, S.T. A survey on various security protocols of edge computing. J. Supercomput. 2025, 81, 310. [Google Scholar] [CrossRef]
  25. Shojaei, P.; Vlahu-Gjorgievska, E.; Chow, Y.W. Security and privacy of technologies in health information systems: A systematic literature review. Computers 2024, 13, 41. [Google Scholar] [CrossRef]
  26. Asaad, R.R.; Zeebaree, S.R. Enhancing Security and Privacy in Distributed Cloud Environments: A Review of Protocols and Mechanisms. Acad. J. Nawroz Univ. 2024, 13, 476–488. [Google Scholar] [CrossRef]
  27. Ashrif, F.F.; Sundararajan, E.A.; Ahmad, R.; Hasan, M.K.; Yadegaridehkordi, E. Survey on the authentication and key agreement of 6LoWPAN: Open issues and future direction. J. Netw. Comput. Appl. 2024, 221, 103759. [Google Scholar] [CrossRef]
  28. Shahidinejad, A.; Abawajy, J. An all-inclusive taxonomy and critical review of blockchain-assisted authentication and session key generation protocols for IoT. ACM Comput. Surv. 2024, 56, 1–38. [Google Scholar] [CrossRef]
  29. Hossain, M.; Kayas, G.; Hasan, R.; Skjellum, A.; Noor, S.; Islam, S.R. A Holistic Analysis of Internet of Things (IoT) Security: Principles, Practices, and New Perspectives. Future Internet 2024, 16, 40. [Google Scholar] [CrossRef]
  30. Kokila, M.; Reddy, S. Authentication, Access Control and Scalability models in Internet of Things Security-A Review. Cyber Secur. Appl. 2024, 3, 100057. [Google Scholar] [CrossRef]
  31. Magara, T.; Zhou, Y. Internet of Things (IoT) of Smart Homes: Privacy and Security. J. Electr. Comput. Eng. 2024, 2024, 7716956. [Google Scholar] [CrossRef]
  32. Sahu, S.K.; Mazumdar, K. Exploring security threats and solutions Techniques for Internet of Things (IoT): From vulnerabilities to vigilance. Front. Artif. Intell. 2024, 7, 1397480. [Google Scholar] [CrossRef]
  33. Pirbhulal, S.; Chockalingam, S.; Shukla, A.; Abie, H. IoT cybersecurity in 5G and beyond: A systematic literature review. Int. J. Inf. Secur. 2024, 23, 2827–2879. [Google Scholar] [CrossRef]
  34. Lakhani, R. Cybersecurity Threats in Internet of Things (IoT) Networks: Vulnerabilities and Defense Mechanisms. Val. Int. J. Digit. Libr. 2023, 25965–25980. [Google Scholar] [CrossRef]
  35. Santhosh Kumar, S.; Selvi, M.; Kannan, A. A Comprehensive Survey on Machine Learning-Based Intrusion Detection Systems for Secure Communication in Internet of Things. Comput. Intell. Neurosci. 2023, 2023, 8981988. [Google Scholar] [CrossRef]
  36. Vishwakarma, R.; Jain, A.K. A survey of DDoS attacking techniques and defence mechanisms in the IoT network. Telecommun. Syst. 2020, 73, 3–25. [Google Scholar] [CrossRef]
  37. Al-Otaibi, S.Z. Data Security Challenges with its Defence Strategies of Internet of Things: Critical Review Study. Commun. Math. Appl. 2022, 13, 401. [Google Scholar] [CrossRef]
  38. Dauda, A.; Flauzac, O.; Nolot, F. A Survey on IoT Application Architectures. Sensors 2024, 24, 5320. [Google Scholar] [CrossRef] [PubMed]
  39. Klein, S. IoT Solutions in Microsoft’s Azure IoT Suite; Springer: Berlin/Heidelberg, Germany, 2017. [Google Scholar]
  40. Jamil, M.N.; Schelén, O.; Monrat, A.A.; Andersson, K. Enabling Industrial Internet of Things by Leveraging Distributed Edge-to-Cloud Computing: Challenges and Opportunities. IEEE Access 2024, 12, 127294–127308. [Google Scholar] [CrossRef]
  41. Gupta, D.; Bhatt, S.; Gupta, M.; Kayode, O.; Tosun, A.S. Access control model for google cloud iot. In Proceedings of the 2020 IEEE 6th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing,(HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS), Baltimore, MD, USA, 25–27 May 2020; pp. 198–208. [Google Scholar]
  42. Kadayat, Y.; Sharma, S.; Agarwal, P.; Mohan, S. Internet-of-Things Enabled Smart Health Monitoring System Using AutoAI: A Graphical Tool of IBM Watson Studio. In Communication Technologies and Security Challenges in IoT: Present and Future; Springer: Berlin/Heidelberg, Germany, 2024; pp. 427–445. [Google Scholar]
  43. Qian, M.; Qian, C.; Xu, G.; Tian, P.; Yu, W. Smart Irrigation Systems from Cyber–Physical Perspective: State of Art and Future Directions. Future Internet 2024, 16, 234. [Google Scholar] [CrossRef]
  44. Priyadarshi, S.; Subudhi, S.; Kumar, S.; Bhardwaj, D.; Mohapatra, H. Analysis on Enhancing Urban Mobility With IoT-Integrated Parking Solutions. In Interdisciplinary Approaches to Transportation and Urban Planning; IGI Global: Hershey, PA, USA, 2025; pp. 143–172. [Google Scholar]
  45. ur Rehman, A.; Alblushi, I.G.M.; Zia, M.F.; Khalid, H.M.; Inayat, U.; Benbouzid, M.; Muyeen, S.; Hussain, G.A. A solar-powered multi-functional portable charging device (SPMFPCD) with internet-of-things (IoT)-based real-time monitoring—An innovative scheme towards energy access and management. Green Technol. Sustain. 2025, 3, 100134. [Google Scholar] [CrossRef]
  46. Wilhelm, S.; Wahl, F. Emergency Detection in Smart Homes Using Inactivity Score for Handling Uncertain Sensor Data. Sensors 2024, 24, 6583. [Google Scholar] [CrossRef] [PubMed]
  47. Mansoor, K.; Afzal, M.; Iqbal, W.; Abbas, Y. Securing the future: Exploring post-quantum cryptography for authentication and user privacy in IoT devices. Clust. Comput. 2025, 28, 93. [Google Scholar] [CrossRef]
  48. Singh, S.; Sharma, P.K.; Moon, S.Y.; Park, J.H. Advanced lightweight encryption algorithms for IoT devices: Survey, challenges and solutions. J. Ambient. Intell. Humaniz. Comput. 2024, 15, 1625–1642. [Google Scholar] [CrossRef]
  49. Sasikumar, K.; Nagarajan, S. Comprehensive Review and Analysis of Cryptography Techniques in Cloud Computing. IEEE Access 2024, 12, 52325–52351. [Google Scholar] [CrossRef]
  50. Simmons, G.J. Symmetric and Asymmetric Encryption. ACM Comput. Surv. 1979, 11, 305–330. [Google Scholar] [CrossRef]
  51. Clemente-Lopez, D.; de Jesus Rangel-Magdaleno, J.; Muñoz-Pacheco, J.M. A lightweight chaos-based encryption scheme for IoT healthcare systems. Internet Things 2024, 25, 101032. [Google Scholar] [CrossRef]
  52. Abusukhon, A.; AlZu’bi, S. New Direction of Cryptography: A Review on Text-to-Image Encryption Algorithms Based on RGB Color Value. In Proceedings of the 2020 Seventh International Conference on Software Defined Systems, SDS 2020, Paris, France, 20–23 April 2020; IEEE: New York City, NY, USA, 2020; pp. 235–239. [Google Scholar] [CrossRef]
  53. Sanchez-Avila, C.; Sanchez-Reillol, R. The Rijndael block cipher (AES proposal): A comparison with DES. In Proceedings of the IEEE 35th Annual 2001 International Carnahan Conference on Security Technology (Cat. No. 01CH37186), London, UK, 16–19 October 2001; pp. 229–234. [Google Scholar]
  54. Rivest, R.; Shamir, A.; Adleman, L. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 1978, 21, 120–126. [Google Scholar] [CrossRef]
  55. Wali, A.; Ravichandran, H.; Das, S. A 2D cryptographic hash function incorporating homomorphic encryption for secure digital signatures. Adv. Mater. 2024, 36, 2400661. [Google Scholar] [CrossRef]
  56. Sinha, M.K.; Prayesi, K.P. Hash functions and message digest. In Next Generation Mechanisms for Data Encryption; CRC Press: Boca Raton, FL, USA, 2025; pp. 47–63. [Google Scholar]
  57. Santos, C.E., Jr.; Silva, L.M.d.; Torquato, M.F.; Silva, S.N.; Fernandes, M.A. SHA-256 Hardware Proposal for IoT Devices in the Blockchain Context. Sensors 2024, 24, 3908. [Google Scholar] [CrossRef] [PubMed]
  58. Castelo, S.E.S.; Apostol IV, R.J.L.; Cortez, D.M.A.; Dioses, R.M.; Blanco, M.C.R.; Agustin, V.A. Modification of SHA-512 using Bcrypt and salt for secure email hashing. Indones. J. Electr. Eng. Comput. Sci. 2024, 33, 398–404. [Google Scholar]
  59. Zhang, H.; Liu, X.; Li, B. FPGA Implementation of Elliptic Curve Digital Signature Algorithm Based on PUFs. In Proceedings of the 2024 9th International Conference on Signal and Image Processing (ICSIP), Nanjing, China, 12–14 July 2024; pp. 520–525. [Google Scholar]
  60. Cheng, T.; Wu, Z.; Wang, C.; Shi, Q.; Zhang, X.; Xu, P. Research on vehicle-to-cloud communication based on lightweight authentication and extended quantum key distribution. IEEE Trans. Veh. Technol. 2024, 73, 12082–12095. [Google Scholar] [CrossRef]
  61. Rani, D.; Tripathi, S. Design of blockchain-based authentication and key agreement protocol for health data sharing in cooperative hospital network. J. Supercomput. 2024, 80, 2681–2717. [Google Scholar] [CrossRef]
  62. Wen, H.; Lin, Y.; Feng, Z. Cryptanalyzing a bit-level image encryption algorithm based on chaotic maps. Eng. Sci. Technol. Int. J. 2024, 51, 101634. [Google Scholar] [CrossRef]
  63. Singla, S.; Sodhi, N.S. Cryptography in practice. In Next Generation Mechanisms for Data Encryption; CRC Press: Boca Raton, FL, USA, 2025; pp. 164–183. [Google Scholar]
  64. Khan, R.; Eldeeb, H.B.; Mefgouda, B.; Alhussein, O.; Saleh, H.; Muhaidat, S. Encoder decoder-based Virtual Physically Unclonable Function for Internet of Things device authentication using split-learning. Comput. Secur. 2025, 148, 104164. [Google Scholar] [CrossRef]
  65. Fuller, B. Impossibility of efficient information-theoretic fuzzy extraction. Des. Codes Cryptogr. 2024, 92, 1983–2009. [Google Scholar] [CrossRef]
  66. Ifrim, R.; Loghin, D.; Popescu, D. A Systematic Review of Fast, Scalable, and Efficient Hardware Implementations of Elliptic Curve Cryptography for Blockchain. ACM Trans. Reconfigurable Technol. Syst. 2024, 17, 1–33. [Google Scholar] [CrossRef]
  67. Adeniyi, A.E.; Jimoh, R.G.; Awotunde, J.B. A systematic review on elliptic curve cryptography algorithm for internet of things: Categorization, application areas, and security. Comput. Electr. Eng. 2024, 118, 109330. [Google Scholar] [CrossRef]
  68. Wu, Y.; Xiong, H.; Khan, F.; Ijaz, S.; Alturki, R.; Aljohani, A. Efficient and provably secured puncturable attribute-based signature for Web 3.0. Future Gener. Comput. Syst. 2024, 164, 107568. [Google Scholar] [CrossRef]
  69. Kaur, G. Privacy implications of central bank digital currencies (CBDCs): A systematic review of literature. EDPACS 2024, 69, 87–123. [Google Scholar] [CrossRef]
  70. Szymoniak, S.; Kubanek, M. Ethics in Internet of Things security: Challenges and opportunities. Lead. Role Smart Ethics Digit. World 2024, 1, 123–133. [Google Scholar]
  71. Chu, Q.; Chen, J. Tightly Secure (H) IBE in the Random Oracle Model. Theor. Comput. Sci. 2024, 1007, 114674. [Google Scholar] [CrossRef]
  72. Burrows, M.; Abadi, M.; Needham, R.M. A logic of authentication. Proc. R. Soc. Lond. A Math. Phys. Sci. 1989, 426, 233–271. [Google Scholar]
  73. Wang, K.; Dong, J.; Xu, Y.; Ji, X.; Sha, L.; Xiao, F. READ: Resource efficient authentication scheme for digital twin edge networks. Future Gener. Comput. Syst. 2025, 163, 107498. [Google Scholar] [CrossRef]
  74. Belfaik, Y.; Lotfi, Y.; Sadqi, Y.; Safi, S. A Comparative Study of Protocols’ Security Verification Tools: Avispa, Scyther, ProVerif, and Tamarin. In Proceedings of the International Conference on Digital Technologies and Applications, Benguerir, Morocco, 2–3 February 2024; Springer: Cham, Switzerland, 2024; pp. 118–128. [Google Scholar]
  75. Soundararajan, G.; Tyagi, A.K. Blockchain technology: An introduction. In Blockchain Technology in the Automotive Industry; CRC Press: Boca Raton, FL, USA, 2025; pp. 3–36. [Google Scholar]
  76. Verma, P.; Srivastava, R.; Kumar, S. Blockchain Technology: Applications and Challenges. In Blockchain for IoT Systems; Chapman and Hall/CR: London, UK, 2025; pp. 1–12. [Google Scholar]
  77. Islam, M.S.; Rahman, M.A.; Bin Ameedeen, M.A.; Ajra, H.; Ismail, Z.B.; Zain, J.M. Blockchain-Enabled Cybersecurity Provision for Scalable Heterogeneous Network: A Comprehensive Survey. CMES-Comput. Model. Eng. Sci. 2024, 138, 43. [Google Scholar] [CrossRef]
  78. Yan, Z.; Zhao, X.; Liu, Y.; Luo, X.R. Blockchain-driven Decentralized Identity Management: An Interdisciplinary Review and Research Agenda. Inf. Manag. 2024, 61, 104026. [Google Scholar] [CrossRef]
  79. Azad, M.A.; Abdullah, S.; Arshad, J.; Lallie, H.; Ahmed, Y.H. Verify and trust: A multidimensional survey of zero-trust security in the age of IoT. Internet Things 2024, 27, 101227. [Google Scholar] [CrossRef]
  80. Madani, B.; Sadoudi, S.; Kaibou, R. Fast and efficient hardware architecture of Chebyshev polynomials algorithm for resisting to side channel attacks. J. Supercomput. 2025, 81, 252. [Google Scholar] [CrossRef]
  81. Muzammil, M.B.; Bilal, M.; Ajmal, S.; Shongwe, S.C.; Ghadi, Y.Y. Unveiling Vulnerabilities of Web Attacks Considering Man in the Middle Attack and Session Hijacking. IEEE Access 2024, 12, 6365–6375. [Google Scholar] [CrossRef]
  82. Aldosary, A.; Tanveer, M. PAAF-SHS: PUF and authenticated encryption based authentication framework for the IoT-enabled smart healthcare system. Internet Things 2024, 26, 101159. [Google Scholar] [CrossRef]
  83. Cheh, C.; Keefe, K.; Feddersen, B.; Chen, B.; Temple, W.G.; Sanders, W.H. Developing models for physical attacks in cyber-physical systems. In Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and Privacy, Dallas, TX, USA, 3 November 2017; pp. 49–55. [Google Scholar]
  84. Chae, M.; Shin, W.; Jung, S.; Yeom, J.; Jeon, D.; Kim, H. The Threat of Password Guessing Attacks Exploiting Linguistic Characteristics: A Case Study on the Korean Domains. In Proceedings of the 2024 Silicon Valley Cybersecurity Conference (SVCC), Seoul, Republic of Korea, 17–19 June 2024; pp. 1–4. [Google Scholar]
  85. Uddin, R.; Kumar, S.A.; Chamola, V. Denial of service attacks in edge computing layers: Taxonomy, vulnerabilities, threats and solutions. Ad Hoc Netw. 2024, 152, 103322. [Google Scholar] [CrossRef]
  86. Aljohani, T.; Almutairi, A. Modeling time-varying wide-scale distributed denial of service attacks on electric vehicle charging Stations. Ain Shams Eng. J. 2024, 15, 102860. [Google Scholar] [CrossRef]
  87. Manickam, M.; Devarajan, G.G. An improved three factor authentication protocol for wireless body area networks. Cyber Secur. Appl. 2025, 3, 100062. [Google Scholar] [CrossRef]
  88. Ahmed, A.A.; Hasan, M.K.; Aman, A.H.; Safie, N.; Islam, S.; Ahmed, F.R.A.; Ahmed, T.E.; Pandey, B.; Rzayeva, L. Review on hybrid deep learning models for enhancing encryption techniques against side channel attacks. IEEE Access 2024, 12, 188435–188453. [Google Scholar] [CrossRef]
  89. Merlino, V.; Allegra, D. Energy-based approach for attack detection in IoT devices: A survey. Internet Things 2024, 27, 101306. [Google Scholar] [CrossRef]
  90. Touré, A.; Imine, Y.; Semnont, A.; Delot, T.; Gallais, A. A framework for detecting zero-day exploits in network flows. Comput. Netw. 2024, 248, 110476. [Google Scholar] [CrossRef]
  91. Gelgi, M.; Guan, Y.; Arunachala, S.; Samba Siva Rao, M.; Dragoni, N. Systematic Literature Review of IoT Botnet DDOS Attacks and Evaluation of Detection Techniques. Sensors 2024, 24, 3571. [Google Scholar] [CrossRef] [PubMed]
  92. Hadi, H.J.; Cao, Y.; Li, S.; Ahmad, N.; Alshara, M.A. FCG-MFD: Benchmark function call graph-based dataset for malware family detection. J. Netw. Comput. Appl. 2025, 233, 104050. [Google Scholar] [CrossRef]
  93. Manzil, H.H.R.; Naik, S.M. Detection approaches for android malware: Taxonomy and review analysis. Expert Syst. Appl. 2024, 238, 122255. [Google Scholar] [CrossRef]
  94. Bensaoud, A.; Kalita, J.; Bensaoud, M. A survey of malware detection using deep learning. Mach. Learn. Appl. 2024, 16, 100546. [Google Scholar] [CrossRef]
  95. Liu, J.; Xie, G.; Wang, J.; Li, S.; Wang, C.; Zheng, F.; Jin, Y. Deep industrial image anomaly detection: A survey. Mach. Intell. Res. 2024, 21, 104–135. [Google Scholar] [CrossRef]
  96. Mašková, M.; Zorek, M.; Pevnỳ, T.; Šmídl, V. Deep anomaly detection on set data: Survey and comparison. Pattern Recognit. 2024, 151, 110381. [Google Scholar] [CrossRef]
  97. Esmaeili-Falak, M.; Benemaran, R.S. Ensemble extreme gradient boosting based models to predict the bearing capacity of micropile group. Appl. Ocean. Res. 2024, 151, 104149. [Google Scholar] [CrossRef]
  98. de Barros, G.L.; Silva, F.; Teixeira, R.; Wagner, J.; Rombaldi, C.; Vizzotto, M.; Ubeyitogullari, A.; Nora, L. Anthocyanin extraction methods: Synthesis of morpho-anatomical knowledge for decision-making based on decision-tree. Int. J. Food Prop. 2024, 27, 1315–1346. [Google Scholar] [CrossRef]
  99. Kratzert, F.; Gauch, M.; Klotz, D.; Nearing, G. HESS Opinions: Never train a Long Short-Term Memory (LSTM) network on a single basin. Hydrol. Earth Syst. Sci. 2024, 28, 4187–4201. [Google Scholar] [CrossRef]
  100. Chen, F.; Li, S.; Han, J.; Ren, F.; Yang, Z. Review of lightweight deep convolutional neural networks. Arch. Comput. Methods Eng. 2024, 31, 1915–1937. [Google Scholar] [CrossRef]
  101. Sun, Z.; Wang, G.; Li, P.; Wang, H.; Zhang, M.; Liang, X. An improved random forest based on the classification accuracy and correlation measurement of decision trees. Expert Syst. Appl. 2024, 237, 121549. [Google Scholar] [CrossRef]
  102. Hasan, N.; Ahmed, N.; Ali, S.M. Improving sporadic demand forecasting using a modified k-nearest neighbor framework. Eng. Appl. Artif. Intell. 2024, 129, 107633. [Google Scholar] [CrossRef]
  103. Kavitha, S.; Kaulgud, N. Quantum machine learning for support vector machine classification. Evol. Intell. 2024, 17, 819–828. [Google Scholar] [CrossRef]
  104. Shahin, M.; Maghanaki, M.; Hosseinzadeh, A.; Chen, F.F. Advancing Network Security in Industrial IoT: A Deep Dive into AI-Enabled Intrusion Detection Systems. Adv. Eng. Inform. 2024, 62, 102685. [Google Scholar] [CrossRef]
  105. Almehdhar, M.; Albaseer, A.; Khan, M.A.; Abdallah, M.; Menouar, H.; Al-Kuwari, S.; Al-Fuqaha, A. Deep learning in the fast lane: A survey on advanced intrusion detection systems for intelligent vehicle networks. IEEE Open J. Veh. Technol. 2024, 5, 869–906. [Google Scholar] [CrossRef]
  106. Chondrogiannis, E.; Karanastasis, E.; Andronikou, V.; Varvarigou, T. A Network-Based Intrusion Detection System Based on Widely Used Cybersecurity Datasets and State of the Art ML Techniques. In Proceedings of the IFIP International Conference on Artificial Intelligence Applications and Innovations, Corfu, Greece, 27–30 June 2024; Springer: Cham, Switzerland, 2024; pp. 287–300. [Google Scholar]
  107. Satilmiş, H.; Akleylek, S.; Tok, Z.Y. A Systematic Literature Review on Host-Based Intrusion Detection Systems. IEEE Access 2024, 12, 27237–27266. [Google Scholar] [CrossRef]
  108. Shalabi, K.; Al-Haija, Q.A.; Al-Fayoumi, M. A Blockchain-based Intrusion Detection/Prevention Systems in IoT Network: A Systematic Review. Procedia Comput. Sci. 2024, 236, 410–419. [Google Scholar] [CrossRef]
  109. Quadar, N.; Chehri, A.; Debaque, B.; Ahmed, I.; Jeon, G. Intrusion Detection Systems in Automotive Ethernet Networks: Challenges, Opportunities and Future Research Trends. IEEE Internet Things Mag. 2024, 7, 62–68. [Google Scholar] [CrossRef]
  110. Tanveer, M.; Bhutta, M.N.M.; Alzahrani, B.A.; Albeshri, A.; Alsubhi, K.; Chaudhry, S.A. CMAP-IoT: Chaotic map-based authentication protocol for crowdsourcing internet of things. Arab. J. Sci. Eng. 2024, 49, 3453–3466. [Google Scholar] [CrossRef]
  111. Kumar Singh, V.; Mishra, S. A truthful mechanism for time-bound tasks in IoT-based crowdsourcing with zero budget. Multimed. Tools Appl. 2024, 83, 9873–9892. [Google Scholar] [CrossRef]
  112. Stodt, F.; Reich, C. Bridge of Trust: Cross Domain Authentication for Industrial Internet of Things (IIoT) Blockchain over Transport Layer Security (TLS). Electronics 2023, 12, 2401. [Google Scholar] [CrossRef]
  113. Turner, S. Transport layer security. IEEE Internet Comput. 2014, 18, 60–63. [Google Scholar] [CrossRef]
  114. Ehuil, B.B.; Chen, C.; Wang, S.; Guo, H.; Liu, J.; Ren, J. A secure mutual authentication protocol based on visual cryptography technique for IoT-Cloud. Chin. J. Electron. 2024, 33, 43–57. [Google Scholar] [CrossRef]
  115. Li, S.; Huang, Y.; Yu, B. A practical and flexible PUF-based end-to-end anonymous authentication protocol for IoT. Comput. Netw. 2024, 247, 110426. [Google Scholar] [CrossRef]
  116. Rührmair, U.; Sölter, J. PUF modeling attacks: An introduction and overview. In Proceedings of the 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE), Dresden, Germany, 24–28 March 2014; pp. 1–6. [Google Scholar]
  117. Ali, R.; Pal, A.K.; Kumari, S.; Sangaiah, A.K.; Li, X.; Wu, F. An enhanced three factor based authentication protocol using wireless medical sensor networks for healthcare monitoring. J. Ambient. Intell. Humaniz. Comput. 2024, 15, 1165–1186. [Google Scholar] [CrossRef]
  118. Fatima, S.; Akram, M.A.; Mian, A.N.; Kumari, S.; Chen, C.M. On the Security of a Blockchain and PUF-Based Lightweight Authentication Protocol for Wireless Medical Sensor Networks. Wirel. Pers. Commun. 2024, 9, 8883–8891. [Google Scholar] [CrossRef]
  119. Wang, W.; Chen, Q.; Yin, Z.; Srivastava, G.; Gadekallu, T.R.; Alsolami, F.; Su, C. Blockchain and PUF-based lightweight authentication protocol for wireless medical sensor networks. IEEE Internet Things J. 2021, 9, 8883–8891. [Google Scholar] [CrossRef]
  120. Li, N.; Ma, M.; Wang, H. ASAP-IIOT: An Anonymous Secure Authentication Protocol for Industrial Internet of Things. Sensors 2024, 24, 1243. [Google Scholar] [CrossRef] [PubMed]
  121. Rao, A.S.V.; Roy, P.K.; Amgoth, T.; Bhattacharya, A. A deep learning-based authentication protocol for IoT-enabled LTE systems. Future Gener. Comput. Syst. 2024, 154, 451–464. [Google Scholar] [CrossRef]
  122. Ali, H.; Ahmed, I. LAAKA: Lightweight Anonymous Authentication and Key Agreement Scheme for Secure Fog-driven IoT Systems. Comput. Secur. 2024, 140, 103770. [Google Scholar] [CrossRef]
  123. Raza, A.; Khan, S.; Shrivastava, S.; Ashraf, M.W.A.; Wang, T.; Wu, K.; Wang, L. A lightweight group-based SDN-driven encryption protocol for smart home IoT devices. Comput. Netw. 2024, 250, 110537. [Google Scholar] [CrossRef]
  124. Tomar, A.; Gupta, N.; Rani, D.; Tripathi, S. Blockchain-assisted authenticated key agreement scheme for IoT-based healthcare system. Internet Things 2023, 23, 100849. [Google Scholar] [CrossRef]
  125. Wu, T.Y.; Wang, L.; Chen, C.M. Enhancing the security: A lightweight authentication and key agreement protocol for smart medical services in the ioht. Mathematics 2023, 11, 3701. [Google Scholar] [CrossRef]
  126. Abdussami, M.; Dwivedi, S.K.; Al-Shehari, T.; Saravanan, P.; Kadrie, M.; Alfakih, T.; Alsalman, H.; Amin, R. DEAC-IoT: Design of lightweight authenticated key agreement protocol for Intra and Inter-IoT device communication using ECC with FPGA implementation. Comput. Electr. Eng. 2024, 120, 109696. [Google Scholar] [CrossRef]
  127. Melo, C.; Gonçalves, G.; Silva, F.A.; Soares, A. A comprehensive hyperledger fabric performance evaluation based on resources capacity planning. Clust. Comput. 2024, 27, 12395–12410. [Google Scholar] [CrossRef]
  128. Kumari, D.; Singh, K. Lightweight secure authentication and key agreement technique for smart grid. Peer-to-Peer Netw. Appl. 2024, 17, 451–478. [Google Scholar] [CrossRef]
  129. Dolev, D.; Yao, A.C. On the Security of Public Key Protocols. In Proceedings of the 22nd Annual Symposium on Foundations of Computer Science (SFCS 1981), Washington, DC, USA, 28–30 October 1981; pp. 350–357. [Google Scholar]
  130. Patonico, S.; Braeken, A.; Steenhaut, K. Identity-based and anonymous key agreement protocol for fog computing resistant in the Canetti–Krawczyk security model. Wirel. Netw. 2023, 29, 1017–1029. [Google Scholar] [CrossRef]
  131. Modarres, A.M.A.; Anzabi-Nezhad, N.S.; Zare, M. A New PUF-Based Protocol for Mutual Authentication and Key Agreement Between Three Layers of Entities in Cloud-Based IoMT Networks. IEEE Access 2024, 12, 21807–21824. [Google Scholar] [CrossRef]
  132. Kumar, U.; Garg, M.; Chaudhary, D. Design and analysis of a post-quantum secure three party authenticated key agreement protocol based on ring learning with error for mobile device. J. Supercomput. 2025, 81, 9. [Google Scholar] [CrossRef]
  133. Ghani, A.; Jan, S.U.; Chaudhry, S.A.; Ahmad, R.; Kim, D.H. MCDH-SLKAP: Modified Computational Diffie-Hellman based Secure and Lightweight Key Agreement Protocol for Decentralized Edge Computing Networks. IEEE Access 2024, 12, 133923–133936. [Google Scholar] [CrossRef]
  134. Bahache, A.N.; Chikouche, N.; Akleylek, S. Securing Cloud-based Healthcare Applications with a Quantum-resistant Authentication and Key Agreement Framework. Internet Things 2024, 26, 101200. [Google Scholar] [CrossRef]
  135. Ghashghaei, F.R.; Ahmed, Y.; Elmrabit, N.; Yousefi, M. Enhancing the Security of Classical Communication with Post-Quantum Authenticated-Encryption Schemes for the Quantum Key Distribution. Computers 2024, 13, 163. [Google Scholar] [CrossRef]
  136. Ravi, P.; Chattopadhyay, A.; D’Anvers, J.P.; Baksi, A. Side-channel and fault-injection attacks over lattice-based post-quantum schemes (Kyber, Dilithium): Survey and new results. ACM Trans. Embed. Comput. Syst. 2024, 23, 1–54. [Google Scholar] [CrossRef]
  137. Goswami, C.; Adhikari, A.; Sahoo, S.K.; Sarkar, P. Authenticated key agreement for IoT network using HECC and CRT four co-primes. Peer-to-Peer Netw. Appl. 2024, 17, 2397–2414. [Google Scholar] [CrossRef]
  138. Yadav, A.; Sharma, P.; Gigras, Y. A Comparative Study of Elliptic curve and Hyperelliptic Curve Cryptography Methods and an Overview of Their Applications. In Proceedings of the 2024 International Conference on Intelligent Systems for Cybersecurity (ISCS), Gurugram, India, 3–4 May 2024; pp. 01–06. [Google Scholar]
  139. Routis, G.; Dagas, P.; Roussaki, I. Enhancing Privacy in the Internet of Vehicles via Hyperelliptic Curve Cryptography. Electronics 2024, 13, 730. [Google Scholar] [CrossRef]
  140. Pei, D.; Salomaa, A.; Ding, C. Chinese Remainder Theorem: Applications in Computing, Coding, Cryptography; World Scientific: Singapore, 1996. [Google Scholar]
  141. Douiba, M.; Benkirane, S.; Guezzaz, A.; Azrour, M. Anomaly detection model based on gradient boosting and decision tree for IoT environments security. J. Reliab. Intell. Environ. 2023, 9, 421–432. [Google Scholar] [CrossRef]
  142. Aldhyani, T.H.; Alkahtani, H. Cyber security for detecting distributed denial of service attacks in agriculture 4.0: Deep learning model. Mathematics 2023, 11, 233. [Google Scholar] [CrossRef]
  143. Altulaihan, E.; Almaiah, M.A.; Aljughaiman, A. Anomaly Detection IDS for Detecting DoS Attacks in IoT Networks Based on Machine Learning Algorithms. Sensors 2024, 24, 713. [Google Scholar] [CrossRef] [PubMed]
  144. Xie, S.; Li, L.; Zhu, Y. Anomaly detection for multivariate time series in IoT using discrete wavelet decomposition and dual graph attention networks. Comput. Secur. 2024, 146, 104075. [Google Scholar] [CrossRef]
  145. Bhatia, M.; Sangwan, S.R. Soft computing for anomaly detection and prediction to mitigate IoT-based real-time abuse. Pers. Ubiquitous Comput. 2024, 28, 123–133. [Google Scholar] [CrossRef]
  146. Alangari, S. An unsupervised machine learning algorithm for attack and anomaly detection in IoT Sensors. Wirel. Pers. Commun. 2024, 1–25. [Google Scholar] [CrossRef]
  147. Le, K.N.T.; Dang, T.B.; Le, D.T.; Raza, S.M.; Kim, M.; Choo, H. VEAD: Variance profile Exploitation for Anomaly Detection in real-time IoT data streaming. Internet Things 2024, 25, 100994. [Google Scholar] [CrossRef]
  148. Alsalman, D. A Comparative Study of Anomaly Detection Techniques for IoT Security using AMoT (Adaptive Machine Learning for IoT Threats). IEEE Access 2024, 12, 14719–14730. [Google Scholar] [CrossRef]
  149. Muñoz, L.A.; Martínez, J.V.B.; Pérez, F.M.; Fonseca, I.L. Anomaly detection system for data quality assurance in IoT infrastructures based on machine learning. Internet Things 2024, 25, 101095. [Google Scholar] [CrossRef]
  150. Souri, A.; Norouzi, M.; Alsenani, Y. A new cloud-based cyber-attack detection architecture for hyper-automation process in industrial internet of things. Clust. Comput. 2024, 27, 3639–3655. [Google Scholar] [CrossRef]
  151. Ehmer, J.; Savaria, Y.; Granado, B.; David, J.P.; Denoulet, J. Network Attack Classification with a Shallow Neural Network for Internet and Internet of Things (IoT) Traffic. Electronics 2024, 13, 3318. [Google Scholar] [CrossRef]
  152. Yang, J.; Li, H.; He, L.; Xiang, T.; Jin, Y. MDADroid: A novel malware detection method by constructing functionality-API mapping. Comput. Secur. 2024, 146, 104061. [Google Scholar] [CrossRef]
  153. Ludwig, S.; Rausch, A.; Deutscher, V.; Seifried, J. Predicting problem-solving success in an office simulation applying N-grams and a random forest to behavioral process data. Comput. Educ. 2024, 218, 105093. [Google Scholar] [CrossRef]
  154. Liu, Z.; Wang, R.; Japkowicz, N.; Gomes, H.M.; Peng, B.; Zhang, W. SeGDroid: An Android malware detection method based on sensitive function call graph learning. Expert Syst. Appl. 2024, 235, 121125. [Google Scholar] [CrossRef]
  155. Sun, Y.; Zhu, D.; Wang, Y.; Fu, Y.; Tian, Z. GTC: GNN-Transformer co-contrastive learning for self-supervised heterogeneous graph representation. Neural Netw. 2025, 181, 106645. [Google Scholar] [CrossRef] [PubMed]
  156. Johnson, S.J.; Murty, M.R.; Navakanth, I. A detailed review on word embedding techniques with emphasis on word2vec. Multimed. Tools Appl. 2024, 83, 37979–38007. [Google Scholar] [CrossRef]
  157. Feng, P.; Gai, L.; Yang, L.; Wang, Q.; Li, T.; Xi, N.; Ma, J. DawnGNN: Documentation augmented windows malware detection using graph neural network. Comput. Secur. 2024, 140, 103788. [Google Scholar] [CrossRef]
  158. Huang, Y.; Liu, J.; Xiang, X.; Wen, P.; Wen, S.; Chen, Y.; Chen, L.; Zhang, Y. Malware Identification Method in Industrial Control Systems Based on Opcode2vec and CVAE-GAN. Sensors 2024, 24, 5518. [Google Scholar] [CrossRef] [PubMed]
  159. Thakur, P.; Kansal, V.; Rishiwal, V. Hybrid deep learning approach based on lstm and cnn for malware detection. Wirel. Pers. Commun. 2024, 136, 1879–1901. [Google Scholar] [CrossRef]
  160. Sun, T.; Daoudi, N.; Pian, W.; Kim, K.; Allix, K.; Bissyandé, T.F.; Klein, J. Temporal-Incremental Learning for Android Malware Detection. ACM Trans. Softw. Eng. Methodol. 2024. [Google Scholar] [CrossRef]
Applsci 15 00499 g001
Figure 1. Word cloud with IoT solutions.
Figure 1. Word cloud with IoT solutions.
Applsci 15 00499 g001
Applsci 15 00499 g002
Figure 2. Total execution times summary for the entire protocol (RAM: 16 GB, CPU cores: 8) based on [15,61,110,112,114,115,117,118,120,121,122,123,124,125,126,128,131,133,134,137].
Figure 2. Total execution times summary for the entire protocol (RAM: 16 GB, CPU cores: 8) based on [15,61,110,112,114,115,117,118,120,121,122,123,124,125,126,128,131,133,134,137].
Applsci 15 00499 g002
Applsci 15 00499 g003
Figure 3. Accuracy of proposed defense methods (horizontal bars) based on [145,147,148,150,151,152,154].
Figure 3. Accuracy of proposed defense methods (horizontal bars) based on [145,147,148,150,151,152,154].
Applsci 15 00499 g003
Table 1. Summary of the latest review connected with defense and security mechanisms in IoT.
Table 1. Summary of the latest review connected with defense and security mechanisms in IoT.
ReferenceContribution/Advantages/LimitationsYear
[4]
  • Review of network security risks in the IoT, their impacts, and risk assessment methods
  • Comprehensive review of network security risks in IoT, including risk assessment methods
  • Focused solely on network security; lacks coverage of cryptographic protocols and anomaly detection
2024
[27]
  • Survey of authentication and key agreement protocols for IPv6 over Low-Power Wireless Personal Area Network (6LoWPAN)
  • Focused on authentication and key agreement protocols for IoT in 6LoWPAN environments
  • Limited to 6LoWPAN; does not generalize to broader IoT applications
2024
[28]
  • Review of blockchain-assisted authentication and session key generation protocols for the IoT
  • Review of blockchain-assisted authentication and session key generation protocols environments
  • Limited analysis of performance metrics and scalability issues in real-world applications
2024
[29]
  • Review examines the security properties needed for IoT devices, applications, and services to mitigate vulnerabilities and successful attacks
  • Holistic review of security properties required for IoT devices and application
  • Lacks detailed discussion of advanced defense mechanisms like IDSs/IPSs
2024
[30]
  • review of security challenges and potential dangers in IoT applications, focusing on new technologies like machine learning, fog computing, edge computing, and blockchain to enhance trust in IoT applications
  • discussion of machine learning and blockchain to enhance IoT application security
  • focuses on emerging technologies without evaluating traditional solutions’ effectiveness
2024
[31]
  • Review of major IoT applications, privacy, security, and interoperability issues
  • Addresses major IoT applications, privacy, security, and interoperability issues
  • Does not provide a detailed framework for integrating these aspects into practical IoT deployments
2024
[32]
  • Review of security threats faced by IoT devices and networks, including data breaches, unauthorised access, and denial-of-service attacks
  • Covers a wide range of IoT security threats, including data breaches and DoS attacks
  • Does not provide insights into defense mechanisms for anomaly detection
2024
[33]
  • Review of cybersecurity strategies, patterns, mechanisms, performance evaluation, validation parameters, and challenges in 5G and beyond-enabled IoT studies using a taxonomy
  • Survey of cybersecurity strategies and performance evaluation in 5G-enabled IoT systems
  • Focused primarily on 5G IoT; lacks detailed evaluation of legacy IoT systems
2024
[34]
  • Survey focusing on IoT network vulnerabilities and defense mechanisms, including the impact of DDoS, data breaches, and IoT-specific attack scenarios
  • Comprehensive analysis of IoT network vulnerabilities and defense mechanisms
  • Limited focus on emerging technologies like blockchain- and AI-based detection
2023
[35]
  • Comprehensive analysis of machine learning-based intrusion detection systems for IoT communication security, emphasising classification techniques and evaluation methods
  • Comprehensive analysis of ML-based intrusion detection for IoT communication security
  • Limited coverage of cryptographic protocols and key management schemes
2023
[36]
  • Detailed review of DDoS attack techniques and mitigation strategies in IoT networks, including detection mechanisms and challenges in dynamic IoT environments
  • Detailed review of DDoS attack techniques and mitigation strategies in IoT networks
  • Primarily focuses on DDoS attacks; lacks broader perspective on other attack types
2020
[37]
  • Critical review of data security challenges in IoT environments, emphasising data integrity, confidentiality, and defense strategies to mitigate these challenges
  • Addresses data security challenges in IoT environments with mitigation strategies
  • Limited focus on protocols for securing communication or anomaly detection
2024
Table 2. Summary of platforms that support IoT environments.
Table 2. Summary of platforms that support IoT environments.
PlatformApplication, Features, Security EnhancementReferences
AWS IoT Core
  • Industrial IoT (smart factories), smart home devices, healthcare monitoring
  • Provides scalable device management, edge computing capabilities, and secure communication
  • Implementation authentication and key agreement protocols and integration of anomaly detection systems or IDSs to monitor data streams for unusual patterns
[38]
Microsoft Azure IoT
  • Predictive maintenance, healthcare data analysis, retail inventory management
  • Secure edge computing, device authentication, and robust analytics tools
  • Using additional cryptographic protocols for data encryption, deploying intrusion detection systems to protect against DDoS and replay attacks
[39,40]
Google Cloud IoT
  • Smart city infrastructure, agriculture (for example, irrigation control), and fleet management
  • Secure device connection, data processing at the edge, and scalability
  • Strengthen session key agreement mechanisms to protect against temporary parameter leakage attacks, employing IDSs to detect anomalous traffic indicative of cyber-attacks
[41]
IBM Watson IoT
  • Smart energy grids, logistics optimisation, and industrial automation
  • AI-driven insights, secure API usage, and robust analytics for IoT data
  • Deploying key agreement protocols to secure API communication, leveraging IDSs to detect and mitigate insider attacks or malicious API requests
[42]
ThingSpeak
  • Real-time IoT monitoring, academic projects, and prototyping for smart agriculture or home automation
  • Simple API for data collection and real-time visualisation
  • Using lightweight IDSs to monitor for impersonation or guessing attacks in low-power environments
[43]
Table 3. IoT vulnerabilities and attacks.
Table 3. IoT vulnerabilities and attacks.
AttackDescription and SolutionReferences
Replay attack
  • An attacker intercepts communications and re-sends recorded data to deceive the system and gain unauthorised access.
  • Solution: Implementing timestamps and nonce values in communication protocols ensures the uniqueness of each transaction and prevents reuse.
[14,80]
Man in the Middle (MITM) attacksThese are attacks where the attacker positioned between the two users intercepts the communication between them and either eavesdrops on the data in transit or alters it.[14,81]
Impersonation attacksAn attacker can also launch an attack where they claim to be some other user or device to gain access to the system.
  • Solution: Employ strong authentication mechanisms like multifactor authentication and public-key cryptography.
[17,18]
Temporary Parameter Leakage attack
  • Sensitive temporary information, such as session keys, is exposed due to improper management.
  • Solution: Use secure storage methods and regularly refresh session parameters to minimise exposure.
[82]
Physical and Modelling attacks
  • Attempts to physically compromise devices and mathematically model them to compromise security.
  • Solution: Employ tamper-proof hardware and secure boot mechanisms to protect physical devices.
[83]
Guessing attacks
  • An attacker tries guessing information like passwords or identities.
  • Solution: Enforce strong password policies, use complex keys, and implement rate-limiting on login attempts.
[19,84]
Insider attack
  • Attack carried out by people who have authorised access to a system but are using it maliciously.
  • Solution: Implement role-based access control, continuous monitoring, and regular audits of user activities.
[14]
Sensor Node Capture attacks
  • An attacker takes physical control of a sensor node and uses it to manipulate data or gain access to the network.
  • Solution: Employ data encryption and key obfuscation and ensure that captured devices cannot compromise the entire network.
[14,15,16]
Session Key Temporary Information attack
  • An attacker gains access to temporary session key data, allowing the session to be compromised later.
  • Solution: Use secure session key negotiation protocols and ephemeral key generation.
[28]
Denial of Service (DoS) attack
  • An attacker overflows the network or device with traffic, causing it to become inaccessible.
  • Solution: Implement rate-limiting, intrusion prevention systems (IPSs), and a redundant network architecture.
[85,86]
Stolen (smart card, verifier) attack
  • An attacker gains physical possession of a smart card or verifier and uses it maliciously.
  • Solution: Use biometric authentication, encrypt sensitive data on the card, and enable immediate deactivation of stolen cards.
[87]
Side-channel attack
  • An attacker uses side-channel data (for example, power consumption analysis) to guess the device’s operation or cryptographic keys.
  • Solution: Add random delays to operations and design attack-resistant hardware.
[88]
Device hijacking
  • An attacker gains unauthorised access to a device, such as cameras or locks, to gain control or steal data.
  • Solution: Using strong passwords, turning off unused services, and implementing access control lists.
[89]
Zero-day exploitsAn attacker exploits previously unknown vulnerabilities in IoT devices or their software before the manufacturer has time to develop and deploy appropriate patches. This attack can lead to device takeover, data theft, or disruption.
  • Solution: Regularly monitor threats and security updates, use anomaly detection systems (IDSs), segment the network, restrict device access, and implement zero-trust.
[90]
IoT botnets
  • An attacker takes control of weakly secured IoT devices, creating a botnet to launch DDoS attacks.
Solution: Update device firmware, use strong passwords, restrict port access, and monitor network traffic.		[91]
Table 4. Summary of protocol categories.
Table 4. Summary of protocol categories.
Protocol CategoryPapers
Authentication protocol[110,112,114,115,117,118,120,123]
Authentication and key agreement protocol[15,61,121,122,124,125,126,128,131]
Key agreement protocol[133,134,137]
Table 5. Summary of protocol approaches.
Table 5. Summary of protocol approaches.
IoT SolutionReferences
Medicine and healthcare[61,118,124,125,131,134]
Edge or cloud computing[114,133]
Crowdsourcing[110]
Smart homes[123]
Cross-domain[15,112,115,117,120,121,122,126,128,137]
Table 6. Summary of attacks targeting protocols.
Table 6. Summary of attacks targeting protocols.
PaperReplayMITMImpersonationKSKKey ExposureGuessingStolenInsiderCaptureSKTIDoSModificationTraceabilityEavesdroppingOthers
[110]+++------------
[112]++------------+
[114]+++--+--------+
[115]+------------++
[117]+-+--+++++----+
[118]--+--+---------
[121]++--------+---+
[15]-++---+-+-----+
[120]+++---------+-+
[122]+++++--++-----+
[123]+++--------++--
[124]+++-----+------
[125]-+---+-+------+
[126]+++-----+-----+
[61]++++-----------
[133]+-+---+---+--+-
[134]+++-----+------
[128]+++--+++-++--++
[137]+-+------------
[131]-+++---+------+
Table 7. The summary of security features.
Table 7. The summary of security features.
PaperIntegrityAnonymityUntraceabilityConfidentialityAuthenticitySecrecyMutual Authentication
[110]+++----
[112]+-----+
[114]+--++--
[115]-+---++
[117]--+--+-
[118]-+-----
[121]---+-+-
[15]-----+-
[120]-+---+-
[122]-------
[123]-+-----
[124]-++----
[125]-----+-
[126]-+---+-
[61]-----+-
[133]-------
[134]-++----
[128]-+++---
[137]-+---+-
[131]-++----
Table 8. Summary of anomaly and cyber-attack detection methods.
Table 8. Summary of anomaly and cyber-attack detection methods.
ReferenceMethod, AI Techniques, Environment with Datasets and Key Results or Findings
[141]
  • IDS, anomaly detection
  • GB, DT
  • IoT; NSL-KDD, BoT-IoT, IoT-23
  • Model performance measures more than 99.9%
[142]
  • DDoS attack detection
  • LSTM, CNN
  • Agriculture 4.0, CIC-DDoS2019
  • Precision 100%
[143]
  • DoS attack detection
  • DT, RF, KNN, SVM
  • IoT, IoTID20
  • Best results for DT and RF
[144]
  • anomaly detection
  • Multi-scale discrete wavelet decomposition and a dual graph attention network
  • IoT
  • The multi-head self-attention mechanism enhances the accuracy of anomaly detection by outputting prediction and reconstruction findings, while simultaneously decreasing the model parameters
[145]
  • Anomaly detection and prediction to mitigate
  • Multiple filter ensemble with a swarm-based wrapper, bagging classifier
  • IoT, NSL-KDD IDS
  • Accuracy 99.8%
[146]
  • blackhole attacks detection, attack and anomaly detection
  • K-RF means algorithm with Flawless Trust formulation
  • MANET-IoT
  • Accuracy 99.8%
[147]
  • anomaly detection
  • Wavelet transform and K-means clustering
  • Intel Berkeley Research Lab dataset
  • Accuracy 97%, fast anomaly detection
[148]
  • Anomaly detection
  • RF, KNN, SVM, and Multi-Layer Perceptron
  • Medical IoT, ICU-IOMT dataset, and the WUSTL EHMS 2020
  • Higher model performance measures compared to separately used SVM, RF, and KNN
[149]
  • anomaly detection
  • Machine learning using unsupervised learning
  • IoT, open-source datasets from Kaggle
  • Broad detection spectrum, large data requirements
[150]
  • Cyber-attack detection
  • Ensemble Bagged Trees detection
  • Industrial IoT
  • Better results than other models, suitable for large scale, optimising features, detecting different types of attacks
[151]
  • Attack detection for Shallow Neural Network
  • IoT, CIC-IDS2017
  • High efficiency, reduction of false negative detections
[152]
  • TF-IDF methodology to convert categorical data into numeric classification, avoiding data reduction and optimising storage
  • Unsupervised learning
  • Evaluated on multiple IoT malware datasets
  • Accuracy rates: 95.22%, 96.23%, 98.77%, and 99.56%, minimized information loss by avoiding feature shedding
[154]
  • FCGs, GNNs, graph pruning for reduced complexity, semantic embedding of APIs using word2vec
  • Used Android malware datasets
  • Focus on semantic attribute extraction from FCGs
  • F1-score: 98% for binary classification; 96% for family classification
  • Enhanced feature representation and model efficiency
[159]
  • Hybrid approach combining CNN, LSTM, and PCA for malware detection
  • Used public malware dataset
  • Improved precision, recall, accuracy, and F1-scores. Substantial reduction in time and resources for manual analysis
[160]
  • CIL, multimodal learning
  • Large-scale Android malware dataset created for TIML, available in open repository
  • Enhanced classification accuracy for emerging threats; demonstrated resource-efficient approaches
Table 9. Comparison of intrusion detection methods on different datasets.
Table 9. Comparison of intrusion detection methods on different datasets.
AlgorithmAccuracy [%]Precision [%]Recall [%]F1-Score [%]Training Time [s]
RF99.298.597.898.1120
CNN97.896.395.595.9320
GNN96.595.094.294.6290
Ensemble Learning98.998.798.398.5200
LSTM95.594.093.893.9400
Table 10. Comparison of proposed IoT security solutions.
Table 10. Comparison of proposed IoT security solutions.
SolutionType/Application/Advantages/Limitations
PUF-Based Authentication
  • Authentication Protocol
  • IoT in Healthcare
  • Strong anonymity, resistance to physical attacks
  • High computational requirements for resource-constrained IoT devices
Blockchain-Based Authentication
  • Authentication Protocol
  • IoT in Medical Systems
  • Data immutability, transparency, user identity protection
  • High computational and energy costs, especially in low-power IoT environments
Schnorr Signature Protocol
  • Key Agreement Protocol
  • IoT in Smart Meters
  • User privacy, untraceability, low computational complexity
  • Limited scalability in large IoT networks
Lightweight IDS with Machine Learning
  • Intrusion Detection System
  • Corporate IoT Networks
  • High accuracy in detecting threats, flexibility for new attack types
  • Requires large datasets for training, potential for false positives
TIML
  • Malware Detection System
  • Dynamic IoT Environments
  • Adaptability to changing data, high classification accuracy
  • Challenging implementation in resource-constrained environments, high resource demands for training
ECC-Based Key Agreement Protocol
  • Key Agreement Protocol
  • IoT in Decentralized Edge Computing
  • Efficient session key generation, low power consumption
  • Vulnerable to post-quantum attacks without additional safeguards
Deep Learning-Powered Authentication
  • Authentication and Key Agreement Protocol
  • IoT and LTE Systems
  • Enhanced detection rates, resistance to DoS and MITM attacks
  • Scalability and resource limitations in satellite-based systems
Advanced Hybrid Anomaly Detection
  • Anomaly Detection System
  • MANET-IoT Sensors
  • High accuracy using hybrid optimisation algorithms
  • Requires significant computational power and training complexity
Visual Cryptography-Based Authentication
  • Authentication Protocol
  • IoT Cloud Environments
  • Strong data confidentiality, integrity, and authenticity
  • Requires additional infrastructure for secure ticket generation
Quantum-Secure Key Agreement Protocol
  • Key Agreement Protocol
  • Medical IoT Environments
  • Resistance to quantum attacks, strong anonymity
  • High complexity and implementation cost in current IoT systems
AI-Enhanced IDS with Ensemble Learning
  • Intrusion Detection System
  • IoT in Critical Infrastructures
  • Superior threat detection metrics (for example, F1 score above 99%)
  • High data demands, potential overfitting on limited datasets
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Szymoniak, S.; Piątkowski, J.; Kurkowski, M. Defense and Security Mechanisms in the Internet of Things: A Review. Appl. Sci. 2025, 15, 499. https://doi.org/10.3390/app15020499

AMA Style

Szymoniak S, Piątkowski J, Kurkowski M. Defense and Security Mechanisms in the Internet of Things: A Review. Applied Sciences. 2025; 15(2):499. https://doi.org/10.3390/app15020499

Chicago/Turabian Style

Szymoniak, Sabina, Jacek Piątkowski, and Mirosław Kurkowski. 2025. "Defense and Security Mechanisms in the Internet of Things: A Review" Applied Sciences 15, no. 2: 499. https://doi.org/10.3390/app15020499

APA Style

Szymoniak, S., Piątkowski, J., & Kurkowski, M. (2025). Defense and Security Mechanisms in the Internet of Things: A Review. Applied Sciences, 15(2), 499. https://doi.org/10.3390/app15020499

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop