Article

Security requirements and technologies for the internet of things (IOT) applications: A systematic literature review

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

Security requirement is one of the most important intangible requirements which could be taken as a burden on the smooth functioning of the system or application. Requirements engineers without expertise in security are at risk of overlooking security requirement, which frequently leads to the act of misuse. This study plans to identify the security requirements and technologies being used in IoT applications. We conducted a systematic literature review in order to identify and analyse related literature on elicitation of security requirements for IoT applications. We found that the most used technologies for IoT applications are sensors, mobility networks, RFID systems, WiFi, Bluetooth and Zigbee and the security requirements that are relevant for IoT applications are authentication, confidentiality, integrity, authorization, access control and availability. Finally, the characteristics and properties of the security requirements and technologies were also discussed. It can be concluded that the primary challenge of security requirements is to identify the most appropriate security requirements. Furthermore, requirement engineers should consider challenges posed by security requirements such as to analyse and develop security requirements for IoT applications. In addition, right security requirements for IoT applications should be recognized at the early phase of IoT applications development.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Therefore, when designing the size of the management table and other system capacity-related settings, it is necessary to consider the expected increase in the number of connected devices. In the development of IoT application such as logistic and lifetime management, agriculture and breeding, smart mobility and smart tourism, smart grid, smart building and many others [3] [4], security requirements are very important. It is because in today's world of daily virus alerts, malicious crackers and various other threats of cyber terrorism it is very difficult to make the application development successful. ...
... Thus, the requirement engineer ends up specifying architectural and behavioral constraints rather than actual security requirements. To elicit these security requirements the engineer must have a clear understanding of various types of security requirements such as, authentication, confidentiality, integrity, authorization, access control, and availability [3] etc. Likewise, we feel that there must be a well-defined process for eliciting security requirements so that there is no other constraint for the design and implementation team of the application. ...
... Adding intelligence capabilities to various IoT industry could provide increased life quality for the sick and elderly, for example. Much of the attention in research has revolved around wireless technologies that are supportive of remote data control, sensing, and transfer, such as mobile networks, RFID, Wi-Fi, and Bluetooth, [3] which have been used to embed intelligence into the environment. Our previous study [21] has demonstrate the use of IoT security library to elicit security requirements based on Smart Parking System scenario. ...
Article
Full-text available
Requirement elicitation is important to ensure correct requirements are elicit for application development. Wrong elicitation decision leads to a software failure. The most common challenges task is to ensure consistent requirements are elicit between engineers and the users. Most requirements engineers face difficulties to fulfill the consistency with clients especially in eliciting IoT security requirements as it involves many components such as devices, domains and security attributes. Addition to this, the engineers also need to have security knowledge and understand the background and standard related to security for the business requirements. These constraints resulted to eliciting poor quality security requirements that leads to insecure application development. In this paper, we propose our elicitation approach for security requirements by using Essential Use Cases (EUCs) and describe an example usage of eliciting security requirements for Internet of Thing (IoT) applications by using an Essential Use Case (EUC). It is found that EUCs to enhance the process of eliciting security requirements to produce accurate and complete security requirements for IoT applications.
... The reliability achieved has allowed researchers to enlarge the view of the big picture of the Internet of Things (IoT) (Da Xu et al., 2014 ;Shammar & Zahary, 2019) and other related technologies, such as Wireless Sensor Networks (Landaluce et al., 2020) and Blockchain (Ahamed et al., 2020 ;Sidorov et al., 2019 ;van Hoek, 2019). Surely increasing stress on security has to be applied for suitable trustworthiness of systems (Alotaibi, 2019 ;Ibrahim & Kamalrudin, 2018 ;Niraja & Rao, 2020 ...
... The reliability achieved has allowed researchers to enlarge the view to the big picture of the Internet of Things (IoT) (Da Xu et al., 2014;Shammar & Zahary, 2019) and other related technologies, such as Wireless Sensor Networks (Landaluce et al., 2020) and Blockchain (Ahamed et al., 2020;Sidorov et al., 2019;van Hoek, 2019). Surely an increasing stress on security has to be applied for suitable trustworthiness of systems (Alotaibi, 2019;Ibrahim & Kamalrudin, 2018;Niraja & Rao, 2020). ...
Chapter
Full-text available
The digitalisation or virtualisation of lab equipment in higher education promises numerous benefits for all those involved. Economic benefits from sharing lab infrastructures, convenient remote access to labs anytime and anywhere, as well as the sharing and linking of lab-based lectures are just some of the advantages that come to mind when thinking of online lab infrastructures. However, the technical, didactical and organisational effort required to digitalise labs should not be underestimated. The different chapters of this book provide insights into these different aspects from the perspectives of both researchers and lecturers. With contributions by Hadi Adineh, Tobias Ableitner, Majsa Ammouriova, Jannicke Baalsrud Hauge, Massimo Bertolini, Martin Burghardt, Michael Canz, Juliana Castaneda, Jens Doveren, Matthias Ehlenz, Thomas Eppler, Giovanni Esposito, Peter Ferdinand, Matas Führer, Jens Glembin, Myriam Guedey, Felix Gers, Yasmin Hayat, Roland Heinrich, Karsten Henke, Clara Henkel, Birte Heinemann, Nils Höhner, Andrej Itrich, Marc Philipp Jensen, Valentin Kammerlohr, Rushed Kanawati, Abdelmajid Khelil, Michael Klein, Sebastian Koch, Johannes Kretzschmar, Jean-Vincent Loddo, Davide Mezzogori, Johannes Nau, Mattia Neroni, David Paradice, Angel A. Juan Perez, Anke Pfeiffer, Tobias Christian Piller, Paul Press, Steffen Prowe, Giovanni Romagnoli, Benedikt Reuter, Davide Reverberi, Peter Rödler, David Romero, David Schepkowski, Ulrik Schroeder, Jan Seedorf, Detlef Streitferdt, Peter Treffinger, Dieter Uckelmann and Gottfried Zimmermann.
... Massis (2016) explored the potential impact of the IoT on the library from the security and privacy points of view and proposed the "security of things" and security management approaches. Ibrahim and Kamalrudin (2018) analyzed the security requirement for IoT application in libraries and proposed a method to identify security concern with IoT application. Renold and Rani (2013) designed a system with RFID technology for the use of library management such as stock management, tracing misplaced and misshelved books, and promoting easy access to library materials. ...
Article
Full-text available
In an increasingly globalized and knowledge-based economy, this study aimed to investigate the adoption of modern technologies for effective knowledge sharing and enhancing knowledge access in academic libraries. The study was underpinned by the organizational knowledge creation theory (OKCT) and knowledge sharing model. The findings reveal that although modern technologies, such as the internet of things (IoT) and blockchain technologies, have been seen as suitable knowledge sharing strategies by many institutions, the level of their adoption is still low in academic libraries in South Africa, especially in the area of knowledge management. Several recommendations are thus made, and among others are the improvement of technology infrastructure and the enactment of policies for promoting knowledge management and sharing.
... Numerous authors have delved into the security considerations of different IoT frameworks [43], [44], as well as relevant security issues pertaining to IoT architectures [45], [46] and communication protocols [47]. Additionally, studies have emphasized the significance of accurately defining security requirements for IoT applications [48]. ...
Article
In the present day's rapidly growing healthcare sector, securing the security of sensitive information has become a major responsibility for both healthcare organizations and individuals alike. As the industry continues to adopt innovative medical equipment and healthcare apps to enhance patient care, it also becomes a prime target for malicious hackers. One of the most concerning threats is the stealthy attacks on healthcare data. Once hackers gain access to a network, they may deploy malicious programs or ransomware, effectively locking down critical services or encrypting files until a ransom is paid. While ransomware attacks are prevalent, the risks extend further to encompass network-connected devices. In some instances that use IoT (Internet of Things), these devices can be hijacked and manipulated to distribute incorrect medications or tamper with critical machine functionalities. To safeguard valuable patient data and maintain the integrity of healthcare services, there is an urgent need to implement robust cybersecurity measures in the industry. In the vast realm of modern healthcare, data about individual patients is collected from a myriad of sources, such as hospital and laboratory records, insurance records, fitness apps, trackers and gadgets, health portals, and more. Safeguarding this valuable patient information is of utmost importance, and cybersecurity technology emerges as a potent solution. Throughout our study, we uncover the diverse applications of cybersecurity in the healthcare domain, identifying key areas where its implementation proves crucial. From data protection to safeguarding sensitive medical records, cybersecurity plays a vital role in fortifying the healthcare landscape against potential threats.
... Numerous authors have delved into the security considerations of different IoT frameworks [43], [44], as well as relevant security issues pertaining to IoT architectures [45], [46] and communication protocols [47]. Additionally, studies have emphasized the significance of accurately defining security requirements for IoT applications [48]. ...
Research
In the present day's rapidly growing healthcare sector, securing the security of sensitive information has become a major responsibility for both healthcare organizations and individuals alike. As the industry continues to adopt innovative medical equipment and healthcare apps to enhance patient care, it also becomes a prime target for malicious hackers. One of the most concerning threats is the stealthy attacks on healthcare data. Once hackers gain access to a network, they may deploy malicious programs or ransomware, effectively locking down critical services or encrypting files until a ransom is paid. While ransomware attacks are prevalent, the risks extend further to encompass network-connected devices. In some instances that use IoT (Internet of Things), these devices can be hijacked and manipulated to distribute incorrect medications or tamper with critical machine functionalities. To safeguard valuable patient data and maintain the integrity of healthcare services, there is an urgent need to implement robust cybersecurity measures in the industry. In the vast realm of modern healthcare, data about individual patients is collected from a myriad of sources, such as hospital and laboratory records, insurance records, fitness apps, trackers and gadgets, health portals, and more. Safeguarding this valuable patient information is of utmost importance, and cybersecurity technology emerges as a potent solution. Throughout our study, we uncover the diverse applications of cybersecurity in the healthcare domain, identifying key areas where its implementation proves crucial. From data protection to safeguarding sensitive medical records, cybersecurity plays a vital role in fortifying the healthcare landscape against potential threats.
... In particular, several authors cover the security aspects of various IoT frameworks [24], [25] and relevant security issues of IoT architectures [4], [26], [27] and communication protocols [28]. Some studies have also highlighted the importance of properly defining security requirements for IoT applications [29], [30]. ...
Article
Full-text available
The Internet of Medical Things (IoMT) has revolutionized health care services by providing significant benefits in terms of patient well being and relevant costs. Traditional risk assessment methodologies, however, cannot be effectively applied in the IoMT context since IoMT devices form part of a distributed and trustless environment and naturally support functionalities that favor reliability and usability instead of security. In this work we present a survey of risk assessment and mitigation methodologies for IoMT. For conducting the survey, we assess two streams of literature. First, we systematically review and classify the current scientific research in IoMT risk assessment methodologies. Second, we review existing standards/best practices for IoMT security assessment and mitigation in order to i) provide a comparative assessment of these standards/best practices on the basis of predefined criteria (scope and/or coverage, maturity level, and relevant risk methodology applied) and ii) identify common themes for IoMT security controls. Based on the analysis, we provide various IoMT research and implementation gaps along with a road map of fruitful areas for future research. The paper could be of significant value to security assessment researchers and policymakers/stakeholders in the health care industry.
... Massis (2016) explored the potential impact of IoT on the library from the security and privacy points of view and proposed the Security of Things and security management approaches. Ibrahim and Kamalrudin (2018) analysed the security requirement for IoT application in libraries and proposed a method to identify the security concern with IoT application. Renold and Rani (2013) designed a system with RFID technology for the use of library management such as stock management, tracing misplaced and mis-shelved books, and promoting easy access to library materials. ...
Article
Many organisations, including libraries and information centres are struggling to manage their records. Effective management of records ensures the public library’s ability to function effectively and provides documentary evidence of scholars and citizens. Recently, modern technologies such as blockchain, cloud computing and Internet of Things (IoT) have increasingly been adopted by various organisations to manage records while other organisations are slow to adopt them. Public libraries are positioning themselves to take this advantage by implementing innovative technologies to manage their records. This study utilised literature review to investigate the application of modern technologies in managing records in public libraries with the view to highlight how these technologies can revolutionise library practices. The study established that although public libraries acknowledge the importance of modern technologies such as blockchain, cloud computing and Internet of Things in managing their records, these technologies are being slowly adopted due to lack of information technology infrastructure, technical support, and knowledge and skills. Therefore, all these challenges made it difficult for librarians and information professionals to maximise the benefits of these technologies and they struggle to see how these technologies can be incorporated into their institutions. Public libraries thus need to better understand best practices for records management, which may go a long way in influencing library policy to support records-management processes. The study recommends that public libraries consider exploring collaborating with other sectors such as archival services to implement modern technologies for the purpose of managing records.
Article
Full-text available
Smart electronic devices and gadgets and their applications are becoming more and more popular. Most of those devices and their applications handle personal, financial, medical and other sensitive data that require security and privacy protection. In this paper we describe one aspect of such protection – user authentication protocol based on the use of X.509 certificates. The system uses Public Key Infrastructure (PKI), challenge/response protocol, mobile proxy servers, and Java cards with crypto capabilities used as a Secure Element. Innovative design of the protocol, its implementation, and evaluation results are described. In addition to end-user authentication, the described solution also supports the use of X.509 certificates for additional security services – confidentiality, integrity, and non-repudiation of transactions and data in an open network environment The system uses Application Programming Interfaces (APIs) to access Java cards functions and credentials that can be used as add-ons to enhance any mobile application with security features and services.