Next Article in Journal
Analysis of Optical Errors in Joint Fabry–Pérot Interferometer–Fourier-Transform Imaging Spectroscopy Interferometric Super-Resolution Systems
Previous Article in Journal
Classification of OCT Images of the Human Eye Using Mobile Devices
Previous Article in Special Issue
We Are Not Equipped to Identify the First Signs of Cyber–Physical Attacks: Emotional Reactions to Cybersecurity Breaches on Domestic Internet of Things Devices
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 15
Issue 6
10.3390/app15062935
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Editorial

Internet of Things (IoT) Technologies in Cybersecurity: Challenges and Opportunities

by
Grzegorz Kołaczek
Department of Computer Science and Systems Engineering, Wrocław University of Science and Technology, 50-370 Wrocław, Poland
Appl. Sci. 2025, 15(6), 2935; https://doi.org/10.3390/app15062935
Submission received: 27 February 2025 / Accepted: 6 March 2025 / Published: 8 March 2025
(This article belongs to the Special Issue Internet of Things (IoT) Technologies in Cybersecurity: Challenges and Opportunities)
Versions Notes

1. Introduction

The continuous development and increasing availability of Internet of Things (IoT) solutions have led to an era of connectivity in which everyday objects—from household appliances to industrial machines—are connected via the Internet [1]. The opportunities offered by IoT bring tangible benefits to various sectors of the economy and society, including healthcare, transport, manufacturing, and so-called smart city solutions. However, the widespread use of IoT devices and their integration with the rest of the transmission and data processing infrastructure have also expanded the surface of cyber-attacks and created new cybersecurity challenges that require detailed research and new solutions [2]. IoT devices are characterised mainly by limited computing power, memory and energy resources. These limitations make implementing traditional resource-intensive security protocols, such as encryption or complex intrusion detection systems, difficult [3]. Additionally, the heterogeneous nature of IoT environments—with devices varying widely in capabilities, operating systems, and communication protocols—makes it challenging to manage security and establish consistent protection methods effectively. As a result, diversity increases the risk of security breaches and challenges in developing and implementing scalable, universal cybersecurity solutions [4]. Another characteristic of IoT systems is their decentralisation. Decentralisation is also a significant barrier to effective real-time monitoring, detection, and threat response. It may necessitate the development of new, tiered solutions that consider both the diverse hardware and software characteristics and the distributed nature of the environment [5].
The security problems of IoT devices are also a source of inspiration related to the search for new solutions in the field of cybersecurity. The following are among the most important directions of research directly related to the development of IoT:
Improving encryption efficiency: Since most IoT devices have significantly limited resources, searching for simpler encryption methods is necessary. Such “lightweight” algorithms aim to ensure strong security for the data processed by IoT devices without negatively impacting the device’s available resources [6].
Smart threat detection using artificial intelligence methods: Despite limited resources, the large number of IoT devices and the significant amount of information generated almost continuously by these devices indicate that these data can be an excellent source for automatic analysis using machine learning methods. In particular, methods that allow for detecting unusual patterns that may signal cyber-attacks are increasingly applied in the context of cybersecurity. Machine learning has the potential to enable faster threat detection and automated security responses [7].
Blockchain and decentralised security architectures: Blockchain technology enables the establishment of decentralised trust frameworks in IoT solutions. Utilising such solutions provides the opportunity to enhance security in terms of data integrity and the secure authentication of devices in a decentralised manner without the need to rely on a single, common central source of trust. Blockchain also offers a potential solution to other issues related to cybersecurity and privacy that are inherently associated with IoT networks [8].
Among the other crucial cybersecurity research problems particularly relevant to IoT solutions is the issue of security management with the need to optimise resource utilisation. This translates into the development of optimisation techniques aimed at making it possible to define and implement security protocols so that they are both light enough for IoT devices with limited resources and resistant to sophisticated cyber-attacks [9].
Another research issue concerns standardising and enabling interoperability in the highly heterogeneous hardware and software environments of IoT systems. The challenge is to develop universal security standards that can be adapted to various IoT hardware and software environments [10].
Equally important is how new technologies, such as blockchain and artificial intelligence, can be effectively integrated into IoT security architectures to enhance overall resilience. The proper integration of such solutions is, on the one hand, a natural process driven by the availability and increasing quality of artificial intelligence or blockchain methods. Nevertheless, in the IoT context, it poses a further challenge related to the limitations of the resources that can be used, which is at odds with the standard requirements accompanying this type of solution [11].
In addition to the relatively new research areas pertaining to the security analysis of IoT systems, typical cybersecurity issues such as real-time threat detection and data privacy and integrity remain important issues that require further development [12].
In the case of incident detection, there are technological and developmental issues regarding enabling real-time monitoring and rapid response to cyber threats in decentralised IoT networks while not exceeding computational and energy capacity. Developing methods using edge computing and distributed security architectures is an important research direction in this context [13].
Moreover, in an environment characterised by intensive data collection and sharing and, at the same time, with limited computing resources, the available and widely used methods for encryption, authentication, and integrity checks are not always adequate. In particular, this problem is relevant because IoT devices often have access to sensitive and confidential data [14].

2. An Overview of Published Articles

A critical challenge in IoT networks is the secure distribution of group keys among diverse devices with limited computing resources. Thus, researchers of a previous study developed a centralised management framework built on software-defined networking (SDN) and incorporated a modified one-way function tree (MOFT) protocol to address this. The presented approach protects against collusion attacks and achieves significant efficiency gains, reducing communication overhead by 39% compared to conventional OFT methods. The researchers validated their solution through formal security analysis, demonstrating effective collusion resistance while maintaining optimal computational efficiency [15].
To enhance the security of vehicle-to-infrastructure (V2I) communication, a new authentication method for the Internet of Vehicles has been developed. This method utilizes public key cryptography but improves efficiency by integrating Elliptic Curve Cryptography (ECC), fuzzy extractors, and Physical Unclonable Functions (PUFs), thus avoiding computationally intensive bilinear pairings. The protocol is engineered to withstand side-channel attacks and capture attempts made by the Road Side Unit (RSU). Furthermore, incorporating Diffie–Hellman values achieves perfect forward secrecy. The result is a demonstrably secure protocol, proven under the random oracle model, that offers reduced computational demands and communication overhead compared to similar authentication schemes [16].
The critical need for secure and efficient authentication protocols in underwater acoustic networks (UANs) has been addressed through novel research. UANs, which are deployed for marine resource management, have been identified as vulnerable to attacks due to energy limitations and susceptibility to capture. A lightweight authentication protocol for UANs was proposed with the objective of resisting sensor and gateway capture during attacks. Enhanced security and efficiency, compared to existing schemes, were achieved through a protocol that was developed based on Physical Unclonable Functions (PUFs) and chaotic maps. The security of the proposed protocol was formally proven in the random oracle model, and its performance was demonstrated to be suitable for the resource-constrained nature of UANs. The implications for broader IoT security have been highlighted, as the challenges faced in underwater sensor networks mirror those encountered in many resource-limited IoT devices deployed in hostile environments. The presented approach to authentication in constrained environments can be considered valuable for informing security designs across various IoT applications where devices are subjected to similar constraints and threats [17].
To address the growing security challenges in Internet of Things (IoT) networks, particularly the need for effective intrusion detection, the new Collaborative Intrusion Detection System (CIDS) has been introduced. The proposed CIDS is designed for IoT’s hierarchical structure, utilising an edge–fog–cloud architecture combined with Federated Learning (FL). The research demonstrates significant advantages by training the system in a distributed manner using Federated Learning on a portion of the CICIoT2023 dataset (specifically, a labelled non-independent and identically distributed (non-IID) subset). The CIDS achieves reduced latency and lower resource usage while preserving the accuracy of intrusion detection. The study also provides a performance benchmark, showcasing that this approach leads to better results, such as shorter training times and decreased network traffic, compared with traditional, centralised learning-based intrusion detection models [18].
Due to the widespread use of IoT devices in daily and professional lives, the necessity of ensuring their security is emphasised. An automated system has been created to build a detailed database called VARIoT to address the need for better vulnerability information for IoT devices. This system uses natural language processing, machine learning, and specialised filters to automatically gather vulnerability descriptions and link them to exploit code from various unstructured sources. The system effectively categorizes vulnerabilities and assigns confidence scores, enabling users to pinpoint critical security flaws, even when product details are unclear or lacking [19].
Another application context of IoT systems is the Web of Things (WoT). A detailed analysis has been conducted to examine WoT’s security thoroughly. This analysis involved creating threat models, identifying various types of attacks—from denial-of-service and man-in-the-middle attacks to injection and physical attacks—and suggesting defensive strategies. These defences include robust authentication, data encryption, and isolation methods. System architecture and potential attack situations are visualised using UML and sequence diagrams. The result of this work is a proposed security architecture that can serve as a reference for WoT environments [20].
Another problem explored in the context of IoT is how people emotionally react to cybersecurity breaches affecting different smart home devices. Through an online study and a real-world field experiment, the researchers used a specific questionnaire to measure the strength of emotions, how people were inclined to act, and the type of reactions (cognitive/motivational vs. purely emotional). The paper’s key findings show that when breached, smart cameras cause the most potent emotional responses. Furthermore, the study suggests that being aware of security breaches influences the intensity of emotional reactions [21].

3. Conclusions

Developing new services within the Internet of Things heavily relies on addressing security challenges and discovering novel solutions across diverse applications. The presented research studies embarked on key issues by exploring resource limitations and decentralised systems, and proposing a software-defined network approach for efficient group key management. Improved authentication methods for vehicle-to-infrastructure communication are also introduced, utilising efficient cryptography and physically unclonable functions. Moreover, proactive security is advanced through a collaborative intrusion detection system based on Federated Learning alongside an automated vulnerability database for enhanced threat detection. Finally, the human aspect of IoT security is considered by investigating user emotional reactions to security incidents, emphasising the broader implications of cybersecurity in connected environments.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Atzori, L.; Iera, A.; Morabito, G. The Internet of Things: A Survey. Comput. Netw. 2010, 54, 2787–2805. [Google Scholar] [CrossRef]
  2. Weber, R.H. Internet of Things—New Security and Privacy Challenges. Comput. Law Secur. Rev. 2010, 26, 23–30. [Google Scholar] [CrossRef]
  3. Khanam, S.; Shapla, S.; Ali, M.S.; Hossain, M.S.; Ahamad, M.S.; Rahman, M.M. A survey of security challenges, attacks taxonomy and advanced countermeasures in the internet of things. IEEE Access 2020, 8, 219709–219743. [Google Scholar] [CrossRef]
  4. Baker, S.A.; Nori, A.S. Internet of Things Security: A Survey. In Advances in Cyber Security, Proceedings of the Second International Conference, ACeS 2020, Penang, Malaysia, 8–9 December 2020; Revised Selected Papers 2; Springer: Singapore, 2021; pp. 95–117. [Google Scholar]
  5. Campos, E.M.; Saura, P.F.; González-Vidal, A.; Hernández-Ramos, J.L.; Bernabé, J.B.; Baldini, G.; Skarmeta, A. Evaluating Federated Learning for Intrusion Detection in Internet of Things: Review and Challenges. Comput. Netw. 2022, 203, 108661. [Google Scholar] [CrossRef]
  6. Katagi, M.; Moriai, S. Lightweight Cryptography for the Internet of Things; Sony Corporation: Tokyo, Japan, 2008; pp. 7–10. [Google Scholar]
  7. Summerville, D.H.; Zach, K.M.; Chen, Y. Ultra-Lightweight Deep Packet Anomaly Detection for Internet of Things Devices. In Proceedings of the 2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC), Nanjing, China, 14–16 December 2015; pp. 1–8. [Google Scholar]
  8. Qian, Y.; Jiang, Y.; Chen, J.; Zhang, Y.; Song, J.; Zhou, M.; Pustišek, M. Towards Decentralized IoT Security Enhancement: A Blockchain Approach. Comput. Electr. Eng. 2018, 72, 266–273. [Google Scholar] [CrossRef]
  9. Hellaoui, H.; Koudil, M.; Bouabdallah, A. Energy-Efficient Mechanisms in Security of the Internet of Things: A Survey. Comput. Netw. 2017, 127, 173–189. [Google Scholar] [CrossRef]
  10. Ishaq, I.; Carels, D.; Teklemariam, G.K.; Hoebeke, J.; Van den Abeele, F.; De Poorter, E.; Demeester, P. IETF Standardization in the Field of the Internet of Things (IoT): A Survey. J. Sens. Actuator Netw. 2013, 2, 235–287. [Google Scholar] [CrossRef]
  11. Bothra, P.; Karmakar, R.; Bhattacharya, S.; De, S. How Can Applications of Blockchain and Artificial Intelligence Improve Performance of Internet of Things?––A Survey. Comput. Netw. 2023, 224, 109634. [Google Scholar] [CrossRef]
  12. Yang, Y.; Wu, L.; Yin, G.; Li, L.; Zhao, H. A Survey on Security and Privacy Issues in Internet-of-Things. IEEE Internet Things J. 2017, 4, 1250–1258. [Google Scholar] [CrossRef]
  13. Elmassik, Z. Edge Computing in the Internet of Things: A Survey. Authorea Prepr. 2023. [Google Scholar] [CrossRef]
  14. Obaidat, M.A.; Obeidat, S.; Holst, J.; Al Hayajneh, A.; Brown, J. A Comprehensive and Systematic Survey on the Internet of Things: Security and Privacy Challenges, Security Frameworks, Enabling Technologies, Threats, Vulnerabilities and Countermeasures. Computers 2020, 9, 44. [Google Scholar] [CrossRef]
  15. Taurshia, A.; Kathrine, J.W.; Andrew, J.; Eunice R, J. Securing Internet of Things Applications Using Software-Defined Network-Aided Group Key Management with a Modified One-Way Function Tree. Appl. Sci. 2024, 14, 2405. [Google Scholar] [CrossRef]
  16. Xie, Q.; Huang, J. Improvement of a Conditional Privacy-Preserving and Desynchronization-Resistant Authentication Protocol for IoV. Appl. Sci. 2024, 14, 2451. [Google Scholar] [CrossRef]
  17. Xie, Q.; Yao, Y. PUF and Chaotic Map-Based Authentication Protocol for Underwater Acoustic Networks. Appl. Sci. 2024, 14, 5400. [Google Scholar] [CrossRef]
  18. Wardana, A.A.; Kołaczek, G.; Sukarno, P. Lightweight, Trust-Managing, and Privacy-Preserving Collaborative Intrusion Detection for Internet of Things. Appl. Sci. 2024, 14, 4109. [Google Scholar] [CrossRef]
  19. Felkner, A.; Adamski, J.; Koman, J.; Rytel, M.; Janiszewski, M.; Lewandowski, P.; Pachnia, R.; Nowakowski, W. Vulnerability and Attack Repository for IoT: Addressing Challenges and Opportunities in Internet of Things Vulnerability Databases. Appl. Sci. 2024, 14, 10513. [Google Scholar] [CrossRef]
  20. Albarrak, K.M. Securing the Future of Web-Enabled IoT: A Critical Analysis of Web of Things Security. Appl. Sci. 2024, 14, 10867. [Google Scholar] [CrossRef]
  21. Budimir, S.; Fontaine, J.R.J.; Huijts, N.M.A.; Haans, A.; IJsselsteijn, W.A.; Oostveen, A.-M.; Stahl, F.; Heartfield, R.; Loukas, G.; Bezemskij, A.; et al. We Are Not Equipped to Identify the First Signs of Cyber–Physical Attacks: Emotional Reactions to Cybersecurity Breaches on Domestic Internet of Things Devices. Appl. Sci. 2024, 14, 11855. [Google Scholar] [CrossRef]
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Kołaczek, G. Internet of Things (IoT) Technologies in Cybersecurity: Challenges and Opportunities. Appl. Sci. 2025, 15, 2935. https://doi.org/10.3390/app15062935

AMA Style

Kołaczek G. Internet of Things (IoT) Technologies in Cybersecurity: Challenges and Opportunities. Applied Sciences. 2025; 15(6):2935. https://doi.org/10.3390/app15062935

Chicago/Turabian Style

Kołaczek, Grzegorz. 2025. "Internet of Things (IoT) Technologies in Cybersecurity: Challenges and Opportunities" Applied Sciences 15, no. 6: 2935. https://doi.org/10.3390/app15062935

APA Style

Kołaczek, G. (2025). Internet of Things (IoT) Technologies in Cybersecurity: Challenges and Opportunities. Applied Sciences, 15(6), 2935. https://doi.org/10.3390/app15062935

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop